]>
Commit | Line | Data |
---|---|---|
3a9f26f3 | 1 | /* |
b6461792 | 2 | * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. |
3a9f26f3 SL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
c72fa255 MC |
10 | /* |
11 | * This file uses the low level AES functions (which are deprecated for | |
12 | * non-internal use) in order to implement provider AES ciphers. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
3a9f26f3 SL |
16 | #include "cipher_aes_xts.h" |
17 | ||
18 | #define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \ | |
19 | fn_block_enc, fn_block_dec, \ | |
20 | fn_stream_enc, fn_stream_dec) { \ | |
21 | size_t bytes = keylen / 2; \ | |
22 | size_t bits = bytes * 8; \ | |
23 | \ | |
24 | if (ctx->enc) { \ | |
25 | fn_set_enc_key(key, bits, &xctx->ks1.ks); \ | |
26 | xctx->xts.block1 = (block128_f)fn_block_enc; \ | |
27 | } else { \ | |
28 | fn_set_dec_key(key, bits, &xctx->ks1.ks); \ | |
29 | xctx->xts.block1 = (block128_f)fn_block_dec; \ | |
30 | } \ | |
31 | fn_set_enc_key(key + bytes, bits, &xctx->ks2.ks); \ | |
32 | xctx->xts.block2 = (block128_f)fn_block_enc; \ | |
33 | xctx->xts.key1 = &xctx->ks1; \ | |
34 | xctx->xts.key2 = &xctx->ks2; \ | |
35 | xctx->stream = ctx->enc ? fn_stream_enc : fn_stream_dec; \ | |
36 | } | |
37 | ||
38 | static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx, | |
39 | const unsigned char *key, | |
40 | size_t keylen) | |
41 | { | |
42 | PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; | |
43 | OSSL_xts_stream_fn stream_enc = NULL; | |
44 | OSSL_xts_stream_fn stream_dec = NULL; | |
45 | ||
46 | #ifdef AES_XTS_ASM | |
47 | stream_enc = AES_xts_encrypt; | |
48 | stream_dec = AES_xts_decrypt; | |
49 | #endif /* AES_XTS_ASM */ | |
50 | ||
51 | #ifdef HWAES_CAPABLE | |
52 | if (HWAES_CAPABLE) { | |
53 | # ifdef HWAES_xts_encrypt | |
54 | stream_enc = HWAES_xts_encrypt; | |
55 | # endif /* HWAES_xts_encrypt */ | |
56 | # ifdef HWAES_xts_decrypt | |
57 | stream_dec = HWAES_xts_decrypt; | |
58 | # endif /* HWAES_xts_decrypt */ | |
59 | XTS_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key, | |
60 | HWAES_encrypt, HWAES_decrypt, | |
61 | stream_enc, stream_dec); | |
ec5059c3 | 62 | return 1; |
3a9f26f3 SL |
63 | } else |
64 | #endif /* HWAES_CAPABLE */ | |
65 | ||
66 | #ifdef BSAES_CAPABLE | |
67 | if (BSAES_CAPABLE) { | |
3675334e P |
68 | stream_enc = ossl_bsaes_xts_encrypt; |
69 | stream_dec = ossl_bsaes_xts_decrypt; | |
4b51903d | 70 | } else |
3a9f26f3 | 71 | #endif /* BSAES_CAPABLE */ |
3a9f26f3 SL |
72 | #ifdef VPAES_CAPABLE |
73 | if (VPAES_CAPABLE) { | |
74 | XTS_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key, | |
75 | vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec); | |
4b51903d | 76 | return 1; |
3a9f26f3 SL |
77 | } else |
78 | #endif /* VPAES_CAPABLE */ | |
4b51903d SL |
79 | { |
80 | (void)0; | |
81 | } | |
3a9f26f3 SL |
82 | { |
83 | XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key, | |
84 | AES_encrypt, AES_decrypt, stream_enc, stream_dec); | |
85 | } | |
86 | return 1; | |
87 | } | |
88 | ||
f75abcc0 SL |
89 | static void cipher_hw_aes_xts_copyctx(PROV_CIPHER_CTX *dst, |
90 | const PROV_CIPHER_CTX *src) | |
91 | { | |
92 | PROV_AES_XTS_CTX *sctx = (PROV_AES_XTS_CTX *)src; | |
93 | PROV_AES_XTS_CTX *dctx = (PROV_AES_XTS_CTX *)dst; | |
94 | ||
95 | *dctx = *sctx; | |
96 | dctx->xts.key1 = &dctx->ks1.ks; | |
97 | dctx->xts.key2 = &dctx->ks2.ks; | |
98 | } | |
99 | ||
3a9f26f3 SL |
100 | #if defined(AESNI_CAPABLE) |
101 | ||
102 | static int cipher_hw_aesni_xts_initkey(PROV_CIPHER_CTX *ctx, | |
103 | const unsigned char *key, size_t keylen) | |
104 | { | |
105 | PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; | |
106 | ||
107 | XTS_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key, | |
f407a9a9 | 108 | aesni_encrypt, aesni_decrypt, |
3a9f26f3 SL |
109 | aesni_xts_encrypt, aesni_xts_decrypt); |
110 | return 1; | |
111 | } | |
112 | ||
113 | # define PROV_CIPHER_HW_declare_xts() \ | |
114 | static const PROV_CIPHER_HW aesni_xts = { \ | |
115 | cipher_hw_aesni_xts_initkey, \ | |
f75abcc0 SL |
116 | NULL, \ |
117 | cipher_hw_aes_xts_copyctx \ | |
3a9f26f3 SL |
118 | }; |
119 | # define PROV_CIPHER_HW_select_xts() \ | |
120 | if (AESNI_CAPABLE) \ | |
121 | return &aesni_xts; | |
122 | ||
123 | # elif defined(SPARC_AES_CAPABLE) | |
124 | ||
125 | static int cipher_hw_aes_xts_t4_initkey(PROV_CIPHER_CTX *ctx, | |
126 | const unsigned char *key, size_t keylen) | |
127 | { | |
128 | PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; | |
129 | OSSL_xts_stream_fn stream_enc = NULL; | |
130 | OSSL_xts_stream_fn stream_dec = NULL; | |
131 | ||
132 | /* Note: keylen is the size of 2 keys */ | |
133 | switch (keylen) { | |
134 | case 32: | |
135 | stream_enc = aes128_t4_xts_encrypt; | |
136 | stream_dec = aes128_t4_xts_decrypt; | |
137 | break; | |
138 | case 64: | |
139 | stream_enc = aes256_t4_xts_encrypt; | |
140 | stream_dec = aes256_t4_xts_decrypt; | |
141 | break; | |
142 | default: | |
143 | return 0; | |
144 | } | |
145 | ||
146 | XTS_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_set_decrypt_key, | |
147 | aes_t4_encrypt, aes_t4_decrypt, | |
148 | stream_enc, stream_dec); | |
149 | return 1; | |
150 | } | |
151 | ||
152 | # define PROV_CIPHER_HW_declare_xts() \ | |
153 | static const PROV_CIPHER_HW aes_xts_t4 = { \ | |
154 | cipher_hw_aes_xts_t4_initkey, \ | |
f75abcc0 SL |
155 | NULL, \ |
156 | cipher_hw_aes_xts_copyctx \ | |
3a9f26f3 SL |
157 | }; |
158 | # define PROV_CIPHER_HW_select_xts() \ | |
159 | if (SPARC_AES_CAPABLE) \ | |
160 | return &aes_xts_t4; | |
86c69fe8 | 161 | |
347f05e8 | 162 | #elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64 |
ee11118d HZZ |
163 | |
164 | static int cipher_hw_aes_xts_rv64i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx, | |
165 | const unsigned char *key, | |
166 | size_t keylen) | |
167 | { | |
168 | PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; | |
169 | OSSL_xts_stream_fn stream_enc = NULL; | |
170 | OSSL_xts_stream_fn stream_dec = NULL; | |
171 | ||
172 | XTS_SET_KEY_FN(rv64i_zkne_set_encrypt_key, rv64i_zknd_set_decrypt_key, | |
173 | rv64i_zkne_encrypt, rv64i_zknd_decrypt, | |
174 | stream_enc, stream_dec); | |
175 | return 1; | |
176 | } | |
177 | ||
3e56c0ef JS |
178 | static int cipher_hw_aes_xts_rv64i_zvbb_zvkg_zvkned_initkey( |
179 | PROV_CIPHER_CTX *ctx, const unsigned char *key, size_t keylen) | |
180 | { | |
181 | PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; | |
182 | OSSL_xts_stream_fn stream_enc = NULL; | |
183 | OSSL_xts_stream_fn stream_dec = NULL; | |
184 | ||
185 | /* Zvkned only supports 128 and 256 bit keys. */ | |
186 | if (keylen * 8 == 128 * 2 || keylen * 8 == 256 * 2) { | |
187 | XTS_SET_KEY_FN(rv64i_zvkned_set_encrypt_key, | |
188 | rv64i_zvkned_set_decrypt_key, rv64i_zvkned_encrypt, | |
189 | rv64i_zvkned_decrypt, | |
190 | rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt, | |
191 | rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt); | |
192 | } else { | |
193 | XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_encrypt_key, | |
194 | rv64i_zvkned_encrypt, rv64i_zvkned_decrypt, | |
195 | stream_enc, stream_dec); | |
196 | } | |
197 | return 1; | |
198 | } | |
199 | ||
f6631e38 | 200 | static int cipher_hw_aes_xts_rv64i_zvkned_initkey(PROV_CIPHER_CTX *ctx, |
3e56c0ef JS |
201 | const unsigned char *key, |
202 | size_t keylen) | |
f6631e38 CM |
203 | { |
204 | PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; | |
205 | OSSL_xts_stream_fn stream_enc = NULL; | |
206 | OSSL_xts_stream_fn stream_dec = NULL; | |
207 | ||
208 | /* Zvkned only supports 128 and 256 bit keys. */ | |
a5871e95 | 209 | if (keylen * 8 == 128 * 2 || keylen * 8 == 256 * 2) { |
f6631e38 CM |
210 | XTS_SET_KEY_FN(rv64i_zvkned_set_encrypt_key, |
211 | rv64i_zvkned_set_decrypt_key, | |
212 | rv64i_zvkned_encrypt, rv64i_zvkned_decrypt, | |
213 | stream_enc, stream_dec); | |
214 | } else { | |
94474e02 AB |
215 | XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_encrypt_key, |
216 | rv64i_zvkned_encrypt, rv64i_zvkned_decrypt, | |
f6631e38 CM |
217 | stream_enc, stream_dec); |
218 | } | |
219 | return 1; | |
220 | } | |
221 | ||
ee11118d HZZ |
222 | # define PROV_CIPHER_HW_declare_xts() \ |
223 | static const PROV_CIPHER_HW aes_xts_rv64i_zknd_zkne = { \ | |
224 | cipher_hw_aes_xts_rv64i_zknd_zkne_initkey, \ | |
225 | NULL, \ | |
226 | cipher_hw_aes_xts_copyctx \ | |
a5871e95 | 227 | }; \ |
f6631e38 CM |
228 | static const PROV_CIPHER_HW aes_xts_rv64i_zvkned = { \ |
229 | cipher_hw_aes_xts_rv64i_zvkned_initkey, \ | |
230 | NULL, \ | |
231 | cipher_hw_aes_xts_copyctx \ | |
3e56c0ef JS |
232 | }; \ |
233 | static const PROV_CIPHER_HW aes_xts_rv64i_zvbb_zvkg_zvkned = { \ | |
234 | cipher_hw_aes_xts_rv64i_zvbb_zvkg_zvkned_initkey, \ | |
235 | NULL, \ | |
236 | cipher_hw_aes_xts_copyctx \ | |
f6631e38 CM |
237 | }; |
238 | ||
ee11118d | 239 | # define PROV_CIPHER_HW_select_xts() \ |
3e56c0ef JS |
240 | if (RISCV_HAS_ZVBB() && RISCV_HAS_ZVKG() && RISCV_HAS_ZVKNED() && \ |
241 | riscv_vlen() >= 128) \ | |
242 | return &aes_xts_rv64i_zvbb_zvkg_zvkned; \ | |
f6631e38 CM |
243 | if (RISCV_HAS_ZVKNED() && riscv_vlen() >= 128) \ |
244 | return &aes_xts_rv64i_zvkned; \ | |
245 | else if (RISCV_HAS_ZKND_AND_ZKNE()) \ | |
3e56c0ef | 246 | return &aes_xts_rv64i_zknd_zkne; |
86c69fe8 | 247 | |
347f05e8 | 248 | #elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32 |
5ccee69b HZZ |
249 | |
250 | static int cipher_hw_aes_xts_rv32i_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx, | |
251 | const unsigned char *key, | |
252 | size_t keylen) | |
253 | { | |
254 | PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; | |
255 | ||
256 | XTS_SET_KEY_FN(rv32i_zkne_set_encrypt_key, rv32i_zknd_zkne_set_decrypt_key, | |
257 | rv32i_zkne_encrypt, rv32i_zknd_decrypt, | |
258 | NULL, NULL); | |
259 | return 1; | |
260 | } | |
261 | ||
262 | static int cipher_hw_aes_xts_rv32i_zbkb_zknd_zkne_initkey(PROV_CIPHER_CTX *ctx, | |
263 | const unsigned char *key, | |
264 | size_t keylen) | |
265 | { | |
266 | PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx; | |
267 | ||
268 | XTS_SET_KEY_FN(rv32i_zbkb_zkne_set_encrypt_key, rv32i_zbkb_zknd_zkne_set_decrypt_key, | |
269 | rv32i_zkne_encrypt, rv32i_zknd_decrypt, | |
270 | NULL, NULL); | |
271 | return 1; | |
272 | } | |
273 | ||
274 | # define PROV_CIPHER_HW_declare_xts() \ | |
275 | static const PROV_CIPHER_HW aes_xts_rv32i_zknd_zkne = { \ | |
276 | cipher_hw_aes_xts_rv32i_zknd_zkne_initkey, \ | |
277 | NULL, \ | |
278 | cipher_hw_aes_xts_copyctx \ | |
279 | }; \ | |
280 | static const PROV_CIPHER_HW aes_xts_rv32i_zbkb_zknd_zkne = { \ | |
281 | cipher_hw_aes_xts_rv32i_zbkb_zknd_zkne_initkey, \ | |
282 | NULL, \ | |
283 | cipher_hw_aes_xts_copyctx \ | |
284 | }; | |
285 | # define PROV_CIPHER_HW_select_xts() \ | |
86c69fe8 | 286 | if (RISCV_HAS_ZBKB_AND_ZKND_AND_ZKNE()) \ |
5ccee69b | 287 | return &aes_xts_rv32i_zbkb_zknd_zkne; \ |
d8fa4cf7 | 288 | if (RISCV_HAS_ZKND_AND_ZKNE()) \ |
5ccee69b | 289 | return &aes_xts_rv32i_zknd_zkne; |
3a9f26f3 SL |
290 | # else |
291 | /* The generic case */ | |
292 | # define PROV_CIPHER_HW_declare_xts() | |
293 | # define PROV_CIPHER_HW_select_xts() | |
294 | #endif | |
295 | ||
296 | static const PROV_CIPHER_HW aes_generic_xts = { | |
297 | cipher_hw_aes_xts_generic_initkey, | |
f75abcc0 SL |
298 | NULL, |
299 | cipher_hw_aes_xts_copyctx | |
3a9f26f3 SL |
300 | }; |
301 | PROV_CIPHER_HW_declare_xts() | |
7d6766cb | 302 | const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_xts(size_t keybits) |
3a9f26f3 SL |
303 | { |
304 | PROV_CIPHER_HW_select_xts() | |
305 | return &aes_generic_xts; | |
306 | } |