• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * This file uses the low level AES functions (which are deprecated for
12  * non-internal use) in order to implement provider AES ciphers.
13  */
14 #include "internal/deprecated.h"
15 
16 #include <openssl/proverr.h>
17 #include "cipher_aes.h"
18 
cipher_hw_aes_initkey(PROV_CIPHER_CTX * dat,const unsigned char * key,size_t keylen)19 static int cipher_hw_aes_initkey(PROV_CIPHER_CTX *dat,
20                                  const unsigned char *key, size_t keylen)
21 {
22     int ret;
23     PROV_AES_CTX *adat = (PROV_AES_CTX *)dat;
24     AES_KEY *ks = &adat->ks.ks;
25 
26     dat->ks = ks;
27 
28     if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
29         && !dat->enc) {
30 #ifdef HWAES_CAPABLE
31         if (HWAES_CAPABLE) {
32             ret = HWAES_set_decrypt_key(key, keylen * 8, ks);
33             dat->block = (block128_f)HWAES_decrypt;
34             dat->stream.cbc = NULL;
35 # ifdef HWAES_cbc_encrypt
36             if (dat->mode == EVP_CIPH_CBC_MODE)
37                 dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
38 # endif
39 # ifdef HWAES_ecb_encrypt
40             if (dat->mode == EVP_CIPH_ECB_MODE)
41                 dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
42 # endif
43         } else
44 #endif
45 #ifdef BSAES_CAPABLE
46         if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CBC_MODE) {
47             ret = AES_set_decrypt_key(key, keylen * 8, ks);
48             dat->block = (block128_f)AES_decrypt;
49             dat->stream.cbc = (cbc128_f)ossl_bsaes_cbc_encrypt;
50         } else
51 #endif
52 #ifdef VPAES_CAPABLE
53         if (VPAES_CAPABLE) {
54             ret = vpaes_set_decrypt_key(key, keylen * 8, ks);
55             dat->block = (block128_f)vpaes_decrypt;
56             dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
57                               ?(cbc128_f)vpaes_cbc_encrypt : NULL;
58         } else
59 #endif
60         {
61             ret = AES_set_decrypt_key(key, keylen * 8, ks);
62             dat->block = (block128_f)AES_decrypt;
63             dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
64                               ? (cbc128_f)AES_cbc_encrypt : NULL;
65         }
66     } else
67 #ifdef HWAES_CAPABLE
68     if (HWAES_CAPABLE) {
69         ret = HWAES_set_encrypt_key(key, keylen * 8, ks);
70         dat->block = (block128_f)HWAES_encrypt;
71         dat->stream.cbc = NULL;
72 # ifdef HWAES_cbc_encrypt
73         if (dat->mode == EVP_CIPH_CBC_MODE)
74             dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt;
75         else
76 # endif
77 # ifdef HWAES_ecb_encrypt
78         if (dat->mode == EVP_CIPH_ECB_MODE)
79             dat->stream.ecb = (ecb128_f)HWAES_ecb_encrypt;
80         else
81 # endif
82 # ifdef HWAES_ctr32_encrypt_blocks
83         if (dat->mode == EVP_CIPH_CTR_MODE)
84             dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks;
85         else
86 # endif
87             (void)0;            /* terminate potentially open 'else' */
88     } else
89 #endif
90 #ifdef BSAES_CAPABLE
91     if (BSAES_CAPABLE && dat->mode == EVP_CIPH_CTR_MODE) {
92         ret = AES_set_encrypt_key(key, keylen * 8, ks);
93         dat->block = (block128_f)AES_encrypt;
94         dat->stream.ctr = (ctr128_f)ossl_bsaes_ctr32_encrypt_blocks;
95     } else
96 #endif
97 #ifdef VPAES_CAPABLE
98     if (VPAES_CAPABLE) {
99         ret = vpaes_set_encrypt_key(key, keylen * 8, ks);
100         dat->block = (block128_f)vpaes_encrypt;
101         dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
102                           ? (cbc128_f)vpaes_cbc_encrypt : NULL;
103     } else
104 #endif
105     {
106         ret = AES_set_encrypt_key(key, keylen * 8, ks);
107         dat->block = (block128_f)AES_encrypt;
108         dat->stream.cbc = (dat->mode == EVP_CIPH_CBC_MODE)
109                           ? (cbc128_f)AES_cbc_encrypt : NULL;
110 #ifdef AES_CTR_ASM
111         if (dat->mode == EVP_CIPH_CTR_MODE)
112             dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
113 #endif
114     }
115 
116     if (ret < 0) {
117         ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
118         return 0;
119     }
120 
121     return 1;
122 }
123 
124 IMPLEMENT_CIPHER_HW_COPYCTX(cipher_hw_aes_copyctx, PROV_AES_CTX)
125 
126 #define PROV_CIPHER_HW_aes_mode(mode)                                          \
127 static const PROV_CIPHER_HW aes_##mode = {                                     \
128     cipher_hw_aes_initkey,                                                     \
129     ossl_cipher_hw_generic_##mode,                                             \
130     cipher_hw_aes_copyctx                                                      \
131 };                                                                             \
132 PROV_CIPHER_HW_declare(mode)                                                   \
133 const PROV_CIPHER_HW *ossl_prov_cipher_hw_aes_##mode(size_t keybits)           \
134 {                                                                              \
135     PROV_CIPHER_HW_select(mode)                                                \
136     return &aes_##mode;                                                        \
137 }
138 
139 #if defined(AESNI_CAPABLE)
140 # include "cipher_aes_hw_aesni.inc"
141 #elif defined(SPARC_AES_CAPABLE)
142 # include "cipher_aes_hw_t4.inc"
143 #elif defined(S390X_aes_128_CAPABLE)
144 # include "cipher_aes_hw_s390x.inc"
145 #else
146 /* The generic case */
147 # define PROV_CIPHER_HW_declare(mode)
148 # define PROV_CIPHER_HW_select(mode)
149 #endif
150 
151 PROV_CIPHER_HW_aes_mode(cbc)
152 PROV_CIPHER_HW_aes_mode(ecb)
153 PROV_CIPHER_HW_aes_mode(ofb128)
154 PROV_CIPHER_HW_aes_mode(cfb128)
155 PROV_CIPHER_HW_aes_mode(cfb1)
156 PROV_CIPHER_HW_aes_mode(cfb8)
157 PROV_CIPHER_HW_aes_mode(ctr)
158