Coverage Report

Created: 2024-06-20 06:28

/src/gnutls/lib/accelerated/x86/aes-gcm-x86-ssse3.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3
 * Copyright (C) 2018 Red Hat, Inc.
4
 *
5
 * Author: Nikos Mavrogiannopoulos
6
 *
7
 * This file is part of GnuTLS.
8
 *
9
 * The GnuTLS is free software; you can redistribute it and/or
10
 * modify it under the terms of the GNU Lesser General Public License
11
 * as published by the Free Software Foundation; either version 2.1 of
12
 * the License, or (at your option) any later version.
13
 *
14
 * This library is distributed in the hope that it will be useful, but
15
 * WITHOUT ANY WARRANTY; without even the implied warranty of
16
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17
 * Lesser General Public License for more details.
18
 *
19
 * You should have received a copy of the GNU Lesser General Public License
20
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
21
 *
22
 */
23
24
/*
25
 * The following code is an implementation of the AES-128-GCM cipher
26
 */
27
28
#include "errors.h"
29
#include "gnutls_int.h"
30
31
#ifdef HAVE_LIBNETTLE
32
33
#include <gnutls/crypto.h>
34
#include "errors.h"
35
#include "aes-x86.h"
36
#include "x86-common.h"
37
#include <byteswap.h>
38
#include <nettle/gcm.h>
39
#include <assert.h>
40
41
/* GCM mode 
42
 * It is used when the CPU doesn't include the PCLMUL instructions.
43
 */
44
struct gcm_x86_aes_ctx {
45
  struct GCM_CTX(AES_KEY) inner;
46
  size_t rekey_counter;
47
};
48
49
static void x86_aes_encrypt(const void *_ctx, size_t length, uint8_t *dst,
50
          const uint8_t *src)
51
0
{
52
0
  AES_KEY *ctx = (void *)_ctx;
53
0
  unsigned i;
54
0
  unsigned blocks = (length + 15) / 16;
55
56
0
  assert(blocks * 16 == length);
57
58
0
  for (i = 0; i < blocks; i++) {
59
0
    vpaes_encrypt(src, dst, ctx);
60
0
    dst += 16;
61
0
    src += 16;
62
0
  }
63
0
}
64
65
static void x86_aes_128_set_encrypt_key(void *_ctx, const uint8_t *key)
66
0
{
67
0
  AES_KEY *ctx = _ctx;
68
69
0
  vpaes_set_encrypt_key(key, 16 * 8, ctx);
70
0
}
71
72
static void x86_aes_192_set_encrypt_key(void *_ctx, const uint8_t *key)
73
0
{
74
0
  AES_KEY *ctx = _ctx;
75
76
0
  vpaes_set_encrypt_key(key, 24 * 8, ctx);
77
0
}
78
79
static void x86_aes_256_set_encrypt_key(void *_ctx, const uint8_t *key)
80
0
{
81
0
  AES_KEY *ctx = _ctx;
82
83
0
  vpaes_set_encrypt_key(key, 32 * 8, ctx);
84
0
}
85
86
static int aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
87
             int enc)
88
0
{
89
  /* we use key size to distinguish */
90
0
  if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
91
0
      algorithm != GNUTLS_CIPHER_AES_192_GCM &&
92
0
      algorithm != GNUTLS_CIPHER_AES_256_GCM)
93
0
    return GNUTLS_E_INVALID_REQUEST;
94
95
0
  *_ctx = gnutls_calloc(1, sizeof(struct gcm_x86_aes_ctx));
96
0
  if (*_ctx == NULL) {
97
0
    gnutls_assert();
98
0
    return GNUTLS_E_MEMORY_ERROR;
99
0
  }
100
101
0
  return 0;
102
0
}
103
104
static int aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t keysize)
105
0
{
106
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
107
108
0
  if (keysize == 16) {
109
0
    GCM_SET_KEY(&ctx->inner, x86_aes_128_set_encrypt_key,
110
0
          x86_aes_encrypt, key);
111
0
  } else if (keysize == 24) {
112
0
    GCM_SET_KEY(&ctx->inner, x86_aes_192_set_encrypt_key,
113
0
          x86_aes_encrypt, key);
114
0
  } else if (keysize == 32) {
115
0
    GCM_SET_KEY(&ctx->inner, x86_aes_256_set_encrypt_key,
116
0
          x86_aes_encrypt, key);
117
0
  } else
118
0
    return GNUTLS_E_INVALID_REQUEST;
119
120
0
  ctx->rekey_counter = 0;
121
0
  return 0;
122
0
}
123
124
static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
125
0
{
126
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
127
128
0
  if (iv_size != GCM_BLOCK_SIZE - 4)
129
0
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
130
131
0
  GCM_SET_IV(&ctx->inner, iv_size, iv);
132
133
0
  ctx->rekey_counter = 0;
134
0
  return 0;
135
0
}
136
137
static int aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
138
         void *dst, size_t length)
139
0
{
140
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
141
0
  int ret;
142
143
0
  if (unlikely(length < src_size))
144
0
    return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
145
146
0
  ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size);
147
0
  if (ret < 0) {
148
0
    return gnutls_assert_val(ret);
149
0
  }
150
151
0
  GCM_ENCRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src);
152
153
0
  return 0;
154
0
}
155
156
static int aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
157
         void *dst, size_t dst_size)
158
0
{
159
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
160
161
0
  if (unlikely(dst_size < src_size))
162
0
    return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
163
164
0
  GCM_DECRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src);
165
0
  return 0;
166
0
}
167
168
static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
169
0
{
170
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
171
172
0
  GCM_UPDATE(&ctx->inner, src_size, src);
173
174
0
  return 0;
175
0
}
176
177
static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
178
0
{
179
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
180
181
0
  GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tagsize, tag);
182
0
}
183
184
static void aes_gcm_deinit(void *_ctx)
185
0
{
186
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
187
188
0
  zeroize_temp_key(ctx, sizeof(*ctx));
189
0
  gnutls_free(ctx);
190
0
}
191
192
#include "aes-gcm-aead.h"
193
194
const gnutls_crypto_cipher_st _gnutls_aes_gcm_x86_ssse3 = {
195
  .init = aes_gcm_cipher_init,
196
  .setkey = aes_gcm_cipher_setkey,
197
  .setiv = aes_gcm_setiv,
198
  .aead_encrypt = aes_gcm_aead_encrypt,
199
  .aead_decrypt = aes_gcm_aead_decrypt,
200
  .encrypt = aes_gcm_encrypt,
201
  .decrypt = aes_gcm_decrypt,
202
  .deinit = aes_gcm_deinit,
203
  .tag = aes_gcm_tag,
204
  .auth = aes_gcm_auth,
205
};
206
207
#endif