[thirdparty/openssl.git] / providers / implementations / ciphers / cipher_aes_hw.c

/*
 * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * This file uses the low level AES functions (which are deprecated for
 * non-internal use) in order to implement provider AES ciphers.
 */
#include "internal/deprecated.h"

#include <openssl/proverr.h>
#include "cipher_aes.h"

static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
                                 const unsigned char *key, size_t keylen)
{
    int ret;
    PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
    AES_KEY *ks = &adat->ks.ks;

    dat->ks = ks;

    if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
        && !dat->enc) {
#ifdef HWAES_CAPABLE
        if (HWAES_CAPABLE) {
            ret = HWAES_set_decrypt_key(key, keylen * 8, ks);
            dat->block = (block128_f)HWAES_decrypt;
            dat->stream.cbc = NULL;
# ifdef HWAES_cbc_encrypt
            if (dat->mode == EVP_CIPH_CBC_MODE)
                dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
# endif
# ifdef HWAES_ecb_encrypt
            if (dat->mode == EVP_CIPH_ECB_MODE)
                dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
# endif
        } else
#endif
#ifdef BSAES_CAPABLE
        if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) {
            ret = AES_set_decrypt_key(key, keylen * 8, ks);
            dat->block = (block128_f)AES_decrypt;
            dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt;
        } else
#endif
#ifdef VPAES_CAPABLE
        if (VPAES_CAPABLE) {
            ret = vpaes_set_decrypt_key(key, keylen * 8, ks);
            dat->block = (block128_f)vpaes_decrypt;
            dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                              ?(cbc128_f)vpaes_cbc_encrypt : NULL;
        } else
#endif
        {
            ret = AES_set_decrypt_key(key, keylen * 8, ks);
            dat->block = (block128_f)AES_decrypt;
            dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                              ? (cbc128_f)AES_cbc_encrypt : NULL;
        }
    } else
#ifdef HWAES_CAPABLE
    if (HWAES_CAPABLE) {
        ret = HWAES_set_encrypt_key(key, keylen * 8, ks);
        dat->block = (block128_f)HWAES_encrypt;
        dat->stream.cbc = NULL;
# ifdef HWAES_cbc_encrypt
        if (dat->mode == EVP_CIPH_CBC_MODE)
            dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
        else
# endif
# ifdef HWAES_ecb_encrypt
        if (dat->mode == EVP_CIPH_ECB_MODE)
            dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
        else
# endif
# ifdef HWAES_ctr32_encrypt_blocks
        if (dat->mode == EVP_CIPH_CTR_MODE)
            dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
        else
# endif
            (void)0;            /* terminate potentially open 'else' */
    } else
#endif
#ifdef BSAES_CAPABLE
    if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) {
        ret = AES_set_encrypt_key(key, keylen * 8, ks);
        dat->block = (block128_f)AES_encrypt;
        dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks;
    } else
#endif
#ifdef VPAES_CAPABLE
    if (VPAES_CAPABLE) {
        ret = vpaes_set_encrypt_key(key, keylen * 8, ks);
        dat->block = (block128_f)vpaes_encrypt;
        dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                          ? (cbc128_f)vpaes_cbc_encrypt : NULL;
    } else
#endif
    {
        ret = AES_set_encrypt_key(key, keylen * 8, ks);
        dat->block = (block128_f)AES_encrypt;
        dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
                          ? (cbc128_f)AES_cbc_encrypt : NULL;
#ifdef AES_CTR_ASM
        if (dat->mode == EVP_CIPH_CTR_MODE)
            dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
#endif
    }

    if (ret < 0) {
        ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
        return 0;
    }

    return 1;
}

IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_aes_copyctx, PROV_AES_CTX)

#define PROV_CIPHER_HW_aes_mode(mode)                                          \
static const PROV_CIPHER_HW aes_##mode = {                                     \
    cipher_hw_aes_initkey,                                                     \
    ossl_cipher_hw_generic_##mode,                                             \
    cipher_hw_aes_copyctx                                                      \
};                                                                             \
PROV_CIPHER_HW_declare(mode)                                                   \
const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits)           \
{                                                                              \
    PROV_CIPHER_HW_select(mode)                                                \
    return &aes_##mode;                                                        \
}

#if defined(AESNI_CAPABLE)
# include "cipher_aes_hw_aesni.inc"
#elif defined(SPARC_AES_CAPABLE)
# include "cipher_aes_hw_t4.inc"
#elif defined(S390X_aes_128_CAPABLE)
# include "cipher_aes_hw_s390x.inc"
#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
# include "cipher_aes_hw_rv64i.inc"
#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
# include "cipher_aes_hw_rv32i.inc"
#elif defined (ARMv8_HWAES_CAPABLE)
# include "cipher_aes_hw_armv8.inc"
#else
/* The generic case */
# define PROV_CIPHER_HW_declare(mode)
# define PROV_CIPHER_HW_select(mode)
#endif

PROV_CIPHER_HW_aes_mode(cbc)
PROV_CIPHER_HW_aes_mode(ecb)
PROV_CIPHER_HW_aes_mode(ofb128)
PROV_CIPHER_HW_aes_mode(cfb128)
PROV_CIPHER_HW_aes_mode(cfb1)
PROV_CIPHER_HW_aes_mode(cfb8)
PROV_CIPHER_HW_aes_mode(ctr)
Commit	Line	Data
e1178600	1	/*
496bc128	2	* Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
e1178600 SL	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
c72fa255 MC	10	/*
	11	* This file uses the low level AES functions (which are deprecated for
	12	* non-internal use) in order to implement provider AES ciphers.
	13	*/
	14	#include "internal/deprecated.h"
	15
2741128e	16	#include <openssl/proverr.h>
4a42e264	17	#include "cipher_aes.h"
e1178600 SL	18
	19	static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
	20	const unsigned char *key, size_t keylen)
	21	{
	22	int ret;
	23	PROV_AES_CTX adat = (PROV_AES_CTX )dat;
	24	AES_KEY *ks = &adat->ks.ks;
	25
	26	dat->ks = ks;
	27
	28	if ((dat->mode == EVP_CIPH_ECB_MODE \|\| dat->mode == EVP_CIPH_CBC_MODE)
	29	&& !dat->enc) {
	30	#ifdef HWAES_CAPABLE
	31	if (HWAES_CAPABLE) {
	32	ret = HWAES_set_decrypt_key(key, keylen * 8, ks);
	33	dat->block = (block128_f)HWAES_decrypt;
	34	dat->stream.cbc = NULL;
	35	# ifdef HWAES_cbc_encrypt
	36	if (dat->mode == EVP_CIPH_CBC_MODE)
	37	dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
2ff16afc X	38	# endif
	39	# ifdef HWAES_ecb_encrypt
	40	if (dat->mode == EVP_CIPH_ECB_MODE)
	41	dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
e1178600 SL	42	# endif
	43	} else
	44	#endif
	45	#ifdef BSAES_CAPABLE
	46	if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) {
	47	ret = AES_set_decrypt_key(key, keylen * 8, ks);
	48	dat->block = (block128_f)AES_decrypt;
3675334e	49	dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt;
e1178600 SL	50	} else
	51	#endif
	52	#ifdef VPAES_CAPABLE
	53	if (VPAES_CAPABLE) {
	54	ret = vpaes_set_decrypt_key(key, keylen * 8, ks);
	55	dat->block = (block128_f)vpaes_decrypt;
	56	dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
	57	?(cbc128_f)vpaes_cbc_encrypt : NULL;
	58	} else
	59	#endif
	60	{
	61	ret = AES_set_decrypt_key(key, keylen * 8, ks);
	62	dat->block = (block128_f)AES_decrypt;
	63	dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
	64	? (cbc128_f)AES_cbc_encrypt : NULL;
	65	}
	66	} else
	67	#ifdef HWAES_CAPABLE
	68	if (HWAES_CAPABLE) {
	69	ret = HWAES_set_encrypt_key(key, keylen * 8, ks);
	70	dat->block = (block128_f)HWAES_encrypt;
	71	dat->stream.cbc = NULL;
	72	# ifdef HWAES_cbc_encrypt
	73	if (dat->mode == EVP_CIPH_CBC_MODE)
	74	dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
	75	else
	76	# endif
2ff16afc X	77	# ifdef HWAES_ecb_encrypt
	78	if (dat->mode == EVP_CIPH_ECB_MODE)
	79	dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
	80	else
	81	# endif
e1178600 SL	82	# ifdef HWAES_ctr32_encrypt_blocks
	83	if (dat->mode == EVP_CIPH_CTR_MODE)
	84	dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
	85	else
	86	# endif
	87	(void)0; /* terminate potentially open 'else' */
	88	} else
	89	#endif
	90	#ifdef BSAES_CAPABLE
	91	if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) {
	92	ret = AES_set_encrypt_key(key, keylen * 8, ks);
	93	dat->block = (block128_f)AES_encrypt;
3675334e	94	dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks;
e1178600 SL	95	} else
	96	#endif
	97	#ifdef VPAES_CAPABLE
	98	if (VPAES_CAPABLE) {
	99	ret = vpaes_set_encrypt_key(key, keylen * 8, ks);
	100	dat->block = (block128_f)vpaes_encrypt;
	101	dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
	102	? (cbc128_f)vpaes_cbc_encrypt : NULL;
	103	} else
	104	#endif
	105	{
	106	ret = AES_set_encrypt_key(key, keylen * 8, ks);
	107	dat->block = (block128_f)AES_encrypt;
	108	dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
	109	? (cbc128_f)AES_cbc_encrypt : NULL;
	110	#ifdef AES_CTR_ASM
	111	if (dat->mode == EVP_CIPH_CTR_MODE)
	112	dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
	113	#endif
	114	}
	115
	116	if (ret < 0) {
f5f29796	117	ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
e1178600 SL	118	return 0;
	119	}
	120
	121	return 1;
	122	}
	123
f75abcc0 SL	124	IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_aes_copyctx, PROV_AES_CTX)
f75abcc0 SL	125
e1178600 SL	126	#define PROV_CIPHER_HW_aes_mode(mode) \
	127	static const PROV_CIPHER_HW aes_##mode = { \
	128	cipher_hw_aes_initkey, \
592dcfd3	129	ossl_cipher_hw_generic_##mode, \
f75abcc0	130	cipher_hw_aes_copyctx \
e1178600 SL	131	}; \
e1178600 SL	132	PROV_CIPHER_HW_declare(mode) \
7d6766cb	133	const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits) \
e1178600 SL	134	{ \
	135	PROV_CIPHER_HW_select(mode) \
	136	return &aes_##mode; \
	137	}
	138
	139	#if defined(AESNI_CAPABLE)
	140	# include "cipher_aes_hw_aesni.inc"
	141	#elif defined(SPARC_AES_CAPABLE)
	142	# include "cipher_aes_hw_t4.inc"
	143	#elif defined(S390X_aes_128_CAPABLE)
	144	# include "cipher_aes_hw_s390x.inc"
347f05e8	145	#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
86c69fe8	146	# include "cipher_aes_hw_rv64i.inc"
347f05e8	147	#elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
86c69fe8	148	# include "cipher_aes_hw_rv32i.inc"
cc82b09c	149	#elif defined (ARMv8_HWAES_CAPABLE)
cc82b09c	150	# include "cipher_aes_hw_armv8.inc"
e1178600 SL	151	#else
	152	/* The generic case */
	153	# define PROV_CIPHER_HW_declare(mode)
	154	# define PROV_CIPHER_HW_select(mode)
	155	#endif
	156
	157	PROV_CIPHER_HW_aes_mode(cbc)
	158	PROV_CIPHER_HW_aes_mode(ecb)
	159	PROV_CIPHER_HW_aes_mode(ofb128)
	160	PROV_CIPHER_HW_aes_mode(cfb128)
	161	PROV_CIPHER_HW_aes_mode(cfb1)
	162	PROV_CIPHER_HW_aes_mode(cfb8)
	163	PROV_CIPHER_HW_aes_mode(ctr)