2 * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "ciphers_locl.h"
11 #include "internal/aes_platform.h"
13 static const PROV_GCM_HW aes_gcm;
15 static int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen);
16 static int gcm_aad_update(PROV_GCM_CTX *ctx, const unsigned char *aad,
18 static int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag);
19 static int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
20 const unsigned char *in, size_t in_len,
21 unsigned char *out, unsigned char *tag, size_t tag_len);
22 static int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
23 size_t len, unsigned char *out);
25 #define SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \
27 fn_set_enc_key(key, keylen * 8, ks); \
28 CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \
29 ctx->ctr = (ctr128_f)fn_ctr; \
32 #if defined(AESNI_CAPABLE)
35 static int aesni_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key,
38 PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
39 AES_KEY *ks = &actx->ks.ks;
41 SET_KEY_CTR_FN(ks, aesni_set_encrypt_key, aesni_encrypt,
42 aesni_ctr32_encrypt_blocks);
46 static const PROV_GCM_HW aesni_gcm = {
55 const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
57 return AESNI_CAPABLE ? &aesni_gcm : &aes_gcm;
60 #elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
62 /* Fujitsu SPARC64 X support */
64 static int t4_aes_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key,
68 PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
69 AES_KEY *ks = &actx->ks.ks;
74 ctr = (ctr128_f)aes128_t4_ctr32_encrypt;
77 ctr = (ctr128_f)aes192_t4_ctr32_encrypt;
80 ctr = (ctr128_f)aes256_t4_ctr32_encrypt;
86 SET_KEY_CTR_FN(ks, aes_t4_set_encrypt_key, aes_t4_encrypt, ctr);
90 static const PROV_GCM_HW t4_aes_gcm = {
98 const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
100 return SPARC_AES_CAPABLE ? &t4_aes_gcm : &aes_gcm;
103 #elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
104 # include "gcm_s390x.c"
106 const PROV_GCM_HW *PROV_AES_HW_gcm(size_t keybits)
112 static int generic_aes_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key,
115 PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
116 AES_KEY *ks = &actx->ks.ks;
118 # ifdef HWAES_CAPABLE
120 # ifdef HWAES_ctr32_encrypt_blocks
121 SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt,
122 HWAES_ctr32_encrypt_blocks);
124 SET_KEY_CTR_FN(ks, HWAES_set_encrypt_key, HWAES_encrypt, NULL);
125 # endif /* HWAES_ctr32_encrypt_blocks */
127 # endif /* HWAES_CAPABLE */
129 # ifdef BSAES_CAPABLE
131 SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt,
132 bsaes_ctr32_encrypt_blocks);
134 # endif /* BSAES_CAPABLE */
136 # ifdef VPAES_CAPABLE
138 SET_KEY_CTR_FN(ks, vpaes_set_encrypt_key, vpaes_encrypt, NULL);
140 # endif /* VPAES_CAPABLE */
144 SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, AES_ctr32_encrypt);
146 SET_KEY_CTR_FN(ks, AES_set_encrypt_key, AES_encrypt, NULL);
147 # endif /* AES_CTR_ASM */
153 static int gcm_setiv(PROV_GCM_CTX *ctx, const unsigned char *iv, size_t ivlen)
155 CRYPTO_gcm128_setiv(&ctx->gcm, iv, ivlen);
159 static int gcm_aad_update(PROV_GCM_CTX *ctx,
160 const unsigned char *aad, size_t aad_len)
162 return CRYPTO_gcm128_aad(&ctx->gcm, aad, aad_len) == 0;
165 static int gcm_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
166 size_t len, unsigned char *out)
169 if (ctx->ctr != NULL) {
170 #if defined(AES_GCM_ASM)
173 if (len >= 32 && AES_GCM_ASM(ctx)) {
174 size_t res = (16 - ctx->gcm.mres) % 16;
176 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, res))
178 bulk = aesni_gcm_encrypt(in + res, out + res, len - res,
180 ctx->gcm.Yi.c, ctx->gcm.Xi.u);
181 ctx->gcm.len.u[1] += bulk;
184 if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
185 len - bulk, ctx->ctr))
188 if (CRYPTO_gcm128_encrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
190 #endif /* AES_GCM_ASM */
192 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
196 if (ctx->ctr != NULL) {
197 #if defined(AES_GCM_ASM)
200 if (len >= 16 && AES_GCM_ASM(ctx)) {
201 size_t res = (16 - ctx->gcm.mres) % 16;
203 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
206 bulk = aesni_gcm_decrypt(in + res, out + res, len - res,
208 ctx->gcm.Yi.c, ctx->gcm.Xi.u);
209 ctx->gcm.len.u[1] += bulk;
212 if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in + bulk, out + bulk,
213 len - bulk, ctx->ctr))
216 if (CRYPTO_gcm128_decrypt_ctr32(&ctx->gcm, in, out, len, ctx->ctr))
218 #endif /* AES_GCM_ASM */
220 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
227 static int gcm_cipher_final(PROV_GCM_CTX *ctx, unsigned char *tag)
230 CRYPTO_gcm128_tag(&ctx->gcm, tag, GCM_TAG_MAX_SIZE);
231 ctx->taglen = GCM_TAG_MAX_SIZE;
234 || CRYPTO_gcm128_finish(&ctx->gcm, tag, ctx->taglen) != 0)
240 static int gcm_one_shot(PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len,
241 const unsigned char *in, size_t in_len,
242 unsigned char *out, unsigned char *tag, size_t tag_len)
247 if (!ctx->hw->aadupdate(ctx, aad, aad_len))
249 if (!ctx->hw->cipherupdate(ctx, in, in_len, out))
251 ctx->taglen = GCM_TAG_MAX_SIZE;
252 if (!ctx->hw->cipherfinal(ctx, tag))
260 static const PROV_GCM_HW aes_gcm = {
261 generic_aes_gcm_init_key,
269 #if !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE)
271 static int aria_gcm_init_key(PROV_GCM_CTX *ctx, const unsigned char *key,
274 PROV_ARIA_GCM_CTX *actx = (PROV_ARIA_GCM_CTX *)ctx;
275 ARIA_KEY *ks = &actx->ks.ks;
277 SET_KEY_CTR_FN(ks, aria_set_encrypt_key, aria_encrypt, NULL);
281 static int aria_cipher_update(PROV_GCM_CTX *ctx, const unsigned char *in,
282 size_t len, unsigned char *out)
285 if (CRYPTO_gcm128_encrypt(&ctx->gcm, in, out, len))
288 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, len))
294 static const PROV_GCM_HW aria_gcm = {
302 const PROV_GCM_HW *PROV_ARIA_HW_gcm(size_t keybits)
307 #endif /* !defined(OPENSSL_NO_ARIA) && !defined(FIPS_MODE) */