/src/openssl/providers/implementations/ciphers/cipher_aes_hw.c

Source (jump to first uncovered line)
/*
 * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * This file uses the low level AES functions (which are deprecated for
 * non-internal use) in order to implement provider AES ciphers.
 */
#include "internal/deprecated.h"

#include <openssl/proverr.h>
#include "cipher_aes.h"

static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
                                 const unsigned char *key, size_t keylen)
{
    int ret;
    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
    AES_KEY *ks = &adat->ks.ks;

    dat->ks = ks;

    if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
        && !dat->enc) {
#ifdef HWAES_CAPABLE
        if (HWAES_CAPABLE) {
            ret = HWAES_set_decrypt_key(key, keylen * 8, ks);
            dat->block = (block128_f)HWAES_decrypt;
            dat->stream.cbc = NULL;
# ifdef HWAES_cbc_encrypt
            if (dat->mode == EVP_CIPH_CBC_MODE)
                dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
# endif
# ifdef HWAES_ecb_encrypt
            if (dat->mode == EVP_CIPH_ECB_MODE)
                dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
# endif
        } else
#endif
#ifdef BSAES_CAPABLE
        if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) {
            ret = AES_set_decrypt_key(key, keylen * 8, ks);
            dat->block = (block128_f)AES_decrypt;
            dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt;
        } else
#endif
#ifdef VPAES_CAPABLE
        if (VPAES_CAPABLE) {
            ret = vpaes_set_decrypt_key(key, keylen * 8, ks);
            dat->block = (block128_f)vpaes_decrypt;
            dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                              ?(cbc128_f)vpaes_cbc_encrypt : NULL;
        } else
#endif
        {
            ret = AES_set_decrypt_key(key, keylen * 8, ks);
            dat->block = (block128_f)AES_decrypt;
            dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                              ? (cbc128_f)AES_cbc_encrypt : NULL;
        }
    } else
#ifdef HWAES_CAPABLE
    if (HWAES_CAPABLE) {
        ret = HWAES_set_encrypt_key(key, keylen * 8, ks);
        dat->block = (block128_f)HWAES_encrypt;
        dat->stream.cbc = NULL;
# ifdef HWAES_cbc_encrypt
        if (dat->mode == EVP_CIPH_CBC_MODE)
            dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
        else
# endif
# ifdef HWAES_ecb_encrypt
        if (dat->mode == EVP_CIPH_ECB_MODE)
            dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
        else
# endif
# ifdef HWAES_ctr32_encrypt_blocks
        if (dat->mode == EVP_CIPH_CTR_MODE)
            dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
        else
# endif
            (void)0;            /* terminate potentially open 'else' */
    } else
#endif
#ifdef BSAES_CAPABLE
    if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) {
        ret = AES_set_encrypt_key(key, keylen * 8, ks);
        dat->block = (block128_f)AES_encrypt;
        dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks;
    } else
#endif
#ifdef VPAES_CAPABLE
    if (VPAES_CAPABLE) {
        ret = vpaes_set_encrypt_key(key, keylen * 8, ks);
        dat->block = (block128_f)vpaes_encrypt;
        dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                          ? (cbc128_f)vpaes_cbc_encrypt : NULL;
    } else
#endif
    {
        ret = AES_set_encrypt_key(key, keylen * 8, ks);
        dat->block = (block128_f)AES_encrypt;
        dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                          ? (cbc128_f)AES_cbc_encrypt : NULL;
#ifdef AES_CTR_ASM
        if (dat->mode == EVP_CIPH_CTR_MODE)
            dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
#endif
    }

    if (ret < 0) {
        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
        return 0;
    }

    return 1;
}

IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_aes_copyctx, PROV_AES_CTX)

#define PROV_CIPHER_HW_aes_mode(mode)                                          \
static const PROV_CIPHER_HW aes_##mode = {                                     \
    cipher_hw_aes_initkey,                                                     \
    ossl_cipher_hw_generic_##mode,                                             \
    cipher_hw_aes_copyctx                                                      \
};                                                                             \
PROV_CIPHER_HW_declare(mode)                                                   \
const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits)           \
{                                                                              \
    PROV_CIPHER_HW_select(mode)                                                \
    return &aes_##mode;                                                        \
}

#if defined(AESNI_CAPABLE)
# include "cipher_aes_hw_aesni.inc"
#elif defined(SPARC_AES_CAPABLE)
# include "cipher_aes_hw_t4.inc"
#elif defined(S390X_aes_128_CAPABLE)
# include "cipher_aes_hw_s390x.inc"
#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
# include "cipher_aes_hw_rv64i.inc"
#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
# include "cipher_aes_hw_rv32i.inc"
#elif defined (ARMv8_HWAES_CAPABLE)
# include "cipher_aes_hw_armv8.inc"
#else
/* The generic case */
# define PROV_CIPHER_HW_declare(mode)
# define PROV_CIPHER_HW_select(mode)
#endif

PROV_CIPHER_HW_aes_mode(cbc)
PROV_CIPHER_HW_aes_mode(ecb)
PROV_CIPHER_HW_aes_mode(ofb128)
PROV_CIPHER_HW_aes_mode(cfb128)
PROV_CIPHER_HW_aes_mode(cfb1)
PROV_CIPHER_HW_aes_mode(cfb8)
PROV_CIPHER_HW_aes_mode(ctr)

Coverage Report

Created: 2025-06-22 06:56

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/*
11		* This file uses the low level AES functions (which are deprecated for
12		* non-internal use) in order to implement provider AES ciphers.
13		*/
14		#include "internal/deprecated.h"
15
16		#include <openssl/proverr.h>
17		#include "cipher_aes.h"
18
19		static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
20		const unsigned char *key, size_t keylen)
21	0	{
22	0	int ret;
23	0	PROV_AES_CTX adat = (PROV_AES_CTX )dat;
24	0	AES_KEY *ks = &adat->ks.ks;
25
26	0	dat->ks = ks;
27
28	0	if ((dat->mode == EVP_CIPH_ECB_MODE \|\| dat->mode == EVP_CIPH_CBC_MODE)
29	0	&& !dat->enc) {
30		#ifdef HWAES_CAPABLE
31		if (HWAES_CAPABLE) {
32		ret = HWAES_set_decrypt_key(key, keylen * 8, ks);
33		dat->block = (block128_f)HWAES_decrypt;
34		dat->stream.cbc = NULL;
35		# ifdef HWAES_cbc_encrypt
36		if (dat->mode == EVP_CIPH_CBC_MODE)
37		dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
38		# endif
39		# ifdef HWAES_ecb_encrypt
40		if (dat->mode == EVP_CIPH_ECB_MODE)
41		dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
42		# endif
43		} else
44		#endif
45		#ifdef BSAES_CAPABLE
46		if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) {
47		ret = AES_set_decrypt_key(key, keylen * 8, ks);
48		dat->block = (block128_f)AES_decrypt;
49		dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt;
50		} else
51		#endif
52		#ifdef VPAES_CAPABLE
53		if (VPAES_CAPABLE) {
54		ret = vpaes_set_decrypt_key(key, keylen * 8, ks);
55		dat->block = (block128_f)vpaes_decrypt;
56		dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
57		?(cbc128_f)vpaes_cbc_encrypt : NULL;
58		} else
59		#endif
60	0	{
61	0	ret = AES_set_decrypt_key(key, keylen * 8, ks);
62	0	dat->block = (block128_f)AES_decrypt;
63	0	dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
64	0	? (cbc128_f)AES_cbc_encrypt : NULL;
65	0	}
66	0	} else
67		#ifdef HWAES_CAPABLE
68		if (HWAES_CAPABLE) {
69		ret = HWAES_set_encrypt_key(key, keylen * 8, ks);
70		dat->block = (block128_f)HWAES_encrypt;
71		dat->stream.cbc = NULL;
72		# ifdef HWAES_cbc_encrypt
73		if (dat->mode == EVP_CIPH_CBC_MODE)
74		dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
75		else
76		# endif
77		# ifdef HWAES_ecb_encrypt
78		if (dat->mode == EVP_CIPH_ECB_MODE)
79		dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
80		else
81		# endif
82		# ifdef HWAES_ctr32_encrypt_blocks
83		if (dat->mode == EVP_CIPH_CTR_MODE)
84		dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
85		else
86		# endif
87		(void)0; /* terminate potentially open 'else' */
88		} else
89		#endif
90		#ifdef BSAES_CAPABLE
91		if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) {
92		ret = AES_set_encrypt_key(key, keylen * 8, ks);
93		dat->block = (block128_f)AES_encrypt;
94		dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks;
95		} else
96		#endif
97		#ifdef VPAES_CAPABLE
98		if (VPAES_CAPABLE) {
99		ret = vpaes_set_encrypt_key(key, keylen * 8, ks);
100		dat->block = (block128_f)vpaes_encrypt;
101		dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
102		? (cbc128_f)vpaes_cbc_encrypt : NULL;
103		} else
104		#endif
105	0	{
106	0	ret = AES_set_encrypt_key(key, keylen * 8, ks);
107	0	dat->block = (block128_f)AES_encrypt;
108	0	dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
109	0	? (cbc128_f)AES_cbc_encrypt : NULL;
110		#ifdef AES_CTR_ASM
111		if (dat->mode == EVP_CIPH_CTR_MODE)
112		dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
113		#endif
114	0	}
115
116	0	if (ret < 0) {
117	0	ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
118	0	return 0;
119	0	}
120
121	0	return 1;
122	0	}
123
124		IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_aes_copyctx, PROV_AES_CTX)
125
126		#define PROV_CIPHER_HW_aes_mode(mode) \
127		static const PROV_CIPHER_HW aes_##mode = { \
128		cipher_hw_aes_initkey, \
129		ossl_cipher_hw_generic_##mode, \
130		cipher_hw_aes_copyctx \
131		}; \
132		PROV_CIPHER_HW_declare(mode) \
133	0	const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits) \
134	0	{ \
135	0	PROV_CIPHER_HW_select(mode) \
136	0	return &aes_##mode; \
137	0	} Unexecuted instantiation: ossl_prov_cipher_hw_aes_cbc Unexecuted instantiation: ossl_prov_cipher_hw_aes_ecb Unexecuted instantiation: ossl_prov_cipher_hw_aes_ofb128 Unexecuted instantiation: ossl_prov_cipher_hw_aes_cfb128 Unexecuted instantiation: ossl_prov_cipher_hw_aes_cfb1 Unexecuted instantiation: ossl_prov_cipher_hw_aes_cfb8 Unexecuted instantiation: ossl_prov_cipher_hw_aes_ctr
138
139		#if defined(AESNI_CAPABLE)
140		# include "cipher_aes_hw_aesni.inc"
141		#elif defined(SPARC_AES_CAPABLE)
142		# include "cipher_aes_hw_t4.inc"
143		#elif defined(S390X_aes_128_CAPABLE)
144		# include "cipher_aes_hw_s390x.inc"
145		#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
146		# include "cipher_aes_hw_rv64i.inc"
147		#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
148		# include "cipher_aes_hw_rv32i.inc"
149		#elif defined (ARMv8_HWAES_CAPABLE)
150		# include "cipher_aes_hw_armv8.inc"
151		#else
152		/* The generic case */
153		# define PROV_CIPHER_HW_declare(mode)
154		# define PROV_CIPHER_HW_select(mode)
155		#endif
156
157		PROV_CIPHER_HW_aes_mode(cbc)
158		PROV_CIPHER_HW_aes_mode(ecb)
159		PROV_CIPHER_HW_aes_mode(ofb128)
160		PROV_CIPHER_HW_aes_mode(cfb128)
161		PROV_CIPHER_HW_aes_mode(cfb1)
162		PROV_CIPHER_HW_aes_mode(cfb8)
163		PROV_CIPHER_HW_aes_mode(ctr)