Line data Source code
1 : /*
2 : * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3 : *
4 : * Author: Nikos Mavrogiannopoulos
5 : *
6 : * This file is part of GnuTLS.
7 : *
8 : * The GnuTLS is free software; you can redistribute it and/or
9 : * modify it under the terms of the GNU Lesser General Public License
10 : * as published by the Free Software Foundation; either version 2.1 of
11 : * the License, or (at your option) any later version.
12 : *
13 : * This library is distributed in the hope that it will be useful, but
14 : * WITHOUT ANY WARRANTY; without even the implied warranty of
15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 : * Lesser General Public License for more details.
17 : *
18 : * You should have received a copy of the GNU Lesser General Public License
19 : * along with this program. If not, see <https://www.gnu.org/licenses/>
20 : *
21 : */
22 :
23 : /*
24 : * The following code is an implementation of the AES-128-GCM cipher
25 : * using AESNI (without PCLMUL)
26 : */
27 :
28 : #include "errors.h"
29 : #include "gnutls_int.h"
30 :
31 : #ifdef HAVE_LIBNETTLE
32 :
33 : #include <gnutls/crypto.h>
34 : #include "errors.h"
35 : #include <aes-x86.h>
36 : #include <x86-common.h>
37 : #include <byteswap.h>
38 : #include <nettle/gcm.h>
39 : #include <aes-x86.h>
40 :
41 : /* GCM mode
42 : * It is used when the CPU doesn't include the PCLMUL instructions.
43 : */
44 : struct gcm_x86_aes_ctx GCM_CTX(AES_KEY);
45 :
46 0 : static void x86_aes_encrypt(const void *_ctx,
47 : size_t length, uint8_t * dst,
48 : const uint8_t * src)
49 : {
50 0 : AES_KEY *ctx = (void*)_ctx;
51 :
52 0 : aesni_ecb_encrypt(src, dst, length, ctx, 1);
53 0 : }
54 :
55 0 : static void x86_aes128_set_encrypt_key(void *_ctx,
56 : const uint8_t * key)
57 : {
58 0 : AES_KEY *ctx = _ctx;
59 :
60 0 : aesni_set_encrypt_key(key, 16*8, ctx);
61 0 : }
62 :
63 0 : static void x86_aes192_set_encrypt_key(void *_ctx,
64 : const uint8_t * key)
65 : {
66 0 : AES_KEY *ctx = _ctx;
67 :
68 0 : aesni_set_encrypt_key(key, 24*8, ctx);
69 0 : }
70 :
71 0 : static void x86_aes256_set_encrypt_key(void *_ctx,
72 : const uint8_t * key)
73 : {
74 0 : AES_KEY *ctx = _ctx;
75 :
76 0 : aesni_set_encrypt_key(key, 32*8, ctx);
77 0 : }
78 :
79 : static int
80 0 : aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
81 : int enc)
82 : {
83 : /* we use key size to distinguish */
84 0 : if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
85 0 : algorithm != GNUTLS_CIPHER_AES_192_GCM &&
86 : algorithm != GNUTLS_CIPHER_AES_256_GCM)
87 : return GNUTLS_E_INVALID_REQUEST;
88 :
89 0 : *_ctx = gnutls_calloc(1, sizeof(struct gcm_x86_aes_ctx));
90 0 : if (*_ctx == NULL) {
91 0 : gnutls_assert();
92 0 : return GNUTLS_E_MEMORY_ERROR;
93 : }
94 :
95 : return 0;
96 : }
97 :
98 : static int
99 0 : aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t length)
100 : {
101 0 : struct gcm_x86_aes_ctx *ctx = _ctx;
102 :
103 0 : if (length == 16) {
104 0 : GCM_SET_KEY(ctx, x86_aes128_set_encrypt_key, x86_aes_encrypt,
105 : key);
106 0 : } else if (length == 24) {
107 0 : GCM_SET_KEY(ctx, x86_aes192_set_encrypt_key, x86_aes_encrypt,
108 : key);
109 0 : } else if (length == 32) {
110 0 : GCM_SET_KEY(ctx, x86_aes256_set_encrypt_key, x86_aes_encrypt,
111 : key);
112 : } else
113 : return GNUTLS_E_INVALID_REQUEST;
114 :
115 : return 0;
116 : }
117 :
118 0 : static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
119 : {
120 0 : struct gcm_x86_aes_ctx *ctx = _ctx;
121 :
122 0 : if (iv_size != GCM_BLOCK_SIZE - 4)
123 0 : return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
124 :
125 0 : GCM_SET_IV(ctx, iv_size, iv);
126 :
127 0 : return 0;
128 : }
129 :
130 : static int
131 0 : aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
132 : void *dst, size_t length)
133 : {
134 0 : struct gcm_x86_aes_ctx *ctx = _ctx;
135 :
136 0 : GCM_ENCRYPT(ctx, x86_aes_encrypt, src_size, dst, src);
137 :
138 0 : return 0;
139 : }
140 :
141 : static int
142 0 : aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
143 : void *dst, size_t dst_size)
144 : {
145 0 : struct gcm_x86_aes_ctx *ctx = _ctx;
146 :
147 0 : GCM_DECRYPT(ctx, x86_aes_encrypt, src_size, dst, src);
148 0 : return 0;
149 : }
150 :
151 0 : static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
152 : {
153 0 : struct gcm_x86_aes_ctx *ctx = _ctx;
154 :
155 0 : GCM_UPDATE(ctx, src_size, src);
156 :
157 0 : return 0;
158 : }
159 :
160 0 : static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
161 : {
162 0 : struct gcm_x86_aes_ctx *ctx = _ctx;
163 :
164 0 : GCM_DIGEST(ctx, x86_aes_encrypt, tagsize, tag);
165 0 : }
166 :
167 0 : static void aes_gcm_deinit(void *_ctx)
168 : {
169 0 : struct gcm_x86_aes_ctx *ctx = _ctx;
170 :
171 0 : zeroize_temp_key(ctx, sizeof(*ctx));
172 0 : gnutls_free(ctx);
173 0 : }
174 :
175 : #include "aes-gcm-aead.h"
176 :
177 : const gnutls_crypto_cipher_st _gnutls_aes_gcm_x86_aesni = {
178 : .init = aes_gcm_cipher_init,
179 : .setkey = aes_gcm_cipher_setkey,
180 : .setiv = aes_gcm_setiv,
181 : .aead_encrypt = aes_gcm_aead_encrypt,
182 : .aead_decrypt = aes_gcm_aead_decrypt,
183 : .encrypt = aes_gcm_encrypt,
184 : .decrypt = aes_gcm_decrypt,
185 : .deinit = aes_gcm_deinit,
186 : .tag = aes_gcm_tag,
187 : .auth = aes_gcm_auth,
188 : };
189 :
190 : #endif
|