/src/gnutls/lib/accelerated/x86/aes-xts-x86-aesni.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2011-2012 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2020 Red Hat, Inc. |
4 | | * |
5 | | * Authors: Nikos Mavrogiannopoulos, Anderson Toshiyuki Sasaki |
6 | | * |
7 | | * This file is part of GnuTLS. |
8 | | * |
9 | | * The GnuTLS is free software; you can redistribute it and/or |
10 | | * modify it under the terms of the GNU Lesser General Public License |
11 | | * as published by the Free Software Foundation; either version 2.1 of |
12 | | * the License, or (at your option) any later version. |
13 | | * |
14 | | * This library is distributed in the hope that it will be useful, but |
15 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | | * Lesser General Public License for more details. |
18 | | * |
19 | | * You should have received a copy of the GNU Lesser General Public License |
20 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
21 | | * |
22 | | */ |
23 | | |
24 | | /* |
25 | | * The following code wraps the CRYPTOGAMS implementation of the AES-XTS cipher |
26 | | * using Intel's AES instruction set. |
27 | | */ |
28 | | |
29 | | #include "errors.h" |
30 | | #include "gnutls_int.h" |
31 | | #include "fips.h" |
32 | | #include <gnutls/crypto.h> |
33 | | #include <aes-x86.h> |
34 | | #include <x86-common.h> |
35 | | |
36 | | struct x86_aes_xts_ctx { |
37 | | AES_KEY block_key; |
38 | | AES_KEY tweak_key; |
39 | | uint8_t iv[16]; |
40 | | int enc; |
41 | | }; |
42 | | |
43 | | static int |
44 | | x86_aes_xts_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, |
45 | | int enc) |
46 | 0 | { |
47 | 0 | if (algorithm != GNUTLS_CIPHER_AES_128_XTS && |
48 | 0 | algorithm != GNUTLS_CIPHER_AES_256_XTS) |
49 | 0 | return GNUTLS_E_INVALID_REQUEST; |
50 | | |
51 | 0 | *_ctx = gnutls_calloc(1, sizeof(struct x86_aes_xts_ctx)); |
52 | 0 | if (*_ctx == NULL) { |
53 | 0 | gnutls_assert(); |
54 | 0 | return GNUTLS_E_MEMORY_ERROR; |
55 | 0 | } |
56 | | |
57 | 0 | ((struct x86_aes_xts_ctx *)(*_ctx))->enc = enc; |
58 | |
|
59 | 0 | return 0; |
60 | 0 | } |
61 | | |
62 | | static int |
63 | | x86_aes_xts_cipher_setkey(void *_ctx, const void *userkey, size_t keysize) |
64 | 0 | { |
65 | 0 | struct x86_aes_xts_ctx *ctx = _ctx; |
66 | 0 | int ret; |
67 | 0 | size_t keybits; |
68 | 0 | const uint8_t *key = userkey; |
69 | |
|
70 | 0 | if ((keysize != 32) && (keysize != 64)) |
71 | 0 | return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |
72 | | |
73 | | /* Check key block according to FIPS-140-2 IG A.9 */ |
74 | 0 | if (_gnutls_fips_mode_enabled()) { |
75 | 0 | if (gnutls_memcmp(key, key + (keysize / 2), keysize / 2) == 0) { |
76 | 0 | return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |
77 | 0 | } |
78 | 0 | } |
79 | | |
80 | | /* Size in bits of each half for block and tweak (=keysize * 8 / 2) */ |
81 | 0 | keybits = keysize * 4; |
82 | |
|
83 | 0 | if (ctx->enc) |
84 | 0 | ret = |
85 | 0 | aesni_set_encrypt_key(key, keybits, |
86 | 0 | ALIGN16(&ctx->block_key)); |
87 | 0 | else |
88 | 0 | ret = |
89 | 0 | aesni_set_decrypt_key(key, keybits, |
90 | 0 | ALIGN16(&ctx->block_key)); |
91 | |
|
92 | 0 | if (ret != 0) |
93 | 0 | return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED); |
94 | | |
95 | 0 | ret = |
96 | 0 | aesni_set_encrypt_key(key + (keysize / 2), keybits, |
97 | 0 | ALIGN16(&ctx->tweak_key)); |
98 | 0 | if (ret != 0) |
99 | 0 | return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED); |
100 | | |
101 | 0 | return 0; |
102 | 0 | } |
103 | | |
104 | | static int x86_aes_xts_setiv(void *_ctx, const void *iv, size_t iv_size) |
105 | 0 | { |
106 | 0 | struct x86_aes_xts_ctx *ctx = _ctx; |
107 | |
|
108 | 0 | if (iv_size != 16) |
109 | 0 | return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |
110 | | |
111 | 0 | memcpy(ctx->iv, iv, 16); |
112 | 0 | return 0; |
113 | 0 | } |
114 | | |
115 | | static int |
116 | | x86_aes_xts_encrypt(void *_ctx, const void *src, size_t src_size, |
117 | | void *dst, size_t dst_size) |
118 | 0 | { |
119 | 0 | struct x86_aes_xts_ctx *ctx = _ctx; |
120 | |
|
121 | 0 | if (unlikely(dst_size < src_size)) |
122 | 0 | return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); |
123 | | |
124 | 0 | if (src_size < 16) |
125 | 0 | return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |
126 | | |
127 | 0 | aesni_xts_encrypt(src, dst, src_size, ALIGN16(&ctx->block_key), |
128 | 0 | ALIGN16(&ctx->tweak_key), ctx->iv); |
129 | 0 | return 0; |
130 | 0 | } |
131 | | |
132 | | static int |
133 | | x86_aes_xts_decrypt(void *_ctx, const void *src, size_t src_size, |
134 | | void *dst, size_t dst_size) |
135 | 0 | { |
136 | 0 | struct x86_aes_xts_ctx *ctx = _ctx; |
137 | |
|
138 | 0 | if (unlikely(dst_size < src_size)) |
139 | 0 | return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); |
140 | | |
141 | 0 | if (src_size < 16) |
142 | 0 | return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |
143 | | |
144 | 0 | aesni_xts_decrypt(src, dst, src_size, ALIGN16(&ctx->block_key), |
145 | 0 | ALIGN16(&ctx->tweak_key), ctx->iv); |
146 | 0 | return 0; |
147 | 0 | } |
148 | | |
149 | | static void x86_aes_xts_deinit(void *_ctx) |
150 | 0 | { |
151 | 0 | struct x86_aes_xts_ctx *ctx = _ctx; |
152 | |
|
153 | 0 | zeroize_temp_key(ctx, sizeof(*ctx)); |
154 | 0 | gnutls_free(ctx); |
155 | 0 | } |
156 | | |
157 | | const gnutls_crypto_cipher_st _gnutls_aes_xts_x86_aesni = { |
158 | | .init = x86_aes_xts_cipher_init, |
159 | | .setkey = x86_aes_xts_cipher_setkey, |
160 | | .setiv = x86_aes_xts_setiv, |
161 | | .encrypt = x86_aes_xts_encrypt, |
162 | | .decrypt = x86_aes_xts_decrypt, |
163 | | .deinit = x86_aes_xts_deinit, |
164 | | }; |