• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*******************************************************************************
2 * Copyright 2015-2018 Intel Corporation
3 * All Rights Reserved.
4 *
5 * If this  software was obtained  under the  Intel Simplified  Software License,
6 * the following terms apply:
7 *
8 * The source code,  information  and material  ("Material") contained  herein is
9 * owned by Intel Corporation or its  suppliers or licensors,  and  title to such
10 * Material remains with Intel  Corporation or its  suppliers or  licensors.  The
11 * Material  contains  proprietary  information  of  Intel or  its suppliers  and
12 * licensors.  The Material is protected by  worldwide copyright  laws and treaty
13 * provisions.  No part  of  the  Material   may  be  used,  copied,  reproduced,
14 * modified, published,  uploaded, posted, transmitted,  distributed or disclosed
15 * in any way without Intel's prior express written permission.  No license under
16 * any patent,  copyright or other  intellectual property rights  in the Material
17 * is granted to  or  conferred  upon  you,  either   expressly,  by implication,
18 * inducement,  estoppel  or  otherwise.  Any  license   under such  intellectual
19 * property rights must be express and approved by Intel in writing.
20 *
21 * Unless otherwise agreed by Intel in writing,  you may not remove or alter this
22 * notice or  any  other  notice   embedded  in  Materials  by  Intel  or Intel's
23 * suppliers or licensors in any way.
24 *
25 *
26 * If this  software  was obtained  under the  Apache License,  Version  2.0 (the
27 * "License"), the following terms apply:
28 *
29 * You may  not use this  file except  in compliance  with  the License.  You may
30 * obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
31 *
32 *
33 * Unless  required  by   applicable  law  or  agreed  to  in  writing,  software
34 * distributed under the License  is distributed  on an  "AS IS"  BASIS,  WITHOUT
35 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
36 *
37 * See the   License  for the   specific  language   governing   permissions  and
38 * limitations under the License.
39 *******************************************************************************/
40 
41 /*
42 //
43 //  Purpose:
44 //     Cryptography Primitive.
45 //     Message Authentication Algorithm
46 //     Internal Definitions and Internal Functions Prototypes
47 //
48 //
49 */
50 
51 #if !defined(_CP_AESAUTH_GCM_H)
52 #define _CP_AESAUTH_GCM_H
53 
54 #include "owncp.h"
55 #include "pcpaesm.h"
56 
57 #define BLOCK_SIZE (MBS_RIJ128)
58 
59 /* GCM Hash prototype: GHash = GHash*HKey mod G() */
60 typedef void (*MulGcm_)(Ipp8u* pGHash, const Ipp8u* pHKey, const void* pParam);
61 
62 /* GCM Authentication prototype: GHash = (GHash^src[])*HKey mod G() */
63 typedef void (*Auth_)(Ipp8u* pHash, const Ipp8u* pSrc, int len, const Ipp8u* pHKey, const void* pParam);
64 
65 /* GCM Encrypt_Authentication prototype */
66 typedef void (*Encrypt_)(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
67 
68 /* GCM Authentication_Decrypt prototype */
69 typedef void (*Decrypt_)(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
70 
71 typedef enum {
72    GcmInit,
73    GcmIVprocessing,
74    GcmAADprocessing,
75    GcmTXTprocessing
76 } GcmState;
77 
78 struct _cpAES_GCM {
79    IppCtxId idCtx;                  /* AES-GCM id                    */
80    GcmState state;                  /* GCM state: Init, IV|AAD|TXT proccessing */
81    Ipp64u   ivLen;                  /* IV length (bytes)             */
82    Ipp64u   aadLen;                 /* header length (bytes)         */
83    Ipp64u   txtLen;                 /* text length (bytes)           */
84 
85    int      bufLen;                 /* staff buffer length           */
86    __ALIGN16                        /* aligned buffers               */
87    Ipp8u    counter[BLOCK_SIZE];    /* counter                       */
88    Ipp8u    ecounter0[BLOCK_SIZE];  /* encrypted initial counter     */
89    Ipp8u    ecounter[BLOCK_SIZE];   /* encrypted counter             */
90    Ipp8u    ghash[BLOCK_SIZE];      /* ghash accumulator             */
91 
92    MulGcm_  hashFun;                /* AES-GCM mul function          */
93    Auth_    authFun;                /* authentication function       */
94    Encrypt_ encFun;                 /* encryption & authentication   */
95    Decrypt_ decFun;                 /* authentication & decryption   */
96 
97    __ALIGN16                        /* aligned AES context           */
98    IppsAESSpec cipher;
99 
100    __ALIGN16                        /* aligned pre-computed data:    */
101    Ipp8u multiplier[BLOCK_SIZE];    /* - (default) hKey                             */
102                                     /* - (ase_ni)  hKey*t, (hKey*t)^2, (hKey*t)^4   */
103                                     /* - (safe) hKey*(t^i), i=0,...,127             */
104 };
105 
106 #define CTR_POS         12
107 
108 /* alignment */
109 #define AESGCM_ALIGNMENT   (16)
110 
111 #define PRECOMP_DATA_SIZE_AES_NI_AESGCM   (BLOCK_SIZE*4)
112 #define PRECOMP_DATA_SIZE_FAST2K          (BLOCK_SIZE*128)
113 
114 /*
115 // Useful macros
116 */
117 #define AESGCM_ID(stt)           ((stt)->idCtx)
118 #define AESGCM_STATE(stt)        ((stt)->state)
119 
120 #define AESGCM_IV_LEN(stt)       ((stt)->ivLen)
121 #define AESGCM_AAD_LEN(stt)      ((stt)->aadLen)
122 #define AESGCM_TXT_LEN(stt)      ((stt)->txtLen)
123 
124 #define AESGCM_BUFLEN(stt)       ((stt)->bufLen)
125 #define AESGCM_COUNTER(stt)      ((stt)->counter)
126 #define AESGCM_ECOUNTER0(stt)    ((stt)->ecounter0)
127 #define AESGCM_ECOUNTER(stt)     ((stt)->ecounter)
128 #define AESGCM_GHASH(stt)        ((stt)->ghash)
129 
130 #define AESGCM_HASH(stt)         ((stt)->hashFun)
131 #define AESGCM_AUTH(stt)         ((stt)->authFun)
132 #define AESGCM_ENC(stt)          ((stt)->encFun)
133 #define AESGCM_DEC(stt)          ((stt)->decFun)
134 
135 #define AESGCM_CIPHER(stt)       (IppsAESSpec*)(&((stt)->cipher))
136 
137 #define AESGCM_HKEY(stt)         ((stt)->multiplier)
138 #define AESGCM_CPWR(stt)         ((stt)->multiplier)
139 #define AES_GCM_MTBL(stt)        ((stt)->multiplier)
140 
141 #define AESGCM_VALID_ID(stt)     (AESGCM_ID((stt))==idCtxAESGCM)
142 
143 
IncrementCounter32(Ipp8u * pCtr)144 __INLINE void IncrementCounter32(Ipp8u* pCtr)
145 {
146    int i;
147    for(i=BLOCK_SIZE-1; i>=CTR_POS && 0==(Ipp8u)(++pCtr[i]); i--) ;
148 }
149 
150 
151 #if (_IPP>=_IPP_P8) || (_IPP32E>=_IPP32E_Y8)
152 #define AesGcmPrecompute_avx OWNAPI(AesGcmPrecompute_avx)
153    void AesGcmPrecompute_avx(Ipp8u* pPrecomputeData, const Ipp8u* pHKey);
154 #define AesGcmMulGcm_avx OWNAPI(AesGcmMulGcm_avx)
155    void AesGcmMulGcm_avx(Ipp8u* pGhash, const Ipp8u* pHkey, const void* pParam);
156 #define AesGcmAuth_avx OWNAPI(AesGcmAuth_avx)
157    void AesGcmAuth_avx(Ipp8u* pGhash, const Ipp8u* pSrc, int len, const Ipp8u* pHkey, const void* pParam);
158 #define wrpAesGcmEnc_avx OWNAPI(wrpAesGcmEnc_avx)
159    void wrpAesGcmEnc_avx(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
160 #define wrpAesGcmDec_avx OWNAPI(wrpAesGcmDec_avx)
161    void wrpAesGcmDec_avx(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
162 #define AesGcmEnc_avx OWNAPI(AesGcmEnc_avx)
163    void AesGcmEnc_avx(Ipp8u* pDst, const Ipp8u* pSrc, int len,
164                       RijnCipher cipher, int nr, const Ipp8u* pKeys,
165                      Ipp8u* pGhash, Ipp8u* pCnt, Ipp8u* pECnt, const Ipp8u* pMuls);
166 #define AesGcmDec_avx OWNAPI(AesGcmDec_avx)
167    void AesGcmDec_avx(Ipp8u* pDst, const Ipp8u* pSrc, int len,
168                      RijnCipher cipher, int nr, const Ipp8u* pKeys,
169                      Ipp8u* pGhash, Ipp8u* pCnt, Ipp8u* pECnt, const Ipp8u* pMuls);
170 #endif
171 
172 #define AesGcmPrecompute_table2K OWNAPI(AesGcmPrecompute_table2K)
173    void AesGcmPrecompute_table2K(Ipp8u* pPrecomputeData, const Ipp8u* pHKey);
174 #define AesGcmMulGcm_table2K OWNAPI(AesGcmMulGcm_table2K)
175    void AesGcmMulGcm_table2K(Ipp8u* pGhash, const Ipp8u* pHkey, const void* pParam);
176 #define AesGcmAuth_table2K OWNAPI(AesGcmAuth_table2K)
177    void AesGcmAuth_table2K(Ipp8u* pGhash, const Ipp8u* pSrc, int len, const Ipp8u* pHkey, const void* pParam);
178 #define wrpAesGcmEnc_table2K OWNAPI(wrpAesGcmEnc_table2K)
179    void wrpAesGcmEnc_table2K(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
180 #define wrpAesGcmDec_table2K OWNAPI(wrpAesGcmDec_table2K)
181    void wrpAesGcmDec_table2K(Ipp8u* pDst, const Ipp8u* pSrc, int len, IppsAES_GCMState* pCtx);
182 
183 extern const Ipp16u AesGcmConst_table[256];            /* precomputed reduction table */
184 
cpSizeofCtx_AESGCM(void)185 static int cpSizeofCtx_AESGCM(void)
186 {
187    int precomp_size;
188 
189    #if (_IPP>=_IPP_P8) || (_IPP32E>=_IPP32E_Y8)
190    if( IsFeatureEnabled(ippCPUID_AES|ippCPUID_CLMUL) )
191       precomp_size = PRECOMP_DATA_SIZE_AES_NI_AESGCM;
192    else
193    #endif
194       precomp_size = PRECOMP_DATA_SIZE_FAST2K;
195 
196    /* decrease precomp_size as soon as BLOCK_SIZE bytes already reserved in context */
197    precomp_size -= BLOCK_SIZE;
198 
199    return sizeof(IppsAES_GCMState)
200          +precomp_size
201          +AESGCM_ALIGNMENT-1;
202 }
203 
204 #endif /* _CP_AESAUTH_GCM_H*/
205