Coverage Report

Created: 2024-11-21 07:03

/src/libgcrypt/cipher/camellia-glue.c
Line
Count
Source (jump to first uncovered line)
1
/* camellia-glue.c - Glue for the Camellia cipher
2
 * Copyright (C) 2007 Free Software Foundation, Inc.
3
 *
4
 * This file is part of Libgcrypt.
5
 *
6
 * Libgcrypt is free software; you can redistribute it and/or modify
7
 * it under the terms of the GNU Lesser General Public License as
8
 * published by the Free Software Foundation; either version 2.1 of
9
 * the License, or (at your option) any later version.
10
 *
11
 * Libgcrypt is distributed in the hope that it will be useful,
12
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14
 * GNU Lesser General Public License for more details.
15
 *
16
 * You should have received a copy of the GNU Lesser General Public
17
 * License along with this program; if not, see <https://www.gnu.org/licenses/>.
18
 * SPDX-License-Identifier: LGPL-2.1-or-later
19
 */
20
21
/* I put all the libgcrypt-specific stuff in this file to keep the
22
   camellia.c/camellia.h files exactly as provided by NTT.  If they
23
   update their code, this should make it easier to bring the changes
24
   in. - dshaw
25
26
   There is one small change which needs to be done: Include the
27
   following code at the top of camellia.h: */
28
#if 0
29
30
/* To use Camellia with libraries it is often useful to keep the name
31
 * space of the library clean.  The following macro is thus useful:
32
 *
33
 *     #define CAMELLIA_EXT_SYM_PREFIX foo_
34
 *
35
 * This prefixes all external symbols with "foo_".
36
 */
37
#ifdef HAVE_CONFIG_H
38
#include <config.h>
39
#endif
40
#ifdef CAMELLIA_EXT_SYM_PREFIX
41
#define CAMELLIA_PREFIX1(x,y) x ## y
42
#define CAMELLIA_PREFIX2(x,y) CAMELLIA_PREFIX1(x,y)
43
#define CAMELLIA_PREFIX(x)    CAMELLIA_PREFIX2(CAMELLIA_EXT_SYM_PREFIX,x)
44
#define Camellia_Ekeygen      CAMELLIA_PREFIX(Camellia_Ekeygen)
45
#define Camellia_EncryptBlock CAMELLIA_PREFIX(Camellia_EncryptBlock)
46
#define Camellia_DecryptBlock CAMELLIA_PREFIX(Camellia_DecryptBlock)
47
#define camellia_decrypt128   CAMELLIA_PREFIX(camellia_decrypt128)
48
#define camellia_decrypt256   CAMELLIA_PREFIX(camellia_decrypt256)
49
#define camellia_encrypt128   CAMELLIA_PREFIX(camellia_encrypt128)
50
#define camellia_encrypt256   CAMELLIA_PREFIX(camellia_encrypt256)
51
#define camellia_setup128     CAMELLIA_PREFIX(camellia_setup128)
52
#define camellia_setup192     CAMELLIA_PREFIX(camellia_setup192)
53
#define camellia_setup256     CAMELLIA_PREFIX(camellia_setup256)
54
#endif /*CAMELLIA_EXT_SYM_PREFIX*/
55
56
#endif /* Code sample. */
57
58
59
#include <config.h>
60
#include "types.h"
61
#include "g10lib.h"
62
#include "cipher.h"
63
#include "camellia.h"
64
#include "bufhelp.h"
65
#include "cipher-internal.h"
66
#include "bulkhelp.h"
67
68
/* Helper macro to force alignment to 16 bytes.  */
69
#ifdef HAVE_GCC_ATTRIBUTE_ALIGNED
70
# define ATTR_ALIGNED_16  __attribute__ ((aligned (16)))
71
#else
72
# define ATTR_ALIGNED_16
73
#endif
74
75
/* USE_AESNI inidicates whether to compile with Intel AES-NI/AVX code. */
76
#undef USE_AESNI_AVX
77
#if defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT)
78
# if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
79
     defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
80
#  define USE_AESNI_AVX 1
81
# endif
82
#endif
83
84
/* USE_AESNI_AVX2 inidicates whether to compile with Intel AES-NI/AVX2 code. */
85
#undef USE_AESNI_AVX2
86
#if defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX2_SUPPORT)
87
# if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
88
     defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS))
89
#  define USE_AESNI_AVX2 1
90
# endif
91
#endif
92
93
/* USE_VAES_AVX2 inidicates whether to compile with Intel VAES/AVX2 code. */
94
#undef USE_VAES_AVX2
95
#if defined(USE_AESNI_AVX2) && defined(HAVE_GCC_INLINE_ASM_VAES_VPCLMUL)
96
# define USE_VAES_AVX2 1
97
#endif
98
99
/* USE_GFNI_AVX2 inidicates whether to compile with Intel GFNI/AVX2 code. */
100
#undef USE_GFNI_AVX2
101
#if defined(USE_AESNI_AVX2) && defined(ENABLE_GFNI_SUPPORT)
102
# define USE_GFNI_AVX2 1
103
#endif
104
105
/* USE_GFNI_AVX512 inidicates whether to compile with Intel GFNI/AVX512 code. */
106
#undef USE_GFNI_AVX512
107
#if defined(USE_GFNI_AVX2) && defined(ENABLE_AVX512_SUPPORT)
108
# define USE_GFNI_AVX512 1
109
#endif
110
111
/* USE_PPC_CRYPTO indicates whether to enable PowerPC vector crypto
112
 * accelerated code. */
113
#undef USE_PPC_CRYPTO
114
#if !defined(WORDS_BIGENDIAN) && defined(ENABLE_PPC_CRYPTO_SUPPORT) && \
115
    defined(HAVE_COMPATIBLE_CC_PPC_ALTIVEC) && \
116
    defined(HAVE_GCC_INLINE_ASM_PPC_ALTIVEC) && \
117
    (SIZEOF_UNSIGNED_LONG == 8) && (__GNUC__ >= 4)
118
# define USE_PPC_CRYPTO 1
119
#endif
120
121
/* USE_AARCH64_CE indicates whether to enable ARMv8/CE accelerated code. */
122
#undef USE_AARCH64_CE
123
#if defined(__AARCH64EL__) && \
124
    defined(HAVE_COMPATIBLE_GCC_AARCH64_PLATFORM_AS) && \
125
    defined(HAVE_GCC_INLINE_ASM_AARCH64_CRYPTO) && \
126
    defined(HAVE_COMPATIBLE_CC_AARCH64_NEON_INTRINSICS) && \
127
    (__GNUC__ >= 4)
128
# define USE_AARCH64_CE 1
129
#endif
130
131
typedef struct
132
{
133
  KEY_TABLE_TYPE keytable;
134
  int keybitlength;
135
#ifdef USE_AESNI_AVX
136
  unsigned int use_aesni_avx:1; /* AES-NI/AVX implementation shall be used.  */
137
#endif /*USE_AESNI_AVX*/
138
#ifdef USE_AESNI_AVX2
139
  unsigned int use_avx2:1; /* If any of AVX2 implementation is enabled.  */
140
  unsigned int use_aesni_avx2:1;/* AES-NI/AVX2 implementation shall be used.  */
141
  unsigned int use_vaes_avx2:1; /* VAES/AVX2 implementation shall be used.  */
142
  unsigned int use_gfni_avx2:1; /* GFNI/AVX2 implementation shall be used.  */
143
  unsigned int use_gfni_avx512:1; /* GFNI/AVX512 implementation shall be used.  */
144
#endif /*USE_AESNI_AVX2*/
145
#ifdef USE_PPC_CRYPTO
146
  unsigned int use_ppc:1;
147
  unsigned int use_ppc8:1;
148
  unsigned int use_ppc9:1;
149
#endif /*USE_PPC_CRYPTO*/
150
#ifdef USE_AARCH64_CE
151
  unsigned int use_aarch64ce:1;
152
#endif /*USE_AARCH64_CE*/
153
} CAMELLIA_context;
154
155
/* Assembly implementations use SystemV ABI, ABI conversion and additional
156
 * stack to store XMM6-XMM15 needed on Win64. */
157
#undef ASM_FUNC_ABI
158
#undef ASM_EXTRA_STACK
159
#if defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
160
# ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
161
#  define ASM_FUNC_ABI __attribute__((sysv_abi))
162
#  define ASM_EXTRA_STACK (10 * 16)
163
# else
164
#  define ASM_FUNC_ABI
165
#  define ASM_EXTRA_STACK 0
166
# endif
167
#endif
168
169
#ifdef USE_AESNI_AVX
170
/* Assembler implementations of Camellia using AES-NI and AVX.  Process data
171
   in 16 blocks same time.
172
 */
173
extern void _gcry_camellia_aesni_avx_ctr_enc(CAMELLIA_context *ctx,
174
               unsigned char *out,
175
               const unsigned char *in,
176
               unsigned char *ctr) ASM_FUNC_ABI;
177
178
extern void _gcry_camellia_aesni_avx_cbc_dec(CAMELLIA_context *ctx,
179
               unsigned char *out,
180
               const unsigned char *in,
181
               unsigned char *iv) ASM_FUNC_ABI;
182
183
extern void _gcry_camellia_aesni_avx_cfb_dec(CAMELLIA_context *ctx,
184
               unsigned char *out,
185
               const unsigned char *in,
186
               unsigned char *iv) ASM_FUNC_ABI;
187
188
extern void _gcry_camellia_aesni_avx_ocb_enc(CAMELLIA_context *ctx,
189
               unsigned char *out,
190
               const unsigned char *in,
191
               unsigned char *offset,
192
               unsigned char *checksum,
193
               const u64 Ls[16]) ASM_FUNC_ABI;
194
195
extern void _gcry_camellia_aesni_avx_ocb_dec(CAMELLIA_context *ctx,
196
               unsigned char *out,
197
               const unsigned char *in,
198
               unsigned char *offset,
199
               unsigned char *checksum,
200
               const u64 Ls[16]) ASM_FUNC_ABI;
201
202
extern void _gcry_camellia_aesni_avx_ocb_auth(CAMELLIA_context *ctx,
203
                const unsigned char *abuf,
204
                unsigned char *offset,
205
                unsigned char *checksum,
206
                const u64 Ls[16]) ASM_FUNC_ABI;
207
208
extern void _gcry_camellia_aesni_avx_keygen(CAMELLIA_context *ctx,
209
              const unsigned char *key,
210
              unsigned int keylen) ASM_FUNC_ABI;
211
212
extern void _gcry_camellia_aesni_avx_ecb_enc(const CAMELLIA_context *ctx,
213
               unsigned char *out,
214
               const unsigned char *in)
215
               ASM_FUNC_ABI;
216
217
extern void _gcry_camellia_aesni_avx_ecb_dec(const CAMELLIA_context *ctx,
218
               unsigned char *out,
219
               const unsigned char *in)
220
               ASM_FUNC_ABI;
221
222
static const int avx_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 16 +
223
                                        2 * sizeof(void *) + ASM_EXTRA_STACK;
224
225
#endif
226
227
#ifdef USE_AESNI_AVX2
228
/* Assembler implementations of Camellia using AES-NI and AVX2.  Process data
229
   in 32 blocks same time.
230
 */
231
extern void _gcry_camellia_aesni_avx2_ctr_enc(CAMELLIA_context *ctx,
232
                unsigned char *out,
233
                const unsigned char *in,
234
                unsigned char *ctr) ASM_FUNC_ABI;
235
236
extern void _gcry_camellia_aesni_avx2_cbc_dec(CAMELLIA_context *ctx,
237
                unsigned char *out,
238
                const unsigned char *in,
239
                unsigned char *iv) ASM_FUNC_ABI;
240
241
extern void _gcry_camellia_aesni_avx2_cfb_dec(CAMELLIA_context *ctx,
242
                unsigned char *out,
243
                const unsigned char *in,
244
                unsigned char *iv) ASM_FUNC_ABI;
245
246
extern void _gcry_camellia_aesni_avx2_ocb_enc(CAMELLIA_context *ctx,
247
                unsigned char *out,
248
                const unsigned char *in,
249
                unsigned char *offset,
250
                unsigned char *checksum,
251
                const u64 Ls[32]) ASM_FUNC_ABI;
252
253
extern void _gcry_camellia_aesni_avx2_ocb_dec(CAMELLIA_context *ctx,
254
                unsigned char *out,
255
                const unsigned char *in,
256
                unsigned char *offset,
257
                unsigned char *checksum,
258
                const u64 Ls[32]) ASM_FUNC_ABI;
259
260
extern void _gcry_camellia_aesni_avx2_ocb_auth(CAMELLIA_context *ctx,
261
                 const unsigned char *abuf,
262
                 unsigned char *offset,
263
                 unsigned char *checksum,
264
                 const u64 Ls[32]) ASM_FUNC_ABI;
265
266
extern void _gcry_camellia_aesni_avx2_enc_blk1_32(const CAMELLIA_context *ctx,
267
                                                  unsigned char *out,
268
                                                  const unsigned char *in,
269
                                                  unsigned int nblocks)
270
                                                  ASM_FUNC_ABI;
271
272
extern void _gcry_camellia_aesni_avx2_dec_blk1_32(const CAMELLIA_context *ctx,
273
                                                  unsigned char *out,
274
                                                  const unsigned char *in,
275
                                                  unsigned int nblocks)
276
                                                  ASM_FUNC_ABI;
277
278
static const int avx2_burn_stack_depth = 32 * CAMELLIA_BLOCK_SIZE + 16 +
279
                                         2 * sizeof(void *) + ASM_EXTRA_STACK;
280
281
#endif
282
283
#ifdef USE_VAES_AVX2
284
/* Assembler implementations of Camellia using VAES and AVX2.  Process data
285
   in 32 blocks same time.
286
 */
287
extern void _gcry_camellia_vaes_avx2_ctr_enc(CAMELLIA_context *ctx,
288
               unsigned char *out,
289
               const unsigned char *in,
290
               unsigned char *ctr) ASM_FUNC_ABI;
291
292
extern void _gcry_camellia_vaes_avx2_cbc_dec(CAMELLIA_context *ctx,
293
               unsigned char *out,
294
               const unsigned char *in,
295
               unsigned char *iv) ASM_FUNC_ABI;
296
297
extern void _gcry_camellia_vaes_avx2_cfb_dec(CAMELLIA_context *ctx,
298
               unsigned char *out,
299
               const unsigned char *in,
300
               unsigned char *iv) ASM_FUNC_ABI;
301
302
extern void _gcry_camellia_vaes_avx2_ocb_enc(CAMELLIA_context *ctx,
303
               unsigned char *out,
304
               const unsigned char *in,
305
               unsigned char *offset,
306
               unsigned char *checksum,
307
               const u64 Ls[32]) ASM_FUNC_ABI;
308
309
extern void _gcry_camellia_vaes_avx2_ocb_dec(CAMELLIA_context *ctx,
310
               unsigned char *out,
311
               const unsigned char *in,
312
               unsigned char *offset,
313
               unsigned char *checksum,
314
               const u64 Ls[32]) ASM_FUNC_ABI;
315
316
extern void _gcry_camellia_vaes_avx2_ocb_auth(CAMELLIA_context *ctx,
317
                const unsigned char *abuf,
318
                unsigned char *offset,
319
                unsigned char *checksum,
320
                const u64 Ls[32]) ASM_FUNC_ABI;
321
322
extern void _gcry_camellia_vaes_avx2_enc_blk1_32(const CAMELLIA_context *ctx,
323
                                                 unsigned char *out,
324
                                                 const unsigned char *in,
325
                                                 unsigned int nblocks)
326
                                                 ASM_FUNC_ABI;
327
328
extern void _gcry_camellia_vaes_avx2_dec_blk1_32(const CAMELLIA_context *ctx,
329
                                                 unsigned char *out,
330
                                                 const unsigned char *in,
331
                                                 unsigned int nblocks)
332
                                                 ASM_FUNC_ABI;
333
#endif
334
335
#ifdef USE_GFNI_AVX2
336
/* Assembler implementations of Camellia using GFNI and AVX2.  Process data
337
   in 32 blocks same time.
338
 */
339
extern void _gcry_camellia_gfni_avx2_ctr_enc(CAMELLIA_context *ctx,
340
               unsigned char *out,
341
               const unsigned char *in,
342
               unsigned char *ctr) ASM_FUNC_ABI;
343
344
extern void _gcry_camellia_gfni_avx2_cbc_dec(CAMELLIA_context *ctx,
345
               unsigned char *out,
346
               const unsigned char *in,
347
               unsigned char *iv) ASM_FUNC_ABI;
348
349
extern void _gcry_camellia_gfni_avx2_cfb_dec(CAMELLIA_context *ctx,
350
               unsigned char *out,
351
               const unsigned char *in,
352
               unsigned char *iv) ASM_FUNC_ABI;
353
354
extern void _gcry_camellia_gfni_avx2_ocb_enc(CAMELLIA_context *ctx,
355
               unsigned char *out,
356
               const unsigned char *in,
357
               unsigned char *offset,
358
               unsigned char *checksum,
359
               const u64 Ls[32]) ASM_FUNC_ABI;
360
361
extern void _gcry_camellia_gfni_avx2_ocb_dec(CAMELLIA_context *ctx,
362
               unsigned char *out,
363
               const unsigned char *in,
364
               unsigned char *offset,
365
               unsigned char *checksum,
366
               const u64 Ls[32]) ASM_FUNC_ABI;
367
368
extern void _gcry_camellia_gfni_avx2_ocb_auth(CAMELLIA_context *ctx,
369
                const unsigned char *abuf,
370
                unsigned char *offset,
371
                unsigned char *checksum,
372
                const u64 Ls[32]) ASM_FUNC_ABI;
373
374
extern void _gcry_camellia_gfni_avx2_enc_blk1_32(const CAMELLIA_context *ctx,
375
                                                 unsigned char *out,
376
                                                 const unsigned char *in,
377
                                                 unsigned int nblocks)
378
                                                 ASM_FUNC_ABI;
379
380
extern void _gcry_camellia_gfni_avx2_dec_blk1_32(const CAMELLIA_context *ctx,
381
                                                 unsigned char *out,
382
                                                 const unsigned char *in,
383
                                                 unsigned int nblocks)
384
                                                 ASM_FUNC_ABI;
385
#endif
386
387
#ifdef USE_GFNI_AVX512
388
/* Assembler implementations of Camellia using GFNI and AVX512.  Process data
389
   in 64 blocks same time.
390
 */
391
extern void _gcry_camellia_gfni_avx512_ctr_enc(CAMELLIA_context *ctx,
392
                                               unsigned char *out,
393
                                               const unsigned char *in,
394
                                               unsigned char *ctr) ASM_FUNC_ABI;
395
396
extern void _gcry_camellia_gfni_avx512_cbc_dec(CAMELLIA_context *ctx,
397
                                               unsigned char *out,
398
                                               const unsigned char *in,
399
                                               unsigned char *iv) ASM_FUNC_ABI;
400
401
extern void _gcry_camellia_gfni_avx512_cfb_dec(CAMELLIA_context *ctx,
402
                                               unsigned char *out,
403
                                               const unsigned char *in,
404
                                               unsigned char *iv) ASM_FUNC_ABI;
405
406
extern void _gcry_camellia_gfni_avx512_ocb_enc(CAMELLIA_context *ctx,
407
                                               unsigned char *out,
408
                                               const unsigned char *in,
409
                                               unsigned char *offset,
410
                                               unsigned char *checksum,
411
                                               const u64 Ls[32]) ASM_FUNC_ABI;
412
413
extern void _gcry_camellia_gfni_avx512_ocb_dec(CAMELLIA_context *ctx,
414
                                               unsigned char *out,
415
                                               const unsigned char *in,
416
                                               unsigned char *offset,
417
                                               unsigned char *checksum,
418
                                               const u64 Ls[32]) ASM_FUNC_ABI;
419
420
extern void _gcry_camellia_gfni_avx512_enc_blk64(const CAMELLIA_context *ctx,
421
                                                 unsigned char *out,
422
                                                 const unsigned char *in)
423
                                                 ASM_FUNC_ABI;
424
425
extern void _gcry_camellia_gfni_avx512_dec_blk64(const CAMELLIA_context *ctx,
426
                                                 unsigned char *out,
427
                                                 const unsigned char *in)
428
                                                 ASM_FUNC_ABI;
429
430
/* Stack not used by AVX512 implementation. */
431
static const int avx512_burn_stack_depth = 0;
432
#endif
433
434
#ifdef USE_PPC_CRYPTO
435
extern void _gcry_camellia_ppc8_encrypt_blk16(const void *key_table,
436
                void *out,
437
                const void *in,
438
                int key_length);
439
440
extern void _gcry_camellia_ppc8_decrypt_blk16(const void *key_table,
441
                void *out,
442
                const void *in,
443
                int key_length);
444
445
extern void _gcry_camellia_ppc9_encrypt_blk16(const void *key_table,
446
                void *out,
447
                const void *in,
448
                int key_length);
449
450
extern void _gcry_camellia_ppc9_decrypt_blk16(const void *key_table,
451
                void *out,
452
                const void *in,
453
                int key_length);
454
455
extern void _gcry_camellia_ppc8_keygen(void *key_table, const void *vkey,
456
               unsigned int keylen);
457
458
extern void _gcry_camellia_ppc9_keygen(void *key_table, const void *vkey,
459
               unsigned int keylen);
460
461
void camellia_ppc_enc_blk16(const CAMELLIA_context *ctx, unsigned char *out,
462
                            const unsigned char *in)
463
{
464
  if (ctx->use_ppc9)
465
    _gcry_camellia_ppc9_encrypt_blk16 (ctx->keytable, out, in,
466
               ctx->keybitlength / 8);
467
  else
468
    _gcry_camellia_ppc8_encrypt_blk16 (ctx->keytable, out, in,
469
               ctx->keybitlength / 8);
470
}
471
472
void camellia_ppc_dec_blk16(const CAMELLIA_context *ctx, unsigned char *out,
473
                            const unsigned char *in)
474
{
475
  if (ctx->use_ppc9)
476
    _gcry_camellia_ppc9_decrypt_blk16 (ctx->keytable, out, in,
477
               ctx->keybitlength / 8);
478
  else
479
    _gcry_camellia_ppc8_decrypt_blk16 (ctx->keytable, out, in,
480
               ctx->keybitlength / 8);
481
}
482
483
static const int ppc_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 16 +
484
                                        2 * sizeof(void *);
485
#endif /*USE_PPC_CRYPTO*/
486
487
#ifdef USE_AARCH64_CE
488
extern void _gcry_camellia_aarch64ce_encrypt_blk16(const void *key_table,
489
               void *out, const void *in,
490
               int key_length);
491
492
extern void _gcry_camellia_aarch64ce_decrypt_blk16(const void *key_table,
493
               void *out, const void *in,
494
               int key_length);
495
496
extern void _gcry_camellia_aarch64ce_keygen(void *key_table, const void *vkey,
497
              unsigned int keylen);
498
499
void camellia_aarch64ce_enc_blk16(const CAMELLIA_context *ctx,
500
          unsigned char *out, const unsigned char *in)
501
{
502
  _gcry_camellia_aarch64ce_encrypt_blk16 (ctx->keytable, out, in,
503
            ctx->keybitlength / 8);
504
}
505
506
void camellia_aarch64ce_dec_blk16(const CAMELLIA_context *ctx,
507
          unsigned char *out, const unsigned char *in)
508
{
509
  _gcry_camellia_aarch64ce_decrypt_blk16 (ctx->keytable, out, in,
510
            ctx->keybitlength / 8);
511
}
512
513
static const int aarch64ce_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 16 +
514
                2 * sizeof(void *);
515
#endif /*USE_AARCH64_CE*/
516
517
static const char *selftest(void);
518
519
static void _gcry_camellia_ctr_enc (void *context, unsigned char *ctr,
520
            void *outbuf_arg, const void *inbuf_arg,
521
            size_t nblocks);
522
static void _gcry_camellia_cbc_dec (void *context, unsigned char *iv,
523
            void *outbuf_arg, const void *inbuf_arg,
524
            size_t nblocks);
525
static void _gcry_camellia_cfb_dec (void *context, unsigned char *iv,
526
            void *outbuf_arg, const void *inbuf_arg,
527
            size_t nblocks);
528
static void _gcry_camellia_xts_crypt (void *context, unsigned char *tweak,
529
              void *outbuf_arg, const void *inbuf_arg,
530
              size_t nblocks, int encrypt);
531
static void _gcry_camellia_ecb_crypt (void *context, void *outbuf_arg,
532
              const void *inbuf_arg, size_t nblocks,
533
              int encrypt);
534
static void _gcry_camellia_ctr32le_enc (void *context, unsigned char *ctr,
535
          void *outbuf_arg, const void *inbuf_arg,
536
          size_t nblocks);
537
static size_t _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
538
          const void *inbuf_arg, size_t nblocks,
539
          int encrypt);
540
static size_t _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
541
               size_t nblocks);
542
543
static gcry_err_code_t
544
camellia_setkey(void *c, const byte *key, unsigned keylen,
545
                cipher_bulk_ops_t *bulk_ops)
546
89
{
547
89
  CAMELLIA_context *ctx=c;
548
89
  static int initialized=0;
549
89
  static const char *selftest_failed=NULL;
550
89
  unsigned int hwf = _gcry_get_hw_features ();
551
552
89
  (void)hwf;
553
554
89
  if(keylen!=16 && keylen!=24 && keylen!=32)
555
8
    return GPG_ERR_INV_KEYLEN;
556
557
81
  if(!initialized)
558
5
    {
559
5
      initialized=1;
560
5
      selftest_failed=selftest();
561
5
      if(selftest_failed)
562
0
  log_error("%s\n",selftest_failed);
563
5
    }
564
565
81
  if(selftest_failed)
566
0
    return GPG_ERR_SELFTEST_FAILED;
567
568
81
#ifdef USE_AESNI_AVX
569
81
  ctx->use_aesni_avx = (hwf & HWF_INTEL_AESNI) && (hwf & HWF_INTEL_AVX);
570
81
#endif
571
81
#ifdef USE_AESNI_AVX2
572
81
  ctx->use_aesni_avx2 = (hwf & HWF_INTEL_AESNI) && (hwf & HWF_INTEL_AVX2);
573
81
  ctx->use_vaes_avx2 = 0;
574
81
  ctx->use_gfni_avx2 = 0;
575
81
  ctx->use_gfni_avx512 = 0;
576
81
  ctx->use_avx2 = ctx->use_aesni_avx2;
577
81
#endif
578
81
#ifdef USE_VAES_AVX2
579
81
  ctx->use_vaes_avx2 = (hwf & HWF_INTEL_VAES_VPCLMUL) && (hwf & HWF_INTEL_AVX2);
580
81
  ctx->use_avx2 |= ctx->use_vaes_avx2;
581
81
#endif
582
81
#ifdef USE_GFNI_AVX2
583
81
  ctx->use_gfni_avx2 = (hwf & HWF_INTEL_GFNI) && (hwf & HWF_INTEL_AVX2);
584
81
  ctx->use_avx2 |= ctx->use_gfni_avx2;
585
81
#endif
586
81
#ifdef USE_GFNI_AVX512
587
81
  ctx->use_gfni_avx512 = (hwf & HWF_INTEL_GFNI) && (hwf & HWF_INTEL_AVX512);
588
81
#endif
589
#ifdef USE_PPC_CRYPTO
590
  ctx->use_ppc8 = (hwf & HWF_PPC_VCRYPTO) != 0;
591
  ctx->use_ppc9 = (hwf & HWF_PPC_VCRYPTO) && (hwf & HWF_PPC_ARCH_3_00);
592
  ctx->use_ppc = ctx->use_ppc8 || ctx->use_ppc9;
593
#endif
594
#ifdef USE_AARCH64_CE
595
  ctx->use_aarch64ce = (hwf & HWF_ARM_AES) != 0;
596
#endif
597
598
81
  ctx->keybitlength=keylen*8;
599
600
  /* Setup bulk encryption routines.  */
601
81
  memset (bulk_ops, 0, sizeof(*bulk_ops));
602
81
  bulk_ops->cbc_dec = _gcry_camellia_cbc_dec;
603
81
  bulk_ops->cfb_dec = _gcry_camellia_cfb_dec;
604
81
  bulk_ops->ctr_enc = _gcry_camellia_ctr_enc;
605
81
  bulk_ops->ocb_crypt = _gcry_camellia_ocb_crypt;
606
81
  bulk_ops->ocb_auth  = _gcry_camellia_ocb_auth;
607
81
  bulk_ops->xts_crypt = _gcry_camellia_xts_crypt;
608
81
  bulk_ops->ecb_crypt = _gcry_camellia_ecb_crypt;
609
81
  bulk_ops->ctr32le_enc = _gcry_camellia_ctr32le_enc;
610
611
81
  if (0)
612
0
    { }
613
81
#ifdef USE_AESNI_AVX
614
81
  else if (ctx->use_aesni_avx)
615
81
    _gcry_camellia_aesni_avx_keygen(ctx, key, keylen);
616
0
#endif
617
#ifdef USE_PPC_CRYPTO
618
  else if (ctx->use_ppc9)
619
    _gcry_camellia_ppc9_keygen(ctx->keytable, key, keylen);
620
  else if (ctx->use_ppc8)
621
    _gcry_camellia_ppc8_keygen(ctx->keytable, key, keylen);
622
#endif
623
#ifdef USE_AARCH64_CE
624
  else if (ctx->use_aarch64ce)
625
    _gcry_camellia_aarch64ce_keygen(ctx->keytable, key, keylen);
626
#endif
627
0
  else
628
0
    {
629
0
      Camellia_Ekeygen(ctx->keybitlength,key,ctx->keytable);
630
0
      _gcry_burn_stack
631
0
        ((19+34+34)*sizeof(u32)+2*sizeof(void*) /* camellia_setup256 */
632
0
         +(4+32)*sizeof(u32)+2*sizeof(void*)    /* camellia_setup192 */
633
0
         +0+sizeof(int)+2*sizeof(void*)         /* Camellia_Ekeygen */
634
0
         +3*2*sizeof(void*)                     /* Function calls.  */
635
0
         );
636
0
    }
637
638
81
#ifdef USE_GFNI_AVX2
639
81
  if (ctx->use_gfni_avx2)
640
0
    {
641
      /* Disable AESNI & VAES implementations when GFNI implementation is
642
       * enabled. */
643
0
#ifdef USE_AESNI_AVX
644
0
      ctx->use_aesni_avx = 0;
645
0
#endif
646
0
#ifdef USE_AESNI_AVX2
647
0
      ctx->use_aesni_avx2 = 0;
648
0
#endif
649
0
#ifdef USE_VAES_AVX2
650
0
      ctx->use_vaes_avx2 = 0;
651
0
#endif
652
0
    }
653
81
#endif
654
655
81
  return 0;
656
81
}
657
658
#ifdef USE_ARM_ASM
659
660
/* Assembly implementations of Camellia. */
661
extern void _gcry_camellia_arm_encrypt_block(const KEY_TABLE_TYPE keyTable,
662
                 byte *outbuf, const byte *inbuf,
663
                 const int keybits);
664
665
extern void _gcry_camellia_arm_decrypt_block(const KEY_TABLE_TYPE keyTable,
666
                 byte *outbuf, const byte *inbuf,
667
                 const int keybits);
668
669
static void Camellia_EncryptBlock(const int keyBitLength,
670
          const unsigned char *plaintext,
671
          const KEY_TABLE_TYPE keyTable,
672
          unsigned char *cipherText)
673
{
674
  _gcry_camellia_arm_encrypt_block(keyTable, cipherText, plaintext,
675
             keyBitLength);
676
}
677
678
static void Camellia_DecryptBlock(const int keyBitLength,
679
          const unsigned char *cipherText,
680
          const KEY_TABLE_TYPE keyTable,
681
          unsigned char *plaintext)
682
{
683
  _gcry_camellia_arm_decrypt_block(keyTable, plaintext, cipherText,
684
             keyBitLength);
685
}
686
687
#ifdef __aarch64__
688
#  define CAMELLIA_encrypt_stack_burn_size (0)
689
#  define CAMELLIA_decrypt_stack_burn_size (0)
690
#else
691
#  define CAMELLIA_encrypt_stack_burn_size (15*4)
692
#  define CAMELLIA_decrypt_stack_burn_size (15*4)
693
#endif
694
695
static unsigned int
696
camellia_encrypt(void *c, byte *outbuf, const byte *inbuf)
697
{
698
  CAMELLIA_context *ctx = c;
699
  Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
700
  return /*burn_stack*/ (CAMELLIA_encrypt_stack_burn_size);
701
}
702
703
static unsigned int
704
camellia_decrypt(void *c, byte *outbuf, const byte *inbuf)
705
{
706
  CAMELLIA_context *ctx=c;
707
  Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
708
  return /*burn_stack*/ (CAMELLIA_decrypt_stack_burn_size);
709
}
710
711
#else /*USE_ARM_ASM*/
712
713
static unsigned int
714
camellia_encrypt(void *c, byte *outbuf, const byte *inbuf)
715
6.39k
{
716
6.39k
  CAMELLIA_context *ctx=c;
717
718
6.39k
  Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
719
720
6.39k
#define CAMELLIA_encrypt_stack_burn_size \
721
6.39k
  (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) \
722
6.39k
     +4*sizeof(u32)+4*sizeof(u32) \
723
6.39k
     +2*sizeof(u32*)+4*sizeof(u32) \
724
6.39k
     +2*2*sizeof(void*) /* Function calls.  */ \
725
6.39k
    )
726
727
6.39k
  return /*burn_stack*/ (CAMELLIA_encrypt_stack_burn_size);
728
6.39k
}
729
730
static unsigned int
731
camellia_decrypt(void *c, byte *outbuf, const byte *inbuf)
732
25
{
733
25
  CAMELLIA_context *ctx=c;
734
735
25
  Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
736
737
25
#define CAMELLIA_decrypt_stack_burn_size \
738
25
    (sizeof(int)+2*sizeof(unsigned char *)+sizeof(void*/*KEY_TABLE_TYPE*/) \
739
25
     +4*sizeof(u32)+4*sizeof(u32) \
740
25
     +2*sizeof(u32*)+4*sizeof(u32) \
741
25
     +2*2*sizeof(void*) /* Function calls.  */ \
742
25
    )
743
744
25
  return /*burn_stack*/ (CAMELLIA_decrypt_stack_burn_size);
745
25
}
746
747
#endif /*!USE_ARM_ASM*/
748
749
750
static unsigned int
751
camellia_encrypt_blk1_32 (void *priv, byte *outbuf, const byte *inbuf,
752
        size_t num_blks)
753
1
{
754
1
  const CAMELLIA_context *ctx = priv;
755
1
  unsigned int stack_burn_size = 0;
756
757
1
  gcry_assert (num_blks <= 32);
758
759
0
#ifdef USE_GFNI_AVX2
760
1
  if (ctx->use_gfni_avx2 && num_blks >= 2)
761
0
    {
762
      /* 2 or more parallel block GFNI processing is faster than
763
       * generic C implementation.  */
764
0
      _gcry_camellia_gfni_avx2_enc_blk1_32 (ctx, outbuf, inbuf, num_blks);
765
0
      return avx2_burn_stack_depth;
766
0
    }
767
1
#endif
768
1
#ifdef USE_VAES_AVX2
769
1
  if (ctx->use_vaes_avx2 && num_blks >= 4)
770
0
    {
771
      /* 4 or more parallel block VAES processing is faster than
772
       * generic C implementation.  */
773
0
      _gcry_camellia_vaes_avx2_enc_blk1_32 (ctx, outbuf, inbuf, num_blks);
774
0
      return avx2_burn_stack_depth;
775
0
    }
776
1
#endif
777
1
#ifdef USE_AESNI_AVX2
778
1
  if (ctx->use_aesni_avx2 && num_blks >= 5)
779
0
    {
780
      /* 5 or more parallel block AESNI processing is faster than
781
       * generic C implementation.  */
782
0
      _gcry_camellia_aesni_avx2_enc_blk1_32 (ctx, outbuf, inbuf, num_blks);
783
0
      return avx2_burn_stack_depth;
784
0
    }
785
1
#endif
786
1
#ifdef USE_AESNI_AVX
787
1
  while (ctx->use_aesni_avx && num_blks >= 16)
788
0
    {
789
0
      _gcry_camellia_aesni_avx_ecb_enc (ctx, outbuf, inbuf);
790
0
      stack_burn_size = avx_burn_stack_depth;
791
0
      outbuf += CAMELLIA_BLOCK_SIZE * 16;
792
0
      inbuf += CAMELLIA_BLOCK_SIZE * 16;
793
0
      num_blks -= 16;
794
0
    }
795
1
#endif
796
#ifdef USE_PPC_CRYPTO
797
  while (ctx->use_ppc && num_blks >= 16)
798
    {
799
      camellia_ppc_enc_blk16 (ctx, outbuf, inbuf);
800
      stack_burn_size = ppc_burn_stack_depth;
801
      outbuf += CAMELLIA_BLOCK_SIZE * 16;
802
      inbuf += CAMELLIA_BLOCK_SIZE * 16;
803
      num_blks -= 16;
804
    }
805
#endif
806
#ifdef USE_AARCH64_CE
807
  while (ctx->use_aarch64ce && num_blks >= 16)
808
    {
809
      camellia_aarch64ce_enc_blk16 (ctx, outbuf, inbuf);
810
      stack_burn_size = aarch64ce_burn_stack_depth;
811
      outbuf += CAMELLIA_BLOCK_SIZE * 16;
812
      inbuf += CAMELLIA_BLOCK_SIZE * 16;
813
      num_blks -= 16;
814
    }
815
#endif
816
817
5
  while (num_blks)
818
4
    {
819
4
      unsigned int nburn = camellia_encrypt((void *)ctx, outbuf, inbuf);
820
4
      stack_burn_size = nburn > stack_burn_size ? nburn : stack_burn_size;
821
4
      outbuf += CAMELLIA_BLOCK_SIZE;
822
4
      inbuf += CAMELLIA_BLOCK_SIZE;
823
4
      num_blks--;
824
4
    }
825
826
1
  return stack_burn_size;
827
1
}
828
829
static unsigned int
830
camellia_encrypt_blk1_64 (void *priv, byte *outbuf, const byte *inbuf,
831
        size_t num_blks)
832
0
{
833
0
  CAMELLIA_context *ctx = priv;
834
0
  unsigned int stack_burn_size = 0;
835
0
  unsigned int nburn;
836
837
0
  gcry_assert (num_blks <= 64);
838
839
0
#ifdef USE_GFNI_AVX512
840
0
  if (num_blks == 64 && ctx->use_gfni_avx512)
841
0
    {
842
0
      _gcry_camellia_gfni_avx512_enc_blk64 (ctx, outbuf, inbuf);
843
0
      return avx512_burn_stack_depth;
844
0
    }
845
0
#endif
846
847
0
  do
848
0
    {
849
0
      unsigned int curr_blks = num_blks > 32 ? 32 : num_blks;
850
0
      nburn = camellia_encrypt_blk1_32 (ctx, outbuf, inbuf, curr_blks);
851
0
      stack_burn_size = nburn > stack_burn_size ? nburn : stack_burn_size;
852
0
      outbuf += curr_blks * 16;
853
0
      inbuf += curr_blks * 16;
854
0
      num_blks -= curr_blks;
855
0
    }
856
0
  while (num_blks > 0);
857
858
0
  return stack_burn_size;
859
0
}
860
861
static unsigned int
862
camellia_decrypt_blk1_32 (void *priv, byte *outbuf, const byte *inbuf,
863
        size_t num_blks)
864
10
{
865
10
  const CAMELLIA_context *ctx = priv;
866
10
  unsigned int stack_burn_size = 0;
867
868
10
  gcry_assert (num_blks <= 32);
869
870
0
#ifdef USE_GFNI_AVX2
871
10
  if (ctx->use_gfni_avx2 && num_blks >= 2)
872
0
    {
873
      /* 2 or more parallel block GFNI processing is faster than
874
       * generic C implementation.  */
875
0
      _gcry_camellia_gfni_avx2_dec_blk1_32 (ctx, outbuf, inbuf, num_blks);
876
0
      return avx2_burn_stack_depth;
877
0
    }
878
10
#endif
879
10
#ifdef USE_VAES_AVX2
880
10
  if (ctx->use_vaes_avx2 && num_blks >= 4)
881
0
    {
882
      /* 4 or more parallel block VAES processing is faster than
883
       * generic C implementation.  */
884
0
      _gcry_camellia_vaes_avx2_dec_blk1_32 (ctx, outbuf, inbuf, num_blks);
885
0
      return avx2_burn_stack_depth;
886
0
    }
887
10
#endif
888
10
#ifdef USE_AESNI_AVX2
889
10
  if (ctx->use_aesni_avx2 && num_blks >= 5)
890
0
    {
891
      /* 5 or more parallel block AESNI processing is faster than
892
       * generic C implementation.  */
893
0
      _gcry_camellia_aesni_avx2_dec_blk1_32 (ctx, outbuf, inbuf, num_blks);
894
0
      return avx2_burn_stack_depth;
895
0
    }
896
10
#endif
897
10
#ifdef USE_AESNI_AVX
898
10
  while (ctx->use_aesni_avx && num_blks >= 16)
899
0
    {
900
0
      _gcry_camellia_aesni_avx_ecb_dec (ctx, outbuf, inbuf);
901
0
      stack_burn_size = avx_burn_stack_depth;
902
0
      outbuf += CAMELLIA_BLOCK_SIZE * 16;
903
0
      inbuf += CAMELLIA_BLOCK_SIZE * 16;
904
0
      num_blks -= 16;
905
0
    }
906
10
#endif
907
#ifdef USE_PPC_CRYPTO
908
  while (ctx->use_ppc && num_blks >= 16)
909
    {
910
      camellia_ppc_dec_blk16 (ctx, outbuf, inbuf);
911
      stack_burn_size = ppc_burn_stack_depth;
912
      outbuf += CAMELLIA_BLOCK_SIZE * 16;
913
      inbuf += CAMELLIA_BLOCK_SIZE * 16;
914
      num_blks -= 16;
915
    }
916
#endif
917
#ifdef USE_AARCH64_CE
918
  while (ctx->use_aarch64ce && num_blks >= 16)
919
    {
920
      camellia_aarch64ce_dec_blk16 (ctx, outbuf, inbuf);
921
      stack_burn_size = aarch64ce_burn_stack_depth;
922
      outbuf += CAMELLIA_BLOCK_SIZE * 16;
923
      inbuf += CAMELLIA_BLOCK_SIZE * 16;
924
      num_blks -= 16;
925
    }
926
#endif
927
928
20
  while (num_blks)
929
10
    {
930
10
      unsigned int nburn = camellia_decrypt((void *)ctx, outbuf, inbuf);
931
10
      stack_burn_size = nburn > stack_burn_size ? nburn : stack_burn_size;
932
10
      outbuf += CAMELLIA_BLOCK_SIZE;
933
10
      inbuf += CAMELLIA_BLOCK_SIZE;
934
10
      num_blks--;
935
10
    }
936
937
10
  return stack_burn_size;
938
10
}
939
940
static unsigned int
941
camellia_decrypt_blk1_64 (void *priv, byte *outbuf, const byte *inbuf,
942
        size_t num_blks)
943
0
{
944
0
  CAMELLIA_context *ctx = priv;
945
0
  unsigned int stack_burn_size = 0;
946
0
  unsigned int nburn;
947
948
0
  gcry_assert (num_blks <= 64);
949
950
0
#ifdef USE_GFNI_AVX512
951
0
  if (num_blks == 64 && ctx->use_gfni_avx512)
952
0
    {
953
0
      _gcry_camellia_gfni_avx512_dec_blk64 (ctx, outbuf, inbuf);
954
0
      return avx512_burn_stack_depth;
955
0
    }
956
0
#endif
957
958
0
  do
959
0
    {
960
0
      unsigned int curr_blks = num_blks > 32 ? 32 : num_blks;
961
0
      nburn = camellia_decrypt_blk1_32 (ctx, outbuf, inbuf, curr_blks);
962
0
      stack_burn_size = nburn > stack_burn_size ? nburn : stack_burn_size;
963
0
      outbuf += curr_blks * 16;
964
0
      inbuf += curr_blks * 16;
965
0
      num_blks -= curr_blks;
966
0
    }
967
0
  while (num_blks > 0);
968
969
0
  return stack_burn_size;
970
0
}
971
972
973
/* Bulk encryption of complete blocks in CTR mode.  This function is only
974
   intended for the bulk encryption feature of cipher.c.  CTR is expected to be
975
   of size CAMELLIA_BLOCK_SIZE. */
976
static void
977
_gcry_camellia_ctr_enc(void *context, unsigned char *ctr,
978
                       void *outbuf_arg, const void *inbuf_arg,
979
                       size_t nblocks)
980
0
{
981
0
  CAMELLIA_context *ctx = context;
982
0
  unsigned char *outbuf = outbuf_arg;
983
0
  const unsigned char *inbuf = inbuf_arg;
984
0
  int burn_stack_depth = 0;
985
986
0
#ifdef USE_GFNI_AVX512
987
0
  if (ctx->use_gfni_avx512)
988
0
    {
989
0
      int did_use_gfni_avx512 = 0;
990
991
      /* Process data in 64 block chunks. */
992
0
      while (nblocks >= 64)
993
0
        {
994
0
          _gcry_camellia_gfni_avx512_ctr_enc (ctx, outbuf, inbuf, ctr);
995
0
          nblocks -= 64;
996
0
          outbuf += 64 * CAMELLIA_BLOCK_SIZE;
997
0
          inbuf  += 64 * CAMELLIA_BLOCK_SIZE;
998
0
          did_use_gfni_avx512 = 1;
999
0
        }
1000
1001
0
      if (did_use_gfni_avx512)
1002
0
        {
1003
0
          if (burn_stack_depth < avx512_burn_stack_depth)
1004
0
            burn_stack_depth = avx512_burn_stack_depth;
1005
0
        }
1006
1007
      /* Use generic code to handle smaller chunks... */
1008
0
    }
1009
0
#endif
1010
1011
0
#ifdef USE_AESNI_AVX2
1012
0
  if (ctx->use_avx2)
1013
0
    {
1014
0
      int did_use_aesni_avx2 = 0;
1015
0
      typeof (&_gcry_camellia_aesni_avx2_ctr_enc) bulk_ctr_fn =
1016
0
    _gcry_camellia_aesni_avx2_ctr_enc;
1017
1018
0
#ifdef USE_VAES_AVX2
1019
0
      if (ctx->use_vaes_avx2)
1020
0
  bulk_ctr_fn =_gcry_camellia_vaes_avx2_ctr_enc;
1021
0
#endif
1022
0
#ifdef USE_GFNI_AVX2
1023
0
      if (ctx->use_gfni_avx2)
1024
0
  bulk_ctr_fn =_gcry_camellia_gfni_avx2_ctr_enc;
1025
0
#endif
1026
1027
      /* Process data in 32 block chunks. */
1028
0
      while (nblocks >= 32)
1029
0
        {
1030
0
    bulk_ctr_fn (ctx, outbuf, inbuf, ctr);
1031
0
          nblocks -= 32;
1032
0
          outbuf += 32 * CAMELLIA_BLOCK_SIZE;
1033
0
          inbuf  += 32 * CAMELLIA_BLOCK_SIZE;
1034
0
          did_use_aesni_avx2 = 1;
1035
0
        }
1036
1037
0
      if (did_use_aesni_avx2)
1038
0
        {
1039
0
          if (burn_stack_depth < avx2_burn_stack_depth)
1040
0
            burn_stack_depth = avx2_burn_stack_depth;
1041
0
        }
1042
1043
      /* Use generic code to handle smaller chunks... */
1044
0
    }
1045
0
#endif
1046
1047
0
#ifdef USE_AESNI_AVX
1048
0
  if (ctx->use_aesni_avx)
1049
0
    {
1050
0
      int did_use_aesni_avx = 0;
1051
1052
      /* Process data in 16 block chunks. */
1053
0
      while (nblocks >= 16)
1054
0
        {
1055
0
          _gcry_camellia_aesni_avx_ctr_enc(ctx, outbuf, inbuf, ctr);
1056
1057
0
          nblocks -= 16;
1058
0
          outbuf += 16 * CAMELLIA_BLOCK_SIZE;
1059
0
          inbuf  += 16 * CAMELLIA_BLOCK_SIZE;
1060
0
          did_use_aesni_avx = 1;
1061
0
        }
1062
1063
0
      if (did_use_aesni_avx)
1064
0
        {
1065
0
          if (burn_stack_depth < avx_burn_stack_depth)
1066
0
            burn_stack_depth = avx_burn_stack_depth;
1067
0
        }
1068
1069
      /* Use generic code to handle smaller chunks... */
1070
0
    }
1071
0
#endif
1072
1073
  /* Process remaining blocks. */
1074
0
  if (nblocks)
1075
0
    {
1076
0
      byte tmpbuf[CAMELLIA_BLOCK_SIZE * 32];
1077
0
      unsigned int tmp_used = CAMELLIA_BLOCK_SIZE;
1078
0
      size_t nburn;
1079
1080
0
      nburn = bulk_ctr_enc_128(ctx, camellia_encrypt_blk1_32, outbuf, inbuf,
1081
0
                               nblocks, ctr, tmpbuf,
1082
0
                               sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, &tmp_used);
1083
0
      burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth;
1084
1085
0
      wipememory(tmpbuf, tmp_used);
1086
0
    }
1087
1088
0
  if (burn_stack_depth)
1089
0
    _gcry_burn_stack(burn_stack_depth);
1090
0
}
1091
1092
/* Bulk decryption of complete blocks in CBC mode.  This function is only
1093
   intended for the bulk encryption feature of cipher.c. */
1094
static void
1095
_gcry_camellia_cbc_dec(void *context, unsigned char *iv,
1096
                       void *outbuf_arg, const void *inbuf_arg,
1097
                       size_t nblocks)
1098
10
{
1099
10
  CAMELLIA_context *ctx = context;
1100
10
  unsigned char *outbuf = outbuf_arg;
1101
10
  const unsigned char *inbuf = inbuf_arg;
1102
10
  int burn_stack_depth = 0;
1103
1104
10
#ifdef USE_GFNI_AVX512
1105
10
  if (ctx->use_gfni_avx512)
1106
0
    {
1107
0
      int did_use_gfni_avx512 = 0;
1108
1109
      /* Process data in 64 block chunks. */
1110
0
      while (nblocks >= 64)
1111
0
        {
1112
0
          _gcry_camellia_gfni_avx512_cbc_dec (ctx, outbuf, inbuf, iv);
1113
0
          nblocks -= 64;
1114
0
          outbuf += 64 * CAMELLIA_BLOCK_SIZE;
1115
0
          inbuf  += 64 * CAMELLIA_BLOCK_SIZE;
1116
0
          did_use_gfni_avx512 = 1;
1117
0
        }
1118
1119
0
      if (did_use_gfni_avx512)
1120
0
        {
1121
0
          if (burn_stack_depth < avx512_burn_stack_depth)
1122
0
            burn_stack_depth = avx512_burn_stack_depth;
1123
0
        }
1124
1125
      /* Use generic code to handle smaller chunks... */
1126
0
    }
1127
10
#endif
1128
1129
10
#ifdef USE_AESNI_AVX2
1130
10
  if (ctx->use_avx2)
1131
10
    {
1132
10
      int did_use_aesni_avx2 = 0;
1133
10
      typeof (&_gcry_camellia_aesni_avx2_cbc_dec) bulk_cbc_fn =
1134
10
    _gcry_camellia_aesni_avx2_cbc_dec;
1135
1136
10
#ifdef USE_VAES_AVX2
1137
10
      if (ctx->use_vaes_avx2)
1138
0
  bulk_cbc_fn =_gcry_camellia_vaes_avx2_cbc_dec;
1139
10
#endif
1140
10
#ifdef USE_GFNI_AVX2
1141
10
      if (ctx->use_gfni_avx2)
1142
0
  bulk_cbc_fn =_gcry_camellia_gfni_avx2_cbc_dec;
1143
10
#endif
1144
1145
      /* Process data in 32 block chunks. */
1146
10
      while (nblocks >= 32)
1147
0
        {
1148
0
    bulk_cbc_fn (ctx, outbuf, inbuf, iv);
1149
0
          nblocks -= 32;
1150
0
          outbuf += 32 * CAMELLIA_BLOCK_SIZE;
1151
0
          inbuf  += 32 * CAMELLIA_BLOCK_SIZE;
1152
0
          did_use_aesni_avx2 = 1;
1153
0
        }
1154
1155
10
      if (did_use_aesni_avx2)
1156
0
        {
1157
0
          if (burn_stack_depth < avx2_burn_stack_depth)
1158
0
            burn_stack_depth = avx2_burn_stack_depth;
1159
0
        }
1160
1161
      /* Use generic code to handle smaller chunks... */
1162
10
    }
1163
10
#endif
1164
1165
10
#ifdef USE_AESNI_AVX
1166
10
  if (ctx->use_aesni_avx)
1167
10
    {
1168
10
      int did_use_aesni_avx = 0;
1169
1170
      /* Process data in 16 block chunks. */
1171
10
      while (nblocks >= 16)
1172
0
        {
1173
0
          _gcry_camellia_aesni_avx_cbc_dec(ctx, outbuf, inbuf, iv);
1174
1175
0
          nblocks -= 16;
1176
0
          outbuf += 16 * CAMELLIA_BLOCK_SIZE;
1177
0
          inbuf  += 16 * CAMELLIA_BLOCK_SIZE;
1178
0
          did_use_aesni_avx = 1;
1179
0
        }
1180
1181
10
      if (did_use_aesni_avx)
1182
0
        {
1183
0
          if (burn_stack_depth < avx_burn_stack_depth)
1184
0
            burn_stack_depth = avx_burn_stack_depth;
1185
0
        }
1186
1187
      /* Use generic code to handle smaller chunks... */
1188
10
    }
1189
10
#endif
1190
1191
  /* Process remaining blocks. */
1192
10
  if (nblocks)
1193
10
    {
1194
10
      byte tmpbuf[CAMELLIA_BLOCK_SIZE * 32];
1195
10
      unsigned int tmp_used = CAMELLIA_BLOCK_SIZE;
1196
10
      size_t nburn;
1197
1198
10
      nburn = bulk_cbc_dec_128(ctx, camellia_decrypt_blk1_32, outbuf, inbuf,
1199
10
                               nblocks, iv, tmpbuf,
1200
10
                               sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, &tmp_used);
1201
10
      burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth;
1202
1203
10
      wipememory(tmpbuf, tmp_used);
1204
10
    }
1205
1206
10
  if (burn_stack_depth)
1207
10
    _gcry_burn_stack(burn_stack_depth);
1208
10
}
1209
1210
/* Bulk decryption of complete blocks in CFB mode.  This function is only
1211
   intended for the bulk encryption feature of cipher.c. */
1212
static void
1213
_gcry_camellia_cfb_dec(void *context, unsigned char *iv,
1214
                       void *outbuf_arg, const void *inbuf_arg,
1215
                       size_t nblocks)
1216
1
{
1217
1
  CAMELLIA_context *ctx = context;
1218
1
  unsigned char *outbuf = outbuf_arg;
1219
1
  const unsigned char *inbuf = inbuf_arg;
1220
1
  int burn_stack_depth = 0;
1221
1222
1
#ifdef USE_GFNI_AVX512
1223
1
  if (ctx->use_gfni_avx512)
1224
0
    {
1225
0
      int did_use_gfni_avx512 = 0;
1226
1227
      /* Process data in 64 block chunks. */
1228
0
      while (nblocks >= 64)
1229
0
        {
1230
0
          _gcry_camellia_gfni_avx512_cfb_dec (ctx, outbuf, inbuf, iv);
1231
0
          nblocks -= 64;
1232
0
          outbuf += 64 * CAMELLIA_BLOCK_SIZE;
1233
0
          inbuf  += 64 * CAMELLIA_BLOCK_SIZE;
1234
0
          did_use_gfni_avx512 = 1;
1235
0
        }
1236
1237
0
      if (did_use_gfni_avx512)
1238
0
        {
1239
0
          if (burn_stack_depth < avx512_burn_stack_depth)
1240
0
            burn_stack_depth = avx512_burn_stack_depth;
1241
0
        }
1242
1243
      /* Use generic code to handle smaller chunks... */
1244
0
    }
1245
1
#endif
1246
1247
1
#ifdef USE_AESNI_AVX2
1248
1
  if (ctx->use_avx2)
1249
1
    {
1250
1
      int did_use_aesni_avx2 = 0;
1251
1
      typeof (&_gcry_camellia_aesni_avx2_cfb_dec) bulk_cfb_fn =
1252
1
    _gcry_camellia_aesni_avx2_cfb_dec;
1253
1254
1
#ifdef USE_VAES_AVX2
1255
1
      if (ctx->use_vaes_avx2)
1256
0
  bulk_cfb_fn =_gcry_camellia_vaes_avx2_cfb_dec;
1257
1
#endif
1258
1
#ifdef USE_GFNI_AVX2
1259
1
      if (ctx->use_gfni_avx2)
1260
0
  bulk_cfb_fn =_gcry_camellia_gfni_avx2_cfb_dec;
1261
1
#endif
1262
1263
      /* Process data in 32 block chunks. */
1264
1
      while (nblocks >= 32)
1265
0
        {
1266
0
    bulk_cfb_fn (ctx, outbuf, inbuf, iv);
1267
0
          nblocks -= 32;
1268
0
          outbuf += 32 * CAMELLIA_BLOCK_SIZE;
1269
0
          inbuf  += 32 * CAMELLIA_BLOCK_SIZE;
1270
0
          did_use_aesni_avx2 = 1;
1271
0
        }
1272
1273
1
      if (did_use_aesni_avx2)
1274
0
        {
1275
0
          if (burn_stack_depth < avx2_burn_stack_depth)
1276
0
            burn_stack_depth = avx2_burn_stack_depth;
1277
0
        }
1278
1279
      /* Use generic code to handle smaller chunks... */
1280
1
    }
1281
1
#endif
1282
1283
1
#ifdef USE_AESNI_AVX
1284
1
  if (ctx->use_aesni_avx)
1285
1
    {
1286
1
      int did_use_aesni_avx = 0;
1287
1288
      /* Process data in 16 block chunks. */
1289
1
      while (nblocks >= 16)
1290
0
        {
1291
0
          _gcry_camellia_aesni_avx_cfb_dec(ctx, outbuf, inbuf, iv);
1292
1293
0
          nblocks -= 16;
1294
0
          outbuf += 16 * CAMELLIA_BLOCK_SIZE;
1295
0
          inbuf  += 16 * CAMELLIA_BLOCK_SIZE;
1296
0
          did_use_aesni_avx = 1;
1297
0
        }
1298
1299
1
      if (did_use_aesni_avx)
1300
0
        {
1301
0
          if (burn_stack_depth < avx_burn_stack_depth)
1302
0
            burn_stack_depth = avx_burn_stack_depth;
1303
0
        }
1304
1305
      /* Use generic code to handle smaller chunks... */
1306
1
    }
1307
1
#endif
1308
1309
  /* Process remaining blocks. */
1310
1
  if (nblocks)
1311
1
    {
1312
1
      byte tmpbuf[CAMELLIA_BLOCK_SIZE * 32];
1313
1
      unsigned int tmp_used = CAMELLIA_BLOCK_SIZE;
1314
1
      size_t nburn;
1315
1316
1
      nburn = bulk_cfb_dec_128(ctx, camellia_encrypt_blk1_32, outbuf, inbuf,
1317
1
                               nblocks, iv, tmpbuf,
1318
1
                               sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE, &tmp_used);
1319
1
      burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth;
1320
1321
1
      wipememory(tmpbuf, tmp_used);
1322
1
    }
1323
1324
1
  if (burn_stack_depth)
1325
1
    _gcry_burn_stack(burn_stack_depth);
1326
1
}
1327
1328
/* Bulk encryption/decryption in ECB mode. */
1329
static void
1330
_gcry_camellia_ecb_crypt (void *context, void *outbuf_arg,
1331
        const void *inbuf_arg, size_t nblocks, int encrypt)
1332
0
{
1333
0
  CAMELLIA_context *ctx = context;
1334
0
  unsigned char *outbuf = outbuf_arg;
1335
0
  const unsigned char *inbuf = inbuf_arg;
1336
0
  int burn_stack_depth = 0;
1337
1338
  /* Process remaining blocks. */
1339
0
  if (nblocks)
1340
0
    {
1341
0
      size_t nburn;
1342
1343
0
      nburn = bulk_ecb_crypt_128(ctx, encrypt ? camellia_encrypt_blk1_64
1344
0
                                              : camellia_decrypt_blk1_64,
1345
0
                                 outbuf, inbuf, nblocks, 64);
1346
0
      burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth;
1347
0
    }
1348
1349
0
  if (burn_stack_depth)
1350
0
    _gcry_burn_stack(burn_stack_depth);
1351
0
}
1352
1353
/* Bulk encryption/decryption of complete blocks in XTS mode. */
1354
static void
1355
_gcry_camellia_xts_crypt (void *context, unsigned char *tweak,
1356
                          void *outbuf_arg, const void *inbuf_arg,
1357
                          size_t nblocks, int encrypt)
1358
0
{
1359
0
  CAMELLIA_context *ctx = context;
1360
0
  unsigned char *outbuf = outbuf_arg;
1361
0
  const unsigned char *inbuf = inbuf_arg;
1362
0
  int burn_stack_depth = 0;
1363
1364
  /* Process remaining blocks. */
1365
0
  if (nblocks)
1366
0
    {
1367
0
      byte tmpbuf[CAMELLIA_BLOCK_SIZE * 64];
1368
0
      unsigned int tmp_used = CAMELLIA_BLOCK_SIZE;
1369
0
      size_t nburn;
1370
1371
0
      nburn = bulk_xts_crypt_128(ctx, encrypt ? camellia_encrypt_blk1_64
1372
0
                                              : camellia_decrypt_blk1_64,
1373
0
                                 outbuf, inbuf, nblocks, tweak, tmpbuf,
1374
0
                                 sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE,
1375
0
                                 &tmp_used);
1376
0
      burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth;
1377
1378
0
      wipememory(tmpbuf, tmp_used);
1379
0
    }
1380
1381
0
  if (burn_stack_depth)
1382
0
    _gcry_burn_stack(burn_stack_depth);
1383
0
}
1384
1385
/* Bulk encryption of complete blocks in CTR32LE mode (for GCM-SIV). */
1386
static void
1387
_gcry_camellia_ctr32le_enc(void *context, unsigned char *ctr,
1388
                           void *outbuf_arg, const void *inbuf_arg,
1389
                           size_t nblocks)
1390
0
{
1391
0
  CAMELLIA_context *ctx = context;
1392
0
  byte *outbuf = outbuf_arg;
1393
0
  const byte *inbuf = inbuf_arg;
1394
0
  int burn_stack_depth = 0;
1395
1396
  /* Process remaining blocks. */
1397
0
  if (nblocks)
1398
0
    {
1399
0
      byte tmpbuf[64 * CAMELLIA_BLOCK_SIZE];
1400
0
      unsigned int tmp_used = CAMELLIA_BLOCK_SIZE;
1401
0
      size_t nburn;
1402
1403
0
      nburn = bulk_ctr32le_enc_128 (ctx, camellia_encrypt_blk1_64, outbuf,
1404
0
                                    inbuf, nblocks, ctr, tmpbuf,
1405
0
                                    sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE,
1406
0
                                    &tmp_used);
1407
0
      burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth;
1408
1409
0
      wipememory (tmpbuf, tmp_used);
1410
0
    }
1411
1412
0
  if (burn_stack_depth)
1413
0
    _gcry_burn_stack (burn_stack_depth);
1414
0
}
1415
1416
/* Bulk encryption/decryption of complete blocks in OCB mode. */
1417
static size_t
1418
_gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg,
1419
        const void *inbuf_arg, size_t nblocks, int encrypt)
1420
0
{
1421
0
#if defined(USE_PPC_CRYPTO) || defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
1422
0
  CAMELLIA_context *ctx = (void *)&c->context.c;
1423
0
  unsigned char *outbuf = outbuf_arg;
1424
0
  const unsigned char *inbuf = inbuf_arg;
1425
0
  int burn_stack_depth = 0;
1426
0
  u64 blkn = c->u_mode.ocb.data_nblocks;
1427
1428
#else
1429
  (void)c;
1430
  (void)outbuf_arg;
1431
  (void)inbuf_arg;
1432
  (void)encrypt;
1433
#endif
1434
1435
0
#ifdef USE_GFNI_AVX512
1436
0
  if (ctx->use_gfni_avx512)
1437
0
    {
1438
0
      int did_use_gfni_avx512 = 0;
1439
0
      u64 Ls[64];
1440
0
      u64 *l;
1441
1442
0
      if (nblocks >= 64)
1443
0
  {
1444
0
    typeof (&_gcry_camellia_gfni_avx512_ocb_dec) bulk_ocb_fn =
1445
0
        encrypt ? _gcry_camellia_gfni_avx512_ocb_enc
1446
0
          : _gcry_camellia_gfni_avx512_ocb_dec;
1447
0
          l = bulk_ocb_prepare_L_pointers_array_blk64 (c, Ls, blkn);
1448
1449
    /* Process data in 64 block chunks. */
1450
0
    while (nblocks >= 64)
1451
0
      {
1452
0
        blkn += 64;
1453
0
        *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 64);
1454
1455
0
        bulk_ocb_fn (ctx, outbuf, inbuf, c->u_iv.iv, c->u_ctr.ctr, Ls);
1456
1457
0
        nblocks -= 64;
1458
0
        outbuf += 64 * CAMELLIA_BLOCK_SIZE;
1459
0
        inbuf  += 64 * CAMELLIA_BLOCK_SIZE;
1460
0
        did_use_gfni_avx512 = 1;
1461
0
      }
1462
0
  }
1463
1464
0
      if (did_use_gfni_avx512)
1465
0
  {
1466
0
    if (burn_stack_depth < avx2_burn_stack_depth)
1467
0
      burn_stack_depth = avx2_burn_stack_depth;
1468
0
  }
1469
1470
      /* Use generic code to handle smaller chunks... */
1471
0
    }
1472
0
#endif
1473
1474
0
#ifdef USE_AESNI_AVX2
1475
0
  if (ctx->use_avx2)
1476
0
    {
1477
0
      int did_use_aesni_avx2 = 0;
1478
0
      u64 Ls[32];
1479
0
      u64 *l;
1480
1481
0
      if (nblocks >= 32)
1482
0
  {
1483
0
    typeof (&_gcry_camellia_aesni_avx2_ocb_dec) bulk_ocb_fn =
1484
0
        encrypt ? _gcry_camellia_aesni_avx2_ocb_enc
1485
0
          : _gcry_camellia_aesni_avx2_ocb_dec;
1486
1487
0
#ifdef USE_VAES_AVX2
1488
0
    if (ctx->use_vaes_avx2)
1489
0
      bulk_ocb_fn = encrypt ? _gcry_camellia_vaes_avx2_ocb_enc
1490
0
          : _gcry_camellia_vaes_avx2_ocb_dec;
1491
0
#endif
1492
0
#ifdef USE_GFNI_AVX2
1493
0
    if (ctx->use_gfni_avx2)
1494
0
      bulk_ocb_fn = encrypt ? _gcry_camellia_gfni_avx2_ocb_enc
1495
0
          : _gcry_camellia_gfni_avx2_ocb_dec;
1496
0
#endif
1497
0
          l = bulk_ocb_prepare_L_pointers_array_blk32 (c, Ls, blkn);
1498
1499
    /* Process data in 32 block chunks. */
1500
0
    while (nblocks >= 32)
1501
0
      {
1502
0
        blkn += 32;
1503
0
        *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 32);
1504
1505
0
        bulk_ocb_fn (ctx, outbuf, inbuf, c->u_iv.iv, c->u_ctr.ctr, Ls);
1506
1507
0
        nblocks -= 32;
1508
0
        outbuf += 32 * CAMELLIA_BLOCK_SIZE;
1509
0
        inbuf  += 32 * CAMELLIA_BLOCK_SIZE;
1510
0
        did_use_aesni_avx2 = 1;
1511
0
      }
1512
0
  }
1513
1514
0
      if (did_use_aesni_avx2)
1515
0
  {
1516
0
    if (burn_stack_depth < avx2_burn_stack_depth)
1517
0
      burn_stack_depth = avx2_burn_stack_depth;
1518
0
  }
1519
1520
      /* Use generic code to handle smaller chunks... */
1521
0
    }
1522
0
#endif
1523
1524
0
#ifdef USE_AESNI_AVX
1525
0
  if (ctx->use_aesni_avx)
1526
0
    {
1527
0
      int did_use_aesni_avx = 0;
1528
0
      u64 Ls[16];
1529
0
      u64 *l;
1530
1531
0
      if (nblocks >= 16)
1532
0
  {
1533
0
          l = bulk_ocb_prepare_L_pointers_array_blk16 (c, Ls, blkn);
1534
1535
    /* Process data in 16 block chunks. */
1536
0
    while (nblocks >= 16)
1537
0
      {
1538
0
        blkn += 16;
1539
0
        *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 16);
1540
1541
0
        if (encrypt)
1542
0
    _gcry_camellia_aesni_avx_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv,
1543
0
            c->u_ctr.ctr, Ls);
1544
0
        else
1545
0
    _gcry_camellia_aesni_avx_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv,
1546
0
            c->u_ctr.ctr, Ls);
1547
1548
0
        nblocks -= 16;
1549
0
        outbuf += 16 * CAMELLIA_BLOCK_SIZE;
1550
0
        inbuf  += 16 * CAMELLIA_BLOCK_SIZE;
1551
0
        did_use_aesni_avx = 1;
1552
0
      }
1553
0
  }
1554
1555
0
      if (did_use_aesni_avx)
1556
0
  {
1557
0
    if (burn_stack_depth < avx_burn_stack_depth)
1558
0
      burn_stack_depth = avx_burn_stack_depth;
1559
0
  }
1560
1561
      /* Use generic code to handle smaller chunks... */
1562
0
    }
1563
0
#endif
1564
1565
0
#if defined(USE_PPC_CRYPTO) || defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
1566
  /* Process remaining blocks. */
1567
0
  if (nblocks)
1568
0
    {
1569
0
      byte tmpbuf[CAMELLIA_BLOCK_SIZE * 32];
1570
0
      unsigned int tmp_used = CAMELLIA_BLOCK_SIZE;
1571
0
      size_t nburn;
1572
1573
0
      nburn = bulk_ocb_crypt_128 (c, ctx, encrypt ? camellia_encrypt_blk1_32
1574
0
                                                  : camellia_decrypt_blk1_32,
1575
0
                                  outbuf, inbuf, nblocks, &blkn, encrypt,
1576
0
                                  tmpbuf, sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE,
1577
0
                                  &tmp_used);
1578
0
      burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth;
1579
1580
0
      wipememory(tmpbuf, tmp_used);
1581
0
      nblocks = 0;
1582
0
    }
1583
1584
0
  c->u_mode.ocb.data_nblocks = blkn;
1585
1586
0
  if (burn_stack_depth)
1587
0
    _gcry_burn_stack (burn_stack_depth + 4 * sizeof(void *));
1588
0
#endif
1589
1590
0
  return nblocks;
1591
0
}
1592
1593
/* Bulk authentication of complete blocks in OCB mode. */
1594
static size_t
1595
_gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg,
1596
       size_t nblocks)
1597
0
{
1598
0
#if defined(USE_PPC_CRYPTO) || defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
1599
0
  CAMELLIA_context *ctx = (void *)&c->context.c;
1600
0
  const unsigned char *abuf = abuf_arg;
1601
0
  int burn_stack_depth = 0;
1602
0
  u64 blkn = c->u_mode.ocb.aad_nblocks;
1603
#else
1604
  (void)c;
1605
  (void)abuf_arg;
1606
#endif
1607
1608
0
#ifdef USE_AESNI_AVX2
1609
0
  if (ctx->use_avx2)
1610
0
    {
1611
0
      int did_use_aesni_avx2 = 0;
1612
0
      u64 Ls[32];
1613
0
      u64 *l;
1614
1615
0
      if (nblocks >= 32)
1616
0
  {
1617
0
    typeof (&_gcry_camellia_aesni_avx2_ocb_auth) bulk_auth_fn =
1618
0
        _gcry_camellia_aesni_avx2_ocb_auth;
1619
1620
0
#ifdef USE_VAES_AVX2
1621
0
    if (ctx->use_vaes_avx2)
1622
0
      bulk_auth_fn = _gcry_camellia_vaes_avx2_ocb_auth;
1623
0
#endif
1624
0
#ifdef USE_GFNI_AVX2
1625
0
    if (ctx->use_gfni_avx2)
1626
0
      bulk_auth_fn = _gcry_camellia_gfni_avx2_ocb_auth;
1627
0
#endif
1628
1629
0
          l = bulk_ocb_prepare_L_pointers_array_blk32 (c, Ls, blkn);
1630
1631
    /* Process data in 32 block chunks. */
1632
0
    while (nblocks >= 32)
1633
0
      {
1634
0
        blkn += 32;
1635
0
        *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 32);
1636
1637
0
        bulk_auth_fn (ctx, abuf, c->u_mode.ocb.aad_offset,
1638
0
          c->u_mode.ocb.aad_sum, Ls);
1639
1640
0
        nblocks -= 32;
1641
0
        abuf += 32 * CAMELLIA_BLOCK_SIZE;
1642
0
        did_use_aesni_avx2 = 1;
1643
0
      }
1644
0
  }
1645
1646
0
      if (did_use_aesni_avx2)
1647
0
  {
1648
0
    if (burn_stack_depth < avx2_burn_stack_depth)
1649
0
      burn_stack_depth = avx2_burn_stack_depth;
1650
0
  }
1651
1652
      /* Use generic code to handle smaller chunks... */
1653
0
    }
1654
0
#endif
1655
1656
0
#ifdef USE_AESNI_AVX
1657
0
  if (ctx->use_aesni_avx)
1658
0
    {
1659
0
      int did_use_aesni_avx = 0;
1660
0
      u64 Ls[16];
1661
0
      u64 *l;
1662
1663
0
      if (nblocks >= 16)
1664
0
  {
1665
0
          l = bulk_ocb_prepare_L_pointers_array_blk16 (c, Ls, blkn);
1666
1667
    /* Process data in 16 block chunks. */
1668
0
    while (nblocks >= 16)
1669
0
      {
1670
0
        blkn += 16;
1671
0
        *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 16);
1672
1673
0
        _gcry_camellia_aesni_avx_ocb_auth(ctx, abuf,
1674
0
            c->u_mode.ocb.aad_offset,
1675
0
            c->u_mode.ocb.aad_sum, Ls);
1676
1677
0
        nblocks -= 16;
1678
0
        abuf += 16 * CAMELLIA_BLOCK_SIZE;
1679
0
        did_use_aesni_avx = 1;
1680
0
      }
1681
0
  }
1682
1683
0
      if (did_use_aesni_avx)
1684
0
  {
1685
0
    if (burn_stack_depth < avx_burn_stack_depth)
1686
0
      burn_stack_depth = avx_burn_stack_depth;
1687
0
  }
1688
1689
      /* Use generic code to handle smaller chunks... */
1690
0
    }
1691
0
#endif
1692
1693
0
#if defined(USE_PPC_CRYPTO) || defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2)
1694
  /* Process remaining blocks. */
1695
0
  if (nblocks)
1696
0
    {
1697
0
      byte tmpbuf[CAMELLIA_BLOCK_SIZE * 32];
1698
0
      unsigned int tmp_used = CAMELLIA_BLOCK_SIZE;
1699
0
      size_t nburn;
1700
1701
0
      nburn = bulk_ocb_auth_128 (c, ctx, camellia_encrypt_blk1_32,
1702
0
                                 abuf, nblocks, &blkn, tmpbuf,
1703
0
                                 sizeof(tmpbuf) / CAMELLIA_BLOCK_SIZE,
1704
0
                                 &tmp_used);
1705
0
      burn_stack_depth = nburn > burn_stack_depth ? nburn : burn_stack_depth;
1706
1707
0
      wipememory(tmpbuf, tmp_used);
1708
0
      nblocks = 0;
1709
0
    }
1710
1711
0
  c->u_mode.ocb.aad_nblocks = blkn;
1712
1713
0
  if (burn_stack_depth)
1714
0
    _gcry_burn_stack (burn_stack_depth + 4 * sizeof(void *));
1715
0
#endif
1716
1717
0
  return nblocks;
1718
0
}
1719
1720
1721
static const char *
1722
selftest(void)
1723
5
{
1724
5
  CAMELLIA_context ctx;
1725
5
  byte scratch[16];
1726
5
  cipher_bulk_ops_t bulk_ops;
1727
1728
  /* These test vectors are from RFC-3713 */
1729
5
  static const byte plaintext[]=
1730
5
    {
1731
5
      0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
1732
5
      0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10
1733
5
    };
1734
5
  static const byte key_128[]=
1735
5
    {
1736
5
      0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
1737
5
      0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10
1738
5
    };
1739
5
  static const byte ciphertext_128[]=
1740
5
    {
1741
5
      0x67,0x67,0x31,0x38,0x54,0x96,0x69,0x73,
1742
5
      0x08,0x57,0x06,0x56,0x48,0xea,0xbe,0x43
1743
5
    };
1744
5
  static const byte key_192[]=
1745
5
    {
1746
5
      0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,
1747
5
      0x76,0x54,0x32,0x10,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77
1748
5
    };
1749
5
  static const byte ciphertext_192[]=
1750
5
    {
1751
5
      0xb4,0x99,0x34,0x01,0xb3,0xe9,0x96,0xf8,
1752
5
      0x4e,0xe5,0xce,0xe7,0xd7,0x9b,0x09,0xb9
1753
5
    };
1754
5
  static const byte key_256[]=
1755
5
    {
1756
5
      0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,
1757
5
      0x98,0x76,0x54,0x32,0x10,0x00,0x11,0x22,0x33,0x44,0x55,
1758
5
      0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff
1759
5
    };
1760
5
  static const byte ciphertext_256[]=
1761
5
    {
1762
5
      0x9a,0xcc,0x23,0x7d,0xff,0x16,0xd7,0x6c,
1763
5
      0x20,0xef,0x7c,0x91,0x9e,0x3a,0x75,0x09
1764
5
    };
1765
1766
5
  camellia_setkey(&ctx,key_128,sizeof(key_128),&bulk_ops);
1767
5
  camellia_encrypt(&ctx,scratch,plaintext);
1768
5
  if(memcmp(scratch,ciphertext_128,sizeof(ciphertext_128))!=0)
1769
0
    return "CAMELLIA-128 test encryption failed.";
1770
5
  camellia_decrypt(&ctx,scratch,scratch);
1771
5
  if(memcmp(scratch,plaintext,sizeof(plaintext))!=0)
1772
0
    return "CAMELLIA-128 test decryption failed.";
1773
1774
5
  camellia_setkey(&ctx,key_192,sizeof(key_192),&bulk_ops);
1775
5
  camellia_encrypt(&ctx,scratch,plaintext);
1776
5
  if(memcmp(scratch,ciphertext_192,sizeof(ciphertext_192))!=0)
1777
0
    return "CAMELLIA-192 test encryption failed.";
1778
5
  camellia_decrypt(&ctx,scratch,scratch);
1779
5
  if(memcmp(scratch,plaintext,sizeof(plaintext))!=0)
1780
0
    return "CAMELLIA-192 test decryption failed.";
1781
1782
5
  camellia_setkey(&ctx,key_256,sizeof(key_256),&bulk_ops);
1783
5
  camellia_encrypt(&ctx,scratch,plaintext);
1784
5
  if(memcmp(scratch,ciphertext_256,sizeof(ciphertext_256))!=0)
1785
0
    return "CAMELLIA-256 test encryption failed.";
1786
5
  camellia_decrypt(&ctx,scratch,scratch);
1787
5
  if(memcmp(scratch,plaintext,sizeof(plaintext))!=0)
1788
0
    return "CAMELLIA-256 test decryption failed.";
1789
1790
5
  return NULL;
1791
5
}
1792
1793
/* These oids are from
1794
   <http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications_oid.html>,
1795
   retrieved May 1, 2007. */
1796
1797
static const gcry_cipher_oid_spec_t camellia128_oids[] =
1798
  {
1799
    {"1.2.392.200011.61.1.1.1.2", GCRY_CIPHER_MODE_CBC},
1800
    {"0.3.4401.5.3.1.9.1", GCRY_CIPHER_MODE_ECB},
1801
    {"0.3.4401.5.3.1.9.3", GCRY_CIPHER_MODE_OFB},
1802
    {"0.3.4401.5.3.1.9.4", GCRY_CIPHER_MODE_CFB},
1803
    { NULL }
1804
  };
1805
1806
static const gcry_cipher_oid_spec_t camellia192_oids[] =
1807
  {
1808
    {"1.2.392.200011.61.1.1.1.3", GCRY_CIPHER_MODE_CBC},
1809
    {"0.3.4401.5.3.1.9.21", GCRY_CIPHER_MODE_ECB},
1810
    {"0.3.4401.5.3.1.9.23", GCRY_CIPHER_MODE_OFB},
1811
    {"0.3.4401.5.3.1.9.24", GCRY_CIPHER_MODE_CFB},
1812
    { NULL }
1813
  };
1814
1815
static const gcry_cipher_oid_spec_t camellia256_oids[] =
1816
  {
1817
    {"1.2.392.200011.61.1.1.1.4", GCRY_CIPHER_MODE_CBC},
1818
    {"0.3.4401.5.3.1.9.41", GCRY_CIPHER_MODE_ECB},
1819
    {"0.3.4401.5.3.1.9.43", GCRY_CIPHER_MODE_OFB},
1820
    {"0.3.4401.5.3.1.9.44", GCRY_CIPHER_MODE_CFB},
1821
    { NULL }
1822
  };
1823
1824
gcry_cipher_spec_t _gcry_cipher_spec_camellia128 =
1825
  {
1826
    GCRY_CIPHER_CAMELLIA128, {0, 0},
1827
    "CAMELLIA128",NULL,camellia128_oids,CAMELLIA_BLOCK_SIZE,128,
1828
    sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
1829
  };
1830
1831
gcry_cipher_spec_t _gcry_cipher_spec_camellia192 =
1832
  {
1833
    GCRY_CIPHER_CAMELLIA192, {0, 0},
1834
    "CAMELLIA192",NULL,camellia192_oids,CAMELLIA_BLOCK_SIZE,192,
1835
    sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
1836
  };
1837
1838
gcry_cipher_spec_t _gcry_cipher_spec_camellia256 =
1839
  {
1840
    GCRY_CIPHER_CAMELLIA256, {0, 0},
1841
    "CAMELLIA256",NULL,camellia256_oids,CAMELLIA_BLOCK_SIZE,256,
1842
    sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
1843
  };