Coverage Report

Created: 2024-06-20 06:28

/src/gnutls/lib/accelerated/x86/aes-gcm-padlock.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3
 *
4
 * Author: Nikos Mavrogiannopoulos
5
 *
6
 * This file is part of GnuTLS.
7
 *
8
 * The GnuTLS is free software; you can redistribute it and/or
9
 * modify it under the terms of the GNU Lesser General Public License
10
 * as published by the Free Software Foundation; either version 2.1 of
11
 * the License, or (at your option) any later version.
12
 *
13
 * This library is distributed in the hope that it will be useful, but
14
 * WITHOUT ANY WARRANTY; without even the implied warranty of
15
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16
 * Lesser General Public License for more details.
17
 *
18
 * You should have received a copy of the GNU Lesser General Public License
19
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
20
 *
21
 */
22
23
/*
24
 * The following code is an implementation of the AES-128-GCM cipher
25
 */
26
27
#include "errors.h"
28
#include "gnutls_int.h"
29
30
#ifdef HAVE_LIBNETTLE
31
32
#include <gnutls/crypto.h>
33
#include "errors.h"
34
#include "aes-x86.h"
35
#include "x86-common.h"
36
#include <byteswap.h>
37
#include <nettle/gcm.h>
38
#include "aes-padlock.h"
39
40
0
#define GCM_BLOCK_SIZE 16
41
42
/* GCM mode 
43
 * Actually padlock doesn't include GCM mode. We just use
44
 * the ECB part of padlock and nettle for everything else.
45
 */
46
struct gcm_padlock_aes_ctx {
47
  struct GCM_CTX(struct padlock_ctx) inner;
48
  size_t rekey_counter;
49
};
50
51
static void padlock_aes_encrypt(const void *_ctx, size_t length, uint8_t *dst,
52
        const uint8_t *src)
53
0
{
54
0
  struct padlock_ctx *ctx = (void *)_ctx;
55
0
  struct padlock_cipher_data *pce;
56
57
0
  pce = ALIGN16(&ctx->expanded_key);
58
59
0
  if (length > 0)
60
0
    padlock_ecb_encrypt(dst, src, pce, length);
61
0
}
62
63
static void padlock_aes128_set_encrypt_key(struct padlock_ctx *_ctx,
64
             const uint8_t *key)
65
0
{
66
0
  struct padlock_ctx *ctx = _ctx;
67
0
  ctx->enc = 1;
68
69
0
  padlock_aes_cipher_setkey(_ctx, key, 16);
70
0
}
71
72
static void padlock_aes256_set_encrypt_key(struct padlock_ctx *_ctx,
73
             const uint8_t *key)
74
0
{
75
0
  struct padlock_ctx *ctx = _ctx;
76
0
  ctx->enc = 1;
77
78
0
  padlock_aes_cipher_setkey(_ctx, key, 32);
79
0
}
80
81
static void aes_gcm_deinit(void *_ctx)
82
0
{
83
0
  struct gcm_padlock_aes_ctx *ctx = _ctx;
84
85
0
  zeroize_temp_key(ctx, sizeof(*ctx));
86
0
  gnutls_free(ctx);
87
0
}
88
89
static int aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
90
             int enc)
91
0
{
92
  /* we use key size to distinguish */
93
0
  if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
94
0
      algorithm != GNUTLS_CIPHER_AES_256_GCM)
95
0
    return GNUTLS_E_INVALID_REQUEST;
96
97
0
  *_ctx = gnutls_calloc(1, sizeof(struct gcm_padlock_aes_ctx));
98
0
  if (*_ctx == NULL) {
99
0
    gnutls_assert();
100
0
    return GNUTLS_E_MEMORY_ERROR;
101
0
  }
102
103
0
  return 0;
104
0
}
105
106
static int aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t keysize)
107
0
{
108
0
  struct gcm_padlock_aes_ctx *ctx = _ctx;
109
110
0
  if (keysize == 16) {
111
0
    GCM_SET_KEY(&ctx->inner, padlock_aes128_set_encrypt_key,
112
0
          padlock_aes_encrypt, key);
113
0
  } else if (keysize == 32) {
114
0
    GCM_SET_KEY(&ctx->inner, padlock_aes256_set_encrypt_key,
115
0
          padlock_aes_encrypt, key);
116
0
  } else
117
0
    return GNUTLS_E_INVALID_REQUEST;
118
119
0
  ctx->rekey_counter = 0;
120
0
  return 0;
121
0
}
122
123
static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
124
0
{
125
0
  struct gcm_padlock_aes_ctx *ctx = _ctx;
126
127
0
  if (iv_size != GCM_BLOCK_SIZE - 4)
128
0
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
129
130
0
  GCM_SET_IV(&ctx->inner, iv_size, iv);
131
132
0
  ctx->rekey_counter = 0;
133
0
  return 0;
134
0
}
135
136
static int aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
137
         void *dst, size_t length)
138
0
{
139
0
  struct gcm_padlock_aes_ctx *ctx = _ctx;
140
0
  int ret;
141
142
0
  if (unlikely(length < src_size))
143
0
    return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
144
145
0
  ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size);
146
0
  if (ret < 0) {
147
0
    return gnutls_assert_val(ret);
148
0
  }
149
150
0
  GCM_ENCRYPT(&ctx->inner, padlock_aes_encrypt, src_size, dst, src);
151
152
0
  return 0;
153
0
}
154
155
static int aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
156
         void *dst, size_t dst_size)
157
0
{
158
0
  struct gcm_padlock_aes_ctx *ctx = _ctx;
159
160
0
  if (unlikely(dst_size < src_size))
161
0
    return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
162
163
0
  GCM_DECRYPT(&ctx->inner, padlock_aes_encrypt, src_size, dst, src);
164
0
  return 0;
165
0
}
166
167
static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
168
0
{
169
0
  struct gcm_padlock_aes_ctx *ctx = _ctx;
170
171
0
  GCM_UPDATE(&ctx->inner, src_size, src);
172
173
0
  return 0;
174
0
}
175
176
static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
177
0
{
178
0
  struct gcm_padlock_aes_ctx *ctx = _ctx;
179
180
0
  GCM_DIGEST(&ctx->inner, padlock_aes_encrypt, tagsize, tag);
181
0
}
182
183
#include "aes-gcm-aead.h"
184
185
const gnutls_crypto_cipher_st _gnutls_aes_gcm_padlock = {
186
  .init = aes_gcm_cipher_init,
187
  .setkey = aes_gcm_cipher_setkey,
188
  .setiv = aes_gcm_setiv,
189
  .encrypt = aes_gcm_encrypt,
190
  .decrypt = aes_gcm_decrypt,
191
  .aead_encrypt = aes_gcm_aead_encrypt,
192
  .aead_decrypt = aes_gcm_aead_decrypt,
193
  .deinit = aes_gcm_deinit,
194
  .tag = aes_gcm_tag,
195
  .auth = aes_gcm_auth,
196
};
197
198
#endif