/src/gnutls/lib/accelerated/x86/aes-gcm-x86-aesni.c

Source
/*
 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
 *
 * Author: Nikos Mavrogiannopoulos
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

/*
 * The following code is an implementation of the AES-128-GCM cipher
 * using AESNI (without PCLMUL)
 */

#include "errors.h"
#include "gnutls_int.h"

#ifdef HAVE_LIBNETTLE

#include <gnutls/crypto.h>
#include "errors.h"
#include "aes-x86.h"
#include "x86-common.h"
#include <byteswap.h>
#include <nettle/gcm.h>
#include <nettle/version.h>

/* GCM mode 
 * It is used when the CPU doesn't include the PCLMUL instructions.
 */
struct gcm_x86_aes_ctx {
  struct GCM_CTX(AES_KEY) inner;
  size_t rekey_counter;
};

static void x86_aes_encrypt(const void *_ctx, size_t length, uint8_t *dst,
          const uint8_t *src)
{
  AES_KEY *ctx = (void *)_ctx;

  aesni_ecb_encrypt(src, dst, length, ctx, 1);
}

static void x86_aes128_set_encrypt_key(void *_ctx, const uint8_t *key)
{
  AES_KEY *ctx = _ctx;

  aesni_set_encrypt_key(key, 16 * 8, ctx);
}

static void x86_aes192_set_encrypt_key(void *_ctx, const uint8_t *key)
{
  AES_KEY *ctx = _ctx;

  aesni_set_encrypt_key(key, 24 * 8, ctx);
}

static void x86_aes256_set_encrypt_key(void *_ctx, const uint8_t *key)
{
  AES_KEY *ctx = _ctx;

  aesni_set_encrypt_key(key, 32 * 8, ctx);
}

static int aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
             int enc)
{
  /* we use key size to distinguish */
  if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
      algorithm != GNUTLS_CIPHER_AES_192_GCM &&
      algorithm != GNUTLS_CIPHER_AES_256_GCM)
    return GNUTLS_E_INVALID_REQUEST;

  *_ctx = gnutls_calloc(1, sizeof(struct gcm_x86_aes_ctx));
  if (*_ctx == NULL) {
    gnutls_assert();
    return GNUTLS_E_MEMORY_ERROR;
  }

  return 0;
}

static int aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t length)
{
  struct gcm_x86_aes_ctx *ctx = _ctx;

  if (length == 16) {
    GCM_SET_KEY(&ctx->inner, x86_aes128_set_encrypt_key,
          x86_aes_encrypt, key);
  } else if (length == 24) {
    GCM_SET_KEY(&ctx->inner, x86_aes192_set_encrypt_key,
          x86_aes_encrypt, key);
  } else if (length == 32) {
    GCM_SET_KEY(&ctx->inner, x86_aes256_set_encrypt_key,
          x86_aes_encrypt, key);
  } else
    return GNUTLS_E_INVALID_REQUEST;

  ctx->rekey_counter = 0;
  return 0;
}

static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
{
  struct gcm_x86_aes_ctx *ctx = _ctx;

  if (iv_size != GCM_BLOCK_SIZE - 4)
    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

  GCM_SET_IV(&ctx->inner, iv_size, iv);

  ctx->rekey_counter = 0;
  return 0;
}

static int aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
         void *dst, size_t length)
{
  struct gcm_x86_aes_ctx *ctx = _ctx;
  int ret;

  if (unlikely(length < src_size))
    return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);

  ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size);
  if (ret < 0) {
    return gnutls_assert_val(ret);
  }

  GCM_ENCRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src);

  return 0;
}

static int aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
         void *dst, size_t dst_size)
{
  struct gcm_x86_aes_ctx *ctx = _ctx;

  if (unlikely(dst_size < src_size))
    return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);

  GCM_DECRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src);
  return 0;
}

static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
{
  struct gcm_x86_aes_ctx *ctx = _ctx;

  GCM_UPDATE(&ctx->inner, src_size, src);

  return 0;
}

static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
{
  struct gcm_x86_aes_ctx *ctx = _ctx;
  uint8_t buffer[GCM_DIGEST_SIZE];

#if NETTLE_VERSION_MAJOR >= 4
  GCM_DIGEST(&ctx->inner, x86_aes_encrypt, buffer);
#else
  GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tagsize, buffer);
#endif
  memcpy(tag, buffer, tagsize);
}

static void aes_gcm_deinit(void *_ctx)
{
  struct gcm_x86_aes_ctx *ctx = _ctx;

  zeroize_key(ctx, sizeof(*ctx));
  gnutls_free(ctx);
}

#include "aes-gcm-aead.h"

const gnutls_crypto_cipher_st _gnutls_aes_gcm_x86_aesni = {
  .init = aes_gcm_cipher_init,
  .setkey = aes_gcm_cipher_setkey,
  .setiv = aes_gcm_setiv,
  .aead_encrypt = aes_gcm_aead_encrypt,
  .aead_decrypt = aes_gcm_aead_decrypt,
  .encrypt = aes_gcm_encrypt,
  .decrypt = aes_gcm_decrypt,
  .deinit = aes_gcm_deinit,
  .tag = aes_gcm_tag,
  .auth = aes_gcm_auth,
};

#endif

Coverage Report

Created: 2026-05-16 06:55

Line	Count	Source
1		/*
2		* Copyright (C) 2011-2012 Free Software Foundation, Inc.
3		*
4		* Author: Nikos Mavrogiannopoulos
5		*
6		* This file is part of GnuTLS.
7		*
8		* The GnuTLS is free software; you can redistribute it and/or
9		* modify it under the terms of the GNU Lesser General Public License
10		* as published by the Free Software Foundation; either version 2.1 of
11		* the License, or (at your option) any later version.
12		*
13		* This library is distributed in the hope that it will be useful, but
14		* WITHOUT ANY WARRANTY; without even the implied warranty of
15		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16		* Lesser General Public License for more details.
17		*
18		* You should have received a copy of the GNU Lesser General Public License
19		* along with this program. If not, see <https://www.gnu.org/licenses/>
20		*
21		*/
22
23		/*
24		* The following code is an implementation of the AES-128-GCM cipher
25		* using AESNI (without PCLMUL)
26		*/
27
28		#include "errors.h"
29		#include "gnutls_int.h"
30
31		#ifdef HAVE_LIBNETTLE
32
33		#include <gnutls/crypto.h>
34		#include "errors.h"
35		#include "aes-x86.h"
36		#include "x86-common.h"
37		#include <byteswap.h>
38		#include <nettle/gcm.h>
39		#include <nettle/version.h>
40
41		/* GCM mode
42		* It is used when the CPU doesn't include the PCLMUL instructions.
43		*/
44		struct gcm_x86_aes_ctx {
45		struct GCM_CTX(AES_KEY) inner;
46		size_t rekey_counter;
47		};
48
49		static void x86_aes_encrypt(const void _ctx, size_t length, uint8_t dst,
50		const uint8_t *src)
51	0	{
52	0	AES_KEY ctx = (void )_ctx;
53
54	0	aesni_ecb_encrypt(src, dst, length, ctx, 1);
55	0	}
56
57		static void x86_aes128_set_encrypt_key(void _ctx, const uint8_t key)
58	0	{
59	0	AES_KEY *ctx = _ctx;
60
61	0	aesni_set_encrypt_key(key, 16 * 8, ctx);
62	0	}
63
64		static void x86_aes192_set_encrypt_key(void _ctx, const uint8_t key)
65	0	{
66	0	AES_KEY *ctx = _ctx;
67
68	0	aesni_set_encrypt_key(key, 24 * 8, ctx);
69	0	}
70
71		static void x86_aes256_set_encrypt_key(void _ctx, const uint8_t key)
72	0	{
73	0	AES_KEY *ctx = _ctx;
74
75	0	aesni_set_encrypt_key(key, 32 * 8, ctx);
76	0	}
77
78		static int aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
79		int enc)
80	0	{
81		/* we use key size to distinguish */
82	0	if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
83	0	algorithm != GNUTLS_CIPHER_AES_192_GCM &&
84	0	algorithm != GNUTLS_CIPHER_AES_256_GCM)
85	0	return GNUTLS_E_INVALID_REQUEST;
86
87	0	*_ctx = gnutls_calloc(1, sizeof(struct gcm_x86_aes_ctx));
88	0	if (*_ctx == NULL) {
89	0	gnutls_assert();
90	0	return GNUTLS_E_MEMORY_ERROR;
91	0	}
92
93	0	return 0;
94	0	}
95
96		static int aes_gcm_cipher_setkey(void _ctx, const void key, size_t length)
97	0	{
98	0	struct gcm_x86_aes_ctx *ctx = _ctx;
99
100	0	if (length == 16) {
101	0	GCM_SET_KEY(&ctx->inner, x86_aes128_set_encrypt_key,
102	0	x86_aes_encrypt, key);
103	0	} else if (length == 24) {
104	0	GCM_SET_KEY(&ctx->inner, x86_aes192_set_encrypt_key,
105	0	x86_aes_encrypt, key);
106	0	} else if (length == 32) {
107	0	GCM_SET_KEY(&ctx->inner, x86_aes256_set_encrypt_key,
108	0	x86_aes_encrypt, key);
109	0	} else
110	0	return GNUTLS_E_INVALID_REQUEST;
111
112	0	ctx->rekey_counter = 0;
113	0	return 0;
114	0	}
115
116		static int aes_gcm_setiv(void _ctx, const void iv, size_t iv_size)
117	0	{
118	0	struct gcm_x86_aes_ctx *ctx = _ctx;
119
120	0	if (iv_size != GCM_BLOCK_SIZE - 4)
121	0	return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
122
123	0	GCM_SET_IV(&ctx->inner, iv_size, iv);
124
125	0	ctx->rekey_counter = 0;
126	0	return 0;
127	0	}
128
129		static int aes_gcm_encrypt(void _ctx, const void src, size_t src_size,
130		void *dst, size_t length)
131	0	{
132	0	struct gcm_x86_aes_ctx *ctx = _ctx;
133	0	int ret;
134
135	0	if (unlikely(length < src_size))
136	0	return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
137
138	0	ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size);
139	0	if (ret < 0) {
140	0	return gnutls_assert_val(ret);
141	0	}
142
143	0	GCM_ENCRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src);
144
145	0	return 0;
146	0	}
147
148		static int aes_gcm_decrypt(void _ctx, const void src, size_t src_size,
149		void *dst, size_t dst_size)
150	0	{
151	0	struct gcm_x86_aes_ctx *ctx = _ctx;
152
153	0	if (unlikely(dst_size < src_size))
154	0	return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
155
156	0	GCM_DECRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src);
157	0	return 0;
158	0	}
159
160		static int aes_gcm_auth(void _ctx, const void src, size_t src_size)
161	0	{
162	0	struct gcm_x86_aes_ctx *ctx = _ctx;
163
164	0	GCM_UPDATE(&ctx->inner, src_size, src);
165
166	0	return 0;
167	0	}
168
169		static void aes_gcm_tag(void _ctx, void tag, size_t tagsize)
170	0	{
171	0	struct gcm_x86_aes_ctx *ctx = _ctx;
172	0	uint8_t buffer[GCM_DIGEST_SIZE];
173
174		#if NETTLE_VERSION_MAJOR >= 4
175		GCM_DIGEST(&ctx->inner, x86_aes_encrypt, buffer);
176		#else
177	0	GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tagsize, buffer);
178	0	#endif
179	0	memcpy(tag, buffer, tagsize);
180	0	}
181
182		static void aes_gcm_deinit(void *_ctx)
183	0	{
184	0	struct gcm_x86_aes_ctx *ctx = _ctx;
185
186	0	zeroize_key(ctx, sizeof(*ctx));
187		gnutls_free(ctx);
188	0	}
189
190		#include "aes-gcm-aead.h"
191
192		const gnutls_crypto_cipher_st _gnutls_aes_gcm_x86_aesni = {
193		.init = aes_gcm_cipher_init,
194		.setkey = aes_gcm_cipher_setkey,
195		.setiv = aes_gcm_setiv,
196		.aead_encrypt = aes_gcm_aead_encrypt,
197		.aead_decrypt = aes_gcm_aead_decrypt,
198		.encrypt = aes_gcm_encrypt,
199		.decrypt = aes_gcm_decrypt,
200		.deinit = aes_gcm_deinit,
201		.tag = aes_gcm_tag,
202		.auth = aes_gcm_auth,
203		};
204
205		#endif