providers/implementations/ciphers/cipher_aes_hw.c

   1 /*
   2  * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 /*
  11  * This file uses the low level AES functions (which are deprecated for
  12  * non-internal use) in order to implement provider AES ciphers.
  13  */
  14 #include "internal/deprecated.h"
  15
  16 #include "cipher_aes.h"
  17 #include "prov/providercommonerr.h"
  18
  19 static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
  20                                  const unsigned char *key, size_t keylen)
  21 {
  22     int ret;
  23     PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
  24     AES_KEY *ks = &adat->ks.ks;
  25
  26     dat->ks = ks;
  27
  28     if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
  29         && !dat->enc) {
  30 #ifdef HWAES_CAPABLE
  31         if (HWAES_CAPABLE) {
  32             ret = HWAES_set_decrypt_key(key, keylen * 8, ks);
  33             dat->block = (block128_f)HWAES_decrypt;
  34             dat->stream.cbc = NULL;
  35 # ifdef HWAES_cbc_encrypt
  36             if (dat->mode == EVP_CIPH_CBC_MODE)
  37                 dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
  38 # endif
  39 # ifdef HWAES_ecb_encrypt
  40             if (dat->mode == EVP_CIPH_ECB_MODE)
  41                 dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
  42 # endif
  43         } else
  44 #endif
  45 #ifdef BSAES_CAPABLE
  46         if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) {
  47             ret = AES_set_decrypt_key(key, keylen * 8, ks);
  48             dat->block = (block128_f)AES_decrypt;
  49             dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
  50         } else
  51 #endif
  52 #ifdef VPAES_CAPABLE
  53         if (VPAES_CAPABLE) {
  54             ret = vpaes_set_decrypt_key(key, keylen * 8, ks);
  55             dat->block = (block128_f)vpaes_decrypt;
  56             dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
  57                               ?(cbc128_f)vpaes_cbc_encrypt : NULL;
  58         } else
  59 #endif
  60         {
  61             ret = AES_set_decrypt_key(key, keylen * 8, ks);
  62             dat->block = (block128_f)AES_decrypt;
  63             dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
  64                               ? (cbc128_f)AES_cbc_encrypt : NULL;
  65         }
  66     } else
  67 #ifdef HWAES_CAPABLE
  68     if (HWAES_CAPABLE) {
  69         ret = HWAES_set_encrypt_key(key, keylen * 8, ks);
  70         dat->block = (block128_f)HWAES_encrypt;
  71         dat->stream.cbc = NULL;
  72 # ifdef HWAES_cbc_encrypt
  73         if (dat->mode == EVP_CIPH_CBC_MODE)
  74             dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
  75         else
  76 # endif
  77 # ifdef HWAES_ecb_encrypt
  78         if (dat->mode == EVP_CIPH_ECB_MODE)
  79             dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
  80         else
  81 # endif
  82 # ifdef HWAES_ctr32_encrypt_blocks
  83         if (dat->mode == EVP_CIPH_CTR_MODE)
  84             dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
  85         else
  86 # endif
  87             (void)0;            /* terminate potentially open 'else' */
  88     } else
  89 #endif
  90 #ifdef BSAES_CAPABLE
  91     if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) {
  92         ret = AES_set_encrypt_key(key, keylen * 8, ks);
  93         dat->block = (block128_f)AES_encrypt;
  94         dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
  95     } else
  96 #endif
  97 #ifdef VPAES_CAPABLE
  98     if (VPAES_CAPABLE) {
  99         ret = vpaes_set_encrypt_key(key, keylen * 8, ks);
 100         dat->block = (block128_f)vpaes_encrypt;
 101         dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
 102                           ? (cbc128_f)vpaes_cbc_encrypt : NULL;
 103     } else
 104 #endif
 105     {
 106         ret = AES_set_encrypt_key(key, keylen * 8, ks);
 107         dat->block = (block128_f)AES_encrypt;
 108         dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
 109                           ? (cbc128_f)AES_cbc_encrypt : NULL;
 110 #ifdef AES_CTR_ASM
 111         if (dat->mode == EVP_CIPH_CTR_MODE)
 112             dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
 113 #endif
 114     }
 115
 116     if (ret < 0) {
 117         ERR_raise(ERR_LIB_PROV, PROV_R_AES_KEY_SETUP_FAILED);
 118         return 0;
 119     }
 120
 121     return 1;
 122 }
 123
 124 IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_aes_copyctx, PROV_AES_CTX)
 125
 126 #define PROV_CIPHER_HW_aes_mode(mode)                                          \
 127 static const PROV_CIPHER_HW aes_##mode = {                                     \
 128     cipher_hw_aes_initkey,                                                     \
 129     cipher_hw_generic_##mode,                                                  \
 130     cipher_hw_aes_copyctx                                                      \
 131 };                                                                             \
 132 PROV_CIPHER_HW_declare(mode)                                                   \
 133 const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_##mode(size_t keybits)                \
 134 {                                                                              \
 135     PROV_CIPHER_HW_select(mode)                                                \
 136     return &aes_##mode;                                                        \
 137 }
 138
 139 #if defined(AESNI_CAPABLE)
 140 # include "cipher_aes_hw_aesni.inc"
 141 #elif defined(SPARC_AES_CAPABLE)
 142 # include "cipher_aes_hw_t4.inc"
 143 #elif defined(S390X_aes_128_CAPABLE)
 144 # include "cipher_aes_hw_s390x.inc"
 145 #else
 146 /* The generic case */
 147 # define PROV_CIPHER_HW_declare(mode)
 148 # define PROV_CIPHER_HW_select(mode)
 149 #endif
 150
 151 PROV_CIPHER_HW_aes_mode(cbc)
 152 PROV_CIPHER_HW_aes_mode(ecb)
 153 PROV_CIPHER_HW_aes_mode(ofb128)
 154 PROV_CIPHER_HW_aes_mode(cfb128)
 155 PROV_CIPHER_HW_aes_mode(cfb1)
 156 PROV_CIPHER_HW_aes_mode(cfb8)
 157 PROV_CIPHER_HW_aes_mode(ctr)