]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
when AESNI is available without PCLMUL, then use AES-NI in GCM.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 14 Dec 2013 18:36:17 +0000 (19:36 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 14 Dec 2013 18:36:17 +0000 (19:36 +0100)
lib/accelerated/x86/Makefile.am
lib/accelerated/x86/aes-gcm-x86-aesni.c [new file with mode: 0644]
lib/accelerated/x86/aes-x86.c
lib/accelerated/x86/aes-x86.h

index ec8bd3eed3d823ddfdfaa9f331630c640050f113..5e8f825782e2830e5618cc5cd31cbe477b5c8086 100644 (file)
@@ -37,7 +37,7 @@ noinst_LTLIBRARIES = libx86.la
 
 libx86_la_SOURCES = sha-padlock.c hmac-padlock.c aes-x86.c aes-padlock.c aes-gcm-padlock.c \
        aes-padlock.h aes-x86.h x86.h sha-padlock.h sha-x86-ssse3.c sha-x86.h hmac-x86-ssse3.c \
-       aes-gcm-x86-ssse3.c
+       aes-gcm-x86-ssse3.c aes-gcm-x86-aesni.c
 
 include files.mk
 
diff --git a/lib/accelerated/x86/aes-gcm-x86-aesni.c b/lib/accelerated/x86/aes-gcm-x86-aesni.c
new file mode 100644 (file)
index 0000000..2651cd3
--- /dev/null
@@ -0,0 +1,161 @@
+/*
+ * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/*
+ * The following code is an implementation of the AES-128-GCM cipher
+ * using AESNI (without PCLMUL)
+ */
+
+#include <gnutls_errors.h>
+#include <gnutls_int.h>
+
+#ifdef HAVE_LIBNETTLE
+
+#include <gnutls/crypto.h>
+#include <gnutls_errors.h>
+#include <aes-x86.h>
+#include <x86.h>
+#include <byteswap.h>
+#include <nettle/gcm.h>
+#include <aes-x86.h>
+
+/* GCM mode 
+ * It is used when the CPU doesn't include the PCLMUL instructions.
+ */
+struct gcm_x86_aes_ctx GCM_CTX(AES_KEY);
+
+static void x86_aes_encrypt(void *_ctx,
+                               unsigned length, uint8_t * dst,
+                               const uint8_t * src)
+{
+       AES_KEY *ctx = _ctx;
+
+       aesni_ecb_encrypt(src, dst, 16, ctx, 1);
+}
+
+static void x86_aes_set_encrypt_key(void *_ctx,
+                                       unsigned length,
+                                       const uint8_t * key)
+{
+       AES_KEY *ctx = _ctx;
+
+       aesni_set_encrypt_key(key, length*8, ctx);
+}
+
+static int
+aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx,
+                   int enc)
+{
+       /* we use key size to distinguish */
+       if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
+           algorithm != GNUTLS_CIPHER_AES_256_GCM)
+               return GNUTLS_E_INVALID_REQUEST;
+
+       *_ctx = gnutls_calloc(1, sizeof(struct gcm_x86_aes_ctx));
+       if (*_ctx == NULL) {
+               gnutls_assert();
+               return GNUTLS_E_MEMORY_ERROR;
+       }
+
+       return 0;
+}
+
+static int
+aes_gcm_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
+{
+       struct gcm_x86_aes_ctx *ctx = _ctx;
+
+       GCM_SET_KEY(ctx, x86_aes_set_encrypt_key, x86_aes_encrypt,
+                   keysize, userkey);
+
+       return 0;
+}
+
+static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size)
+{
+       struct gcm_x86_aes_ctx *ctx = _ctx;
+
+       if (iv_size != GCM_BLOCK_SIZE - 4)
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+       GCM_SET_IV(ctx, iv_size, iv);
+
+       return 0;
+}
+
+static int
+aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size,
+               void *dst, size_t length)
+{
+       struct gcm_x86_aes_ctx *ctx = _ctx;
+
+       GCM_ENCRYPT(ctx, x86_aes_encrypt, src_size, dst, src);
+
+       return 0;
+}
+
+static int
+aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size,
+               void *dst, size_t dst_size)
+{
+       struct gcm_x86_aes_ctx *ctx = _ctx;
+
+       GCM_DECRYPT(ctx, x86_aes_encrypt, src_size, dst, src);
+       return 0;
+}
+
+static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size)
+{
+       struct gcm_x86_aes_ctx *ctx = _ctx;
+
+       GCM_UPDATE(ctx, src_size, src);
+
+       return 0;
+}
+
+static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize)
+{
+       struct gcm_x86_aes_ctx *ctx = _ctx;
+
+       GCM_DIGEST(ctx, x86_aes_encrypt, tagsize, tag);
+}
+
+static void aes_gcm_deinit(void *_ctx)
+{
+       struct gcm_x86_aes_ctx *ctx = _ctx;
+
+       zeroize_temp_key(ctx, sizeof(*ctx));
+       gnutls_free(ctx);
+}
+
+const gnutls_crypto_cipher_st aes_gcm_x86_aesni = {
+       .init = aes_gcm_cipher_init,
+       .setkey = aes_gcm_cipher_setkey,
+       .setiv = aes_gcm_setiv,
+       .encrypt = aes_gcm_encrypt,
+       .decrypt = aes_gcm_decrypt,
+       .deinit = aes_gcm_deinit,
+       .tag = aes_gcm_tag,
+       .auth = aes_gcm_auth,
+};
+
+#endif
index 5607162b865e30bf76a98dfbab3fa5b6e123ebc9..dcac4f083d190f4deaa8e6f9ab8b12c29674c250 100644 (file)
@@ -384,6 +384,24 @@ void register_x86_crypto(void)
                        if (ret < 0) {
                                gnutls_assert();
                        }
+               } else {
+                       ret =
+                           gnutls_crypto_single_cipher_register
+                           (GNUTLS_CIPHER_AES_128_GCM, 80,
+                            &aes_gcm_x86_aesni);
+                       if (ret < 0) {
+                               gnutls_assert();
+                       }
+
+                       ret =
+                           gnutls_crypto_single_cipher_register
+                           (GNUTLS_CIPHER_AES_256_GCM, 80,
+                            &aes_gcm_x86_aesni);
+                       if (ret < 0) {
+                               gnutls_assert();
+                       }
+
+
                }
 #endif
        }
index cb3fed4bc5a64a765b266bccb6652ab2cb0f796e..3a63d818c344b1374c13bed9e164df9bd8f13a9e 100644 (file)
@@ -45,5 +45,6 @@ void vpaes_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *k
 
 extern const gnutls_crypto_cipher_st aes_gcm_pclmul;
 extern const gnutls_crypto_cipher_st aes_gcm_x86_ssse3;
+extern const gnutls_crypto_cipher_st aes_gcm_x86_aesni;
 
 #endif