2 * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "cipher_locl.h"
12 static const PROV_GCM_HW aes_gcm
;
14 static int gcm_setiv(PROV_GCM_CTX
*ctx
, const unsigned char *iv
, size_t ivlen
);
15 static int gcm_aad_update(PROV_GCM_CTX
*ctx
, const unsigned char *aad
,
17 static int gcm_cipher_final(PROV_GCM_CTX
*ctx
, unsigned char *tag
);
18 static int gcm_one_shot(PROV_GCM_CTX
*ctx
, unsigned char *aad
, size_t aad_len
,
19 const unsigned char *in
, size_t in_len
,
20 unsigned char *out
, unsigned char *tag
, size_t tag_len
);
21 static int gcm_cipher_update(PROV_GCM_CTX
*ctx
, const unsigned char *in
,
22 size_t len
, unsigned char *out
);
24 #define SET_KEY_CTR_FN(ks, fn_set_enc_key, fn_block, fn_ctr) \
26 fn_set_enc_key(key, keylen * 8, ks); \
27 CRYPTO_gcm128_init(&ctx->gcm, ks, (block128_f)fn_block); \
28 ctx->ctr = (ctr128_f)fn_ctr; \
31 #if defined(AESNI_CAPABLE)
32 # include "cipher_aes_gcm_hw_aesni.inc"
33 #elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
34 # include "cipher_aes_gcm_hw_t4.inc"
35 #elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
36 # include "cipher_aes_gcm_hw_s390x.inc"
38 const PROV_GCM_HW
*PROV_AES_HW_gcm(size_t keybits
)
44 static int generic_aes_gcm_initkey(PROV_GCM_CTX
*ctx
, const unsigned char *key
,
47 PROV_AES_GCM_CTX
*actx
= (PROV_AES_GCM_CTX
*)ctx
;
48 AES_KEY
*ks
= &actx
->ks
.ks
;
52 # ifdef HWAES_ctr32_encrypt_blocks
53 SET_KEY_CTR_FN(ks
, HWAES_set_encrypt_key
, HWAES_encrypt
,
54 HWAES_ctr32_encrypt_blocks
);
56 SET_KEY_CTR_FN(ks
, HWAES_set_encrypt_key
, HWAES_encrypt
, NULL
);
57 # endif /* HWAES_ctr32_encrypt_blocks */
59 # endif /* HWAES_CAPABLE */
63 SET_KEY_CTR_FN(ks
, AES_set_encrypt_key
, AES_encrypt
,
64 bsaes_ctr32_encrypt_blocks
);
66 # endif /* BSAES_CAPABLE */
70 SET_KEY_CTR_FN(ks
, vpaes_set_encrypt_key
, vpaes_encrypt
, NULL
);
72 # endif /* VPAES_CAPABLE */
76 SET_KEY_CTR_FN(ks
, AES_set_encrypt_key
, AES_encrypt
, AES_ctr32_encrypt
);
78 SET_KEY_CTR_FN(ks
, AES_set_encrypt_key
, AES_encrypt
, NULL
);
79 # endif /* AES_CTR_ASM */
85 static int gcm_setiv(PROV_GCM_CTX
*ctx
, const unsigned char *iv
, size_t ivlen
)
87 CRYPTO_gcm128_setiv(&ctx
->gcm
, iv
, ivlen
);
91 static int gcm_aad_update(PROV_GCM_CTX
*ctx
,
92 const unsigned char *aad
, size_t aad_len
)
94 return CRYPTO_gcm128_aad(&ctx
->gcm
, aad
, aad_len
) == 0;
97 static int gcm_cipher_update(PROV_GCM_CTX
*ctx
, const unsigned char *in
,
98 size_t len
, unsigned char *out
)
101 if (ctx
->ctr
!= NULL
) {
102 #if defined(AES_GCM_ASM)
105 if (len
>= 32 && AES_GCM_ASM(ctx
)) {
106 size_t res
= (16 - ctx
->gcm
.mres
) % 16;
108 if (CRYPTO_gcm128_encrypt(&ctx
->gcm
, in
, out
, res
))
110 bulk
= aesni_gcm_encrypt(in
+ res
, out
+ res
, len
- res
,
112 ctx
->gcm
.Yi
.c
, ctx
->gcm
.Xi
.u
);
113 ctx
->gcm
.len
.u
[1] += bulk
;
116 if (CRYPTO_gcm128_encrypt_ctr32(&ctx
->gcm
, in
+ bulk
, out
+ bulk
,
117 len
- bulk
, ctx
->ctr
))
120 if (CRYPTO_gcm128_encrypt_ctr32(&ctx
->gcm
, in
, out
, len
, ctx
->ctr
))
122 #endif /* AES_GCM_ASM */
124 if (CRYPTO_gcm128_encrypt(&ctx
->gcm
, in
, out
, len
))
128 if (ctx
->ctr
!= NULL
) {
129 #if defined(AES_GCM_ASM)
132 if (len
>= 16 && AES_GCM_ASM(ctx
)) {
133 size_t res
= (16 - ctx
->gcm
.mres
) % 16;
135 if (CRYPTO_gcm128_decrypt(&ctx
->gcm
, in
, out
, res
))
138 bulk
= aesni_gcm_decrypt(in
+ res
, out
+ res
, len
- res
,
140 ctx
->gcm
.Yi
.c
, ctx
->gcm
.Xi
.u
);
141 ctx
->gcm
.len
.u
[1] += bulk
;
144 if (CRYPTO_gcm128_decrypt_ctr32(&ctx
->gcm
, in
+ bulk
, out
+ bulk
,
145 len
- bulk
, ctx
->ctr
))
148 if (CRYPTO_gcm128_decrypt_ctr32(&ctx
->gcm
, in
, out
, len
, ctx
->ctr
))
150 #endif /* AES_GCM_ASM */
152 if (CRYPTO_gcm128_decrypt(&ctx
->gcm
, in
, out
, len
))
159 static int gcm_cipher_final(PROV_GCM_CTX
*ctx
, unsigned char *tag
)
162 CRYPTO_gcm128_tag(&ctx
->gcm
, tag
, GCM_TAG_MAX_SIZE
);
163 ctx
->taglen
= GCM_TAG_MAX_SIZE
;
166 || CRYPTO_gcm128_finish(&ctx
->gcm
, tag
, ctx
->taglen
) != 0)
172 static int gcm_one_shot(PROV_GCM_CTX
*ctx
, unsigned char *aad
, size_t aad_len
,
173 const unsigned char *in
, size_t in_len
,
174 unsigned char *out
, unsigned char *tag
, size_t tag_len
)
179 if (!ctx
->hw
->aadupdate(ctx
, aad
, aad_len
))
181 if (!ctx
->hw
->cipherupdate(ctx
, in
, in_len
, out
))
183 ctx
->taglen
= GCM_TAG_MAX_SIZE
;
184 if (!ctx
->hw
->cipherfinal(ctx
, tag
))
192 static const PROV_GCM_HW aes_gcm
= {
193 generic_aes_gcm_initkey
,
201 #include "cipher_aria_gcm_hw.inc"