/src/gnutls/lib/accelerated/x86/aes-padlock.c

Source (jump to first uncovered line)
/*
 * Copyright (C) 2011-2018 Free Software Foundation, Inc.
 * Copyright (C) 2018 Red Hat, Inc.
 *
 * Author: Nikos Mavrogiannopoulos
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

/*
 * The following code is an implementation of the AES-128-CBC cipher
 * using VIA Padlock instruction set. 
 */

#include "errors.h"
#include "gnutls_int.h"
#include <gnutls/crypto.h>
#include "errors.h"
#include <aes-x86.h>
#include <x86-common.h>
#include <nettle/aes.h>   /* for key generation in 192 and 256 bits */
#include <sha-padlock.h>
#include <aes-padlock.h>

static int
aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
{
  /* we use key size to distinguish */
  if (algorithm != GNUTLS_CIPHER_AES_128_CBC
      && algorithm != GNUTLS_CIPHER_AES_256_CBC
      && algorithm != GNUTLS_CIPHER_AES_192_CBC)
    return GNUTLS_E_INVALID_REQUEST;

  *_ctx = gnutls_calloc(1, sizeof(struct padlock_ctx));
  if (*_ctx == NULL) {
    gnutls_assert();
    return GNUTLS_E_MEMORY_ERROR;
  }

  ((struct padlock_ctx *)(*_ctx))->enc = enc;
  return 0;
}

int padlock_aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
{
  struct padlock_ctx *ctx = _ctx;
  struct padlock_cipher_data *pce;
  struct aes192_ctx nc192;
  struct aes256_ctx nc256;

  memset(_ctx, 0, sizeof(struct padlock_cipher_data));

  pce = ALIGN16(&ctx->expanded_key);

  pce->cword.b.encdec = (ctx->enc == 0);

  switch (keysize) {
  case 16:
    pce->cword.b.ksize = 0;
    pce->cword.b.rounds = 10;
    memcpy(pce->ks.rd_key, userkey, 16);
    pce->cword.b.keygen = 0;
    break;
  case 24:
    pce->cword.b.ksize = 1;
    pce->cword.b.rounds = 12;
    if (ctx->enc)
      aes192_set_encrypt_key(&nc192, userkey);
    else
      aes192_set_decrypt_key(&nc192, userkey);
    memcpy(pce->ks.rd_key, nc192.keys, sizeof(nc192.keys));
    pce->ks.rounds = _AES192_ROUNDS;
    pce->cword.b.keygen = 1;
    break;
  case 32:
    pce->cword.b.ksize = 2;
    pce->cword.b.rounds = 14;

    /* expand key using nettle */
    if (ctx->enc)
      aes256_set_encrypt_key(&nc256, userkey);
    else
      aes256_set_decrypt_key(&nc256, userkey);

    memcpy(pce->ks.rd_key, nc256.keys, sizeof(nc256.keys));
    pce->ks.rounds = _AES256_ROUNDS;

    pce->cword.b.keygen = 1;
    break;
  default:
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
  }

  padlock_reload_key();

  return 0;
}

static int aes_setiv(void *_ctx, const void *iv, size_t iv_size)
{
  struct padlock_ctx *ctx = _ctx;
  struct padlock_cipher_data *pce;

  pce = ALIGN16(&ctx->expanded_key);

  if (iv_size != 16)
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

  memcpy(pce->iv, iv, 16);

  return 0;
}

static int
padlock_aes_cbc_encrypt(void *_ctx, const void *src, size_t src_size,
      void *dst, size_t dst_size)
{
  struct padlock_ctx *ctx = _ctx;
  struct padlock_cipher_data *pce;
  int ret = 1;

  if (unlikely(dst_size < src_size))
    return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);

  pce = ALIGN16(&ctx->expanded_key);

  if (src_size > 0)
    ret = padlock_cbc_encrypt(dst, src, pce, src_size);

  return ret ? 0 : GNUTLS_E_ENCRYPTION_FAILED;
}

static int
padlock_aes_cbc_decrypt(void *_ctx, const void *src, size_t src_size,
      void *dst, size_t dst_size)
{
  struct padlock_ctx *ctx = _ctx;
  struct padlock_cipher_data *pcd;
  int ret = 1;

  if (unlikely(dst_size < src_size))
    return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);

  pcd = ALIGN16(&ctx->expanded_key);

  if (src_size > 0)
    padlock_cbc_encrypt(dst, src, pcd, src_size);

  return ret ? 0 : GNUTLS_E_ENCRYPTION_FAILED;
}

static void aes_deinit(void *_ctx)
{
  struct padlock_ctx *ctx = _ctx;

  zeroize_temp_key(ctx, sizeof(*ctx));
  gnutls_free(ctx);
}

const gnutls_crypto_cipher_st _gnutls_aes_padlock = {
  .init = aes_cipher_init,
  .setkey = padlock_aes_cipher_setkey,
  .setiv = aes_setiv,
  .encrypt = padlock_aes_cbc_encrypt,
  .decrypt = padlock_aes_cbc_decrypt,
  .deinit = aes_deinit,
};

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (C) 2011-2018 Free Software Foundation, Inc.
3		* Copyright (C) 2018 Red Hat, Inc.
4		*
5		* Author: Nikos Mavrogiannopoulos
6		*
7		* This file is part of GnuTLS.
8		*
9		* The GnuTLS is free software; you can redistribute it and/or
10		* modify it under the terms of the GNU Lesser General Public License
11		* as published by the Free Software Foundation; either version 2.1 of
12		* the License, or (at your option) any later version.
13		*
14		* This library is distributed in the hope that it will be useful, but
15		* WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17		* Lesser General Public License for more details.
18		*
19		* You should have received a copy of the GNU Lesser General Public License
20		* along with this program. If not, see <https://www.gnu.org/licenses/>
21		*
22		*/
23
24		/*
25		* The following code is an implementation of the AES-128-CBC cipher
26		* using VIA Padlock instruction set.
27		*/
28
29		#include "errors.h"
30		#include "gnutls_int.h"
31		#include <gnutls/crypto.h>
32		#include "errors.h"
33		#include <aes-x86.h>
34		#include <x86-common.h>
35		#include <nettle/aes.h> /* for key generation in 192 and 256 bits */
36		#include <sha-padlock.h>
37		#include <aes-padlock.h>
38
39		static int
40		aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
41	0	{
42		/* we use key size to distinguish */
43	0	if (algorithm != GNUTLS_CIPHER_AES_128_CBC
44	0	&& algorithm != GNUTLS_CIPHER_AES_256_CBC
45	0	&& algorithm != GNUTLS_CIPHER_AES_192_CBC)
46	0	return GNUTLS_E_INVALID_REQUEST;
47
48	0	*_ctx = gnutls_calloc(1, sizeof(struct padlock_ctx));
49	0	if (*_ctx == NULL) {
50	0	gnutls_assert();
51	0	return GNUTLS_E_MEMORY_ERROR;
52	0	}
53
54	0	((struct padlock_ctx )(_ctx))->enc = enc;
55	0	return 0;
56	0	}
57
58		int padlock_aes_cipher_setkey(void _ctx, const void userkey, size_t keysize)
59	0	{
60	0	struct padlock_ctx *ctx = _ctx;
61	0	struct padlock_cipher_data *pce;
62	0	struct aes192_ctx nc192;
63	0	struct aes256_ctx nc256;
64
65	0	memset(_ctx, 0, sizeof(struct padlock_cipher_data));
66
67	0	pce = ALIGN16(&ctx->expanded_key);
68
69	0	pce->cword.b.encdec = (ctx->enc == 0);
70
71	0	switch (keysize) {
72	0	case 16:
73	0	pce->cword.b.ksize = 0;
74	0	pce->cword.b.rounds = 10;
75	0	memcpy(pce->ks.rd_key, userkey, 16);
76	0	pce->cword.b.keygen = 0;
77	0	break;
78	0	case 24:
79	0	pce->cword.b.ksize = 1;
80	0	pce->cword.b.rounds = 12;
81	0	if (ctx->enc)
82	0	aes192_set_encrypt_key(&nc192, userkey);
83	0	else
84	0	aes192_set_decrypt_key(&nc192, userkey);
85	0	memcpy(pce->ks.rd_key, nc192.keys, sizeof(nc192.keys));
86	0	pce->ks.rounds = _AES192_ROUNDS;
87	0	pce->cword.b.keygen = 1;
88	0	break;
89	0	case 32:
90	0	pce->cword.b.ksize = 2;
91	0	pce->cword.b.rounds = 14;
92
93		/* expand key using nettle */
94	0	if (ctx->enc)
95	0	aes256_set_encrypt_key(&nc256, userkey);
96	0	else
97	0	aes256_set_decrypt_key(&nc256, userkey);
98
99	0	memcpy(pce->ks.rd_key, nc256.keys, sizeof(nc256.keys));
100	0	pce->ks.rounds = _AES256_ROUNDS;
101
102	0	pce->cword.b.keygen = 1;
103	0	break;
104	0	default:
105	0	return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
106	0	}
107
108	0	padlock_reload_key();
109
110	0	return 0;
111	0	}
112
113		static int aes_setiv(void _ctx, const void iv, size_t iv_size)
114	0	{
115	0	struct padlock_ctx *ctx = _ctx;
116	0	struct padlock_cipher_data *pce;
117
118	0	pce = ALIGN16(&ctx->expanded_key);
119
120	0	if (iv_size != 16)
121	0	return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
122
123	0	memcpy(pce->iv, iv, 16);
124
125	0	return 0;
126	0	}
127
128		static int
129		padlock_aes_cbc_encrypt(void _ctx, const void src, size_t src_size,
130		void *dst, size_t dst_size)
131	0	{
132	0	struct padlock_ctx *ctx = _ctx;
133	0	struct padlock_cipher_data *pce;
134	0	int ret = 1;
135
136	0	if (unlikely(dst_size < src_size))
137	0	return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
138
139	0	pce = ALIGN16(&ctx->expanded_key);
140
141	0	if (src_size > 0)
142	0	ret = padlock_cbc_encrypt(dst, src, pce, src_size);
143
144	0	return ret ? 0 : GNUTLS_E_ENCRYPTION_FAILED;
145	0	}
146
147		static int
148		padlock_aes_cbc_decrypt(void _ctx, const void src, size_t src_size,
149		void *dst, size_t dst_size)
150	0	{
151	0	struct padlock_ctx *ctx = _ctx;
152	0	struct padlock_cipher_data *pcd;
153	0	int ret = 1;
154
155	0	if (unlikely(dst_size < src_size))
156	0	return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
157
158	0	pcd = ALIGN16(&ctx->expanded_key);
159
160	0	if (src_size > 0)
161	0	padlock_cbc_encrypt(dst, src, pcd, src_size);
162
163	0	return ret ? 0 : GNUTLS_E_ENCRYPTION_FAILED;
164	0	}
165
166		static void aes_deinit(void *_ctx)
167	0	{
168	0	struct padlock_ctx *ctx = _ctx;
169
170	0	zeroize_temp_key(ctx, sizeof(*ctx));
171	0	gnutls_free(ctx);
172	0	}
173
174		const gnutls_crypto_cipher_st _gnutls_aes_padlock = {
175		.init = aes_cipher_init,
176		.setkey = padlock_aes_cipher_setkey,
177		.setiv = aes_setiv,
178		.encrypt = padlock_aes_cbc_encrypt,
179		.decrypt = padlock_aes_cbc_decrypt,
180		.deinit = aes_deinit,
181		};

Coverage Report

Created: 2023-03-26 08:33