Coverage Report

Created: 2023-03-26 08:33

/src/gnutls/lib/accelerated/x86/aes-gcm-x86-aesni.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3
 *
4
 * Author: Nikos Mavrogiannopoulos
5
 *
6
 * This file is part of GnuTLS.
7
 *
8
 * The GnuTLS is free software; you can redistribute it and/or
9
 * modify it under the terms of the GNU Lesser General Public License
10
 * as published by the Free Software Foundation; either version 2.1 of
11
 * the License, or (at your option) any later version.
12
 *
13
 * This library is distributed in the hope that it will be useful, but
14
 * WITHOUT ANY WARRANTY; without even the implied warranty of
15
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16
 * Lesser General Public License for more details.
17
 *
18
 * You should have received a copy of the GNU Lesser General Public License
19
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
20
 *
21
 */
22
23
/*
24
 * The following code is an implementation of the AES-128-GCM cipher
25
 * using AESNI (without PCLMUL)
26
 */
27
28
#include "errors.h"
29
#include "gnutls_int.h"
30
31
#ifdef HAVE_LIBNETTLE
32
33
# include <gnutls/crypto.h>
34
# include "errors.h"
35
# include <aes-x86.h>
36
# include <x86-common.h>
37
# include <byteswap.h>
38
# include <nettle/gcm.h>
39
40
/* GCM mode 
41
 * It is used when the CPU doesn't include the PCLMUL instructions.
42
 */
43
struct gcm_x86_aes_ctx {
44
  struct GCM_CTX (AES_KEY) inner;
45
  size_t rekey_counter;
46
};
47
48
static void x86_aes_encrypt(const void *_ctx,
49
          size_t length, uint8_t * dst, const uint8_t * src)
50
0
{
51
0
  AES_KEY *ctx = (void *)_ctx;
52
53
0
  aesni_ecb_encrypt(src, dst, length, ctx, 1);
54
0
}
55
56
static void x86_aes128_set_encrypt_key(void *_ctx, const uint8_t * key)
57
0
{
58
0
  AES_KEY *ctx = _ctx;
59
60
0
  aesni_set_encrypt_key(key, 16 * 8, ctx);
61
0
}
62
63
static void x86_aes192_set_encrypt_key(void *_ctx, const uint8_t * key)
64
0
{
65
0
  AES_KEY *ctx = _ctx;
66
67
0
  aesni_set_encrypt_key(key, 24 * 8, ctx);
68
0
}
69
70
static void x86_aes256_set_encrypt_key(void *_ctx, const uint8_t * key)
71
0
{
72
0
  AES_KEY *ctx = _ctx;
73
74
0
  aesni_set_encrypt_key(key, 32 * 8, ctx);
75
0
}
76
77
static int
78
aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
79
0
{
80
  /* we use key size to distinguish */
81
0
  if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
82
0
      algorithm != GNUTLS_CIPHER_AES_192_GCM &&
83
0
      algorithm != GNUTLS_CIPHER_AES_256_GCM)
84
0
    return GNUTLS_E_INVALID_REQUEST;
85
86
0
  *_ctx = gnutls_calloc(1, sizeof(struct gcm_x86_aes_ctx));
87
0
  if (*_ctx == NULL) {
88
0
    gnutls_assert();
89
0
    return GNUTLS_E_MEMORY_ERROR;
90
0
  }
91
92
0
  return 0;
93
0
}
94
95
static int aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t length)
96
0
{
97
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
98
99
0
  if (length == 16) {
100
0
    GCM_SET_KEY(&ctx->inner, x86_aes128_set_encrypt_key,
101
0
          x86_aes_encrypt, key);
102
0
  } else if (length == 24) {
103
0
    GCM_SET_KEY(&ctx->inner, x86_aes192_set_encrypt_key,
104
0
          x86_aes_encrypt, key);
105
0
  } else if (length == 32) {
106
0
    GCM_SET_KEY(&ctx->inner, x86_aes256_set_encrypt_key,
107
0
          x86_aes_encrypt, key);
108
0
  } else
109
0
    return GNUTLS_E_INVALID_REQUEST;
110
111
0
  ctx->rekey_counter = 0;
112
0
  return 0;
113
0
}
114
115
static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
116
0
{
117
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
118
119
0
  if (iv_size != GCM_BLOCK_SIZE - 4)
120
0
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
121
122
0
  GCM_SET_IV(&ctx->inner, iv_size, iv);
123
124
0
  ctx->rekey_counter = 0;
125
0
  return 0;
126
0
}
127
128
static int
129
aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
130
    void *dst, size_t length)
131
0
{
132
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
133
0
  int ret;
134
135
0
  if (unlikely(length < src_size))
136
0
    return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
137
138
0
  ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size);
139
0
  if (ret < 0) {
140
0
    return gnutls_assert_val(ret);
141
0
  }
142
143
0
  GCM_ENCRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src);
144
145
0
  return 0;
146
0
}
147
148
static int
149
aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
150
    void *dst, size_t dst_size)
151
0
{
152
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
153
154
0
  if (unlikely(dst_size < src_size))
155
0
    return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
156
157
0
  GCM_DECRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src);
158
0
  return 0;
159
0
}
160
161
static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
162
0
{
163
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
164
165
0
  GCM_UPDATE(&ctx->inner, src_size, src);
166
167
0
  return 0;
168
0
}
169
170
static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
171
0
{
172
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
173
174
0
  GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tagsize, tag);
175
0
}
176
177
static void aes_gcm_deinit(void *_ctx)
178
0
{
179
0
  struct gcm_x86_aes_ctx *ctx = _ctx;
180
181
0
  zeroize_temp_key(ctx, sizeof(*ctx));
182
0
  gnutls_free(ctx);
183
0
}
184
185
# include "aes-gcm-aead.h"
186
187
const gnutls_crypto_cipher_st _gnutls_aes_gcm_x86_aesni = {
188
  .init = aes_gcm_cipher_init,
189
  .setkey = aes_gcm_cipher_setkey,
190
  .setiv = aes_gcm_setiv,
191
  .aead_encrypt = aes_gcm_aead_encrypt,
192
  .aead_decrypt = aes_gcm_aead_decrypt,
193
  .encrypt = aes_gcm_encrypt,
194
  .decrypt = aes_gcm_decrypt,
195
  .deinit = aes_gcm_deinit,
196
  .tag = aes_gcm_tag,
197
  .auth = aes_gcm_auth,
198
};
199
200
#endif