/src/gnutls/lib/accelerated/x86/aes-gcm-padlock.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (C) 2011-2012 Free Software Foundation, Inc. |
3 | | * |
4 | | * Author: Nikos Mavrogiannopoulos |
5 | | * |
6 | | * This file is part of GnuTLS. |
7 | | * |
8 | | * The GnuTLS is free software; you can redistribute it and/or |
9 | | * modify it under the terms of the GNU Lesser General Public License |
10 | | * as published by the Free Software Foundation; either version 2.1 of |
11 | | * the License, or (at your option) any later version. |
12 | | * |
13 | | * This library is distributed in the hope that it will be useful, but |
14 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | | * Lesser General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU Lesser General Public License |
19 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
20 | | * |
21 | | */ |
22 | | |
23 | | /* |
24 | | * The following code is an implementation of the AES-128-GCM cipher |
25 | | */ |
26 | | |
27 | | #include "errors.h" |
28 | | #include "gnutls_int.h" |
29 | | |
30 | | #ifdef HAVE_LIBNETTLE |
31 | | |
32 | | #include <gnutls/crypto.h> |
33 | | #include "errors.h" |
34 | | #include "aes-x86.h" |
35 | | #include "x86-common.h" |
36 | | #include <byteswap.h> |
37 | | #include <nettle/gcm.h> |
38 | | #include <nettle/version.h> |
39 | | #include "aes-padlock.h" |
40 | | |
41 | 0 | #define GCM_BLOCK_SIZE 16 |
42 | | |
43 | | /* GCM mode |
44 | | * Actually padlock doesn't include GCM mode. We just use |
45 | | * the ECB part of padlock and nettle for everything else. |
46 | | */ |
47 | | struct gcm_padlock_aes_ctx { |
48 | | struct GCM_CTX(struct padlock_ctx) inner; |
49 | | size_t rekey_counter; |
50 | | }; |
51 | | |
52 | | static void padlock_aes_encrypt(const void *_ctx, size_t length, uint8_t *dst, |
53 | | const uint8_t *src) |
54 | 0 | { |
55 | 0 | struct padlock_ctx *ctx = (void *)_ctx; |
56 | 0 | struct padlock_cipher_data *pce; |
57 | |
|
58 | 0 | pce = ALIGN16(&ctx->expanded_key); |
59 | |
|
60 | 0 | if (length > 0) |
61 | 0 | padlock_ecb_encrypt(dst, src, pce, length); |
62 | 0 | } |
63 | | |
64 | | static void padlock_aes128_set_encrypt_key(struct padlock_ctx *_ctx, |
65 | | const uint8_t *key) |
66 | 0 | { |
67 | 0 | struct padlock_ctx *ctx = _ctx; |
68 | 0 | ctx->enc = 1; |
69 | |
|
70 | 0 | padlock_aes_cipher_setkey(_ctx, key, 16); |
71 | 0 | } |
72 | | |
73 | | static void padlock_aes256_set_encrypt_key(struct padlock_ctx *_ctx, |
74 | | const uint8_t *key) |
75 | 0 | { |
76 | 0 | struct padlock_ctx *ctx = _ctx; |
77 | 0 | ctx->enc = 1; |
78 | |
|
79 | 0 | padlock_aes_cipher_setkey(_ctx, key, 32); |
80 | 0 | } |
81 | | |
82 | | static void aes_gcm_deinit(void *_ctx) |
83 | 0 | { |
84 | 0 | struct gcm_padlock_aes_ctx *ctx = _ctx; |
85 | |
|
86 | 0 | zeroize_key(ctx, sizeof(*ctx)); |
87 | 0 | gnutls_free(ctx); |
88 | 0 | } |
89 | | |
90 | | static int aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, |
91 | | int enc) |
92 | 0 | { |
93 | | /* we use key size to distinguish */ |
94 | 0 | if (algorithm != GNUTLS_CIPHER_AES_128_GCM && |
95 | 0 | algorithm != GNUTLS_CIPHER_AES_256_GCM) |
96 | 0 | return GNUTLS_E_INVALID_REQUEST; |
97 | | |
98 | 0 | *_ctx = gnutls_calloc(1, sizeof(struct gcm_padlock_aes_ctx)); |
99 | 0 | if (*_ctx == NULL) { |
100 | 0 | gnutls_assert(); |
101 | 0 | return GNUTLS_E_MEMORY_ERROR; |
102 | 0 | } |
103 | | |
104 | 0 | return 0; |
105 | 0 | } |
106 | | |
107 | | static int aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t keysize) |
108 | 0 | { |
109 | 0 | struct gcm_padlock_aes_ctx *ctx = _ctx; |
110 | |
|
111 | 0 | if (keysize == 16) { |
112 | 0 | GCM_SET_KEY(&ctx->inner, padlock_aes128_set_encrypt_key, |
113 | 0 | padlock_aes_encrypt, key); |
114 | 0 | } else if (keysize == 32) { |
115 | 0 | GCM_SET_KEY(&ctx->inner, padlock_aes256_set_encrypt_key, |
116 | 0 | padlock_aes_encrypt, key); |
117 | 0 | } else |
118 | 0 | return GNUTLS_E_INVALID_REQUEST; |
119 | | |
120 | 0 | ctx->rekey_counter = 0; |
121 | 0 | return 0; |
122 | 0 | } |
123 | | |
124 | | static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size) |
125 | 0 | { |
126 | 0 | struct gcm_padlock_aes_ctx *ctx = _ctx; |
127 | |
|
128 | 0 | if (iv_size != GCM_BLOCK_SIZE - 4) |
129 | 0 | return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); |
130 | | |
131 | 0 | GCM_SET_IV(&ctx->inner, iv_size, iv); |
132 | |
|
133 | 0 | ctx->rekey_counter = 0; |
134 | 0 | return 0; |
135 | 0 | } |
136 | | |
137 | | static int aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, |
138 | | void *dst, size_t length) |
139 | 0 | { |
140 | 0 | struct gcm_padlock_aes_ctx *ctx = _ctx; |
141 | 0 | int ret; |
142 | |
|
143 | 0 | if (unlikely(length < src_size)) |
144 | 0 | return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); |
145 | | |
146 | 0 | ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size); |
147 | 0 | if (ret < 0) { |
148 | 0 | return gnutls_assert_val(ret); |
149 | 0 | } |
150 | | |
151 | 0 | GCM_ENCRYPT(&ctx->inner, padlock_aes_encrypt, src_size, dst, src); |
152 | |
|
153 | 0 | return 0; |
154 | 0 | } |
155 | | |
156 | | static int aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, |
157 | | void *dst, size_t dst_size) |
158 | 0 | { |
159 | 0 | struct gcm_padlock_aes_ctx *ctx = _ctx; |
160 | |
|
161 | 0 | if (unlikely(dst_size < src_size)) |
162 | 0 | return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); |
163 | | |
164 | 0 | GCM_DECRYPT(&ctx->inner, padlock_aes_encrypt, src_size, dst, src); |
165 | 0 | return 0; |
166 | 0 | } |
167 | | |
168 | | static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size) |
169 | 0 | { |
170 | 0 | struct gcm_padlock_aes_ctx *ctx = _ctx; |
171 | |
|
172 | 0 | GCM_UPDATE(&ctx->inner, src_size, src); |
173 | |
|
174 | 0 | return 0; |
175 | 0 | } |
176 | | |
177 | | static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize) |
178 | 0 | { |
179 | 0 | struct gcm_padlock_aes_ctx *ctx = _ctx; |
180 | 0 | uint8_t buffer[GCM_DIGEST_SIZE]; |
181 | |
|
182 | | #if NETTLE_VERSION_MAJOR >= 4 |
183 | | GCM_DIGEST(&ctx->inner, padlock_aes_encrypt, buffer); |
184 | | #else |
185 | 0 | GCM_DIGEST(&ctx->inner, padlock_aes_encrypt, sizeof(buffer), buffer); |
186 | 0 | #endif |
187 | 0 | memcpy(tag, buffer, tagsize); |
188 | 0 | } |
189 | | |
190 | | #include "aes-gcm-aead.h" |
191 | | |
192 | | const gnutls_crypto_cipher_st _gnutls_aes_gcm_padlock = { |
193 | | .init = aes_gcm_cipher_init, |
194 | | .setkey = aes_gcm_cipher_setkey, |
195 | | .setiv = aes_gcm_setiv, |
196 | | .encrypt = aes_gcm_encrypt, |
197 | | .decrypt = aes_gcm_decrypt, |
198 | | .aead_encrypt = aes_gcm_aead_encrypt, |
199 | | .aead_decrypt = aes_gcm_aead_decrypt, |
200 | | .deinit = aes_gcm_deinit, |
201 | | .tag = aes_gcm_tag, |
202 | | .auth = aes_gcm_auth, |
203 | | }; |
204 | | |
205 | | #endif |