diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
commit | 36082a2fe36ecd800d784ae44c14f1f18c66a7e9 (patch) | |
tree | 6c68e0c0097987aff85a01dabddd34b862309a7c /lib/accelerated/x86/aes-gcm-x86-aesni.c | |
parent | Initial commit. (diff) | |
download | gnutls28-36082a2fe36ecd800d784ae44c14f1f18c66a7e9.tar.xz gnutls28-36082a2fe36ecd800d784ae44c14f1f18c66a7e9.zip |
Adding upstream version 3.7.9.upstream/3.7.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/accelerated/x86/aes-gcm-x86-aesni.c')
-rw-r--r-- | lib/accelerated/x86/aes-gcm-x86-aesni.c | 206 |
1 files changed, 206 insertions, 0 deletions
diff --git a/lib/accelerated/x86/aes-gcm-x86-aesni.c b/lib/accelerated/x86/aes-gcm-x86-aesni.c new file mode 100644 index 0000000..3be63dd --- /dev/null +++ b/lib/accelerated/x86/aes-gcm-x86-aesni.c @@ -0,0 +1,206 @@ +/* + * Copyright (C) 2011-2012 Free Software Foundation, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + * + */ + +/* + * The following code is an implementation of the AES-128-GCM cipher + * using AESNI (without PCLMUL) + */ + +#include "errors.h" +#include "gnutls_int.h" + +#ifdef HAVE_LIBNETTLE + +#include <gnutls/crypto.h> +#include "errors.h" +#include <aes-x86.h> +#include <x86-common.h> +#include <byteswap.h> +#include <nettle/gcm.h> + +/* GCM mode + * It is used when the CPU doesn't include the PCLMUL instructions. + */ +struct gcm_x86_aes_ctx { + struct GCM_CTX(AES_KEY) inner; + size_t rekey_counter; +}; + +static void x86_aes_encrypt(const void *_ctx, + size_t length, uint8_t * dst, + const uint8_t * src) +{ + AES_KEY *ctx = (void*)_ctx; + + aesni_ecb_encrypt(src, dst, length, ctx, 1); +} + +static void x86_aes128_set_encrypt_key(void *_ctx, + const uint8_t * key) +{ + AES_KEY *ctx = _ctx; + + aesni_set_encrypt_key(key, 16*8, ctx); +} + +static void x86_aes192_set_encrypt_key(void *_ctx, + const uint8_t * key) +{ + AES_KEY *ctx = _ctx; + + aesni_set_encrypt_key(key, 24*8, ctx); +} + +static void x86_aes256_set_encrypt_key(void *_ctx, + const uint8_t * key) +{ + AES_KEY *ctx = _ctx; + + aesni_set_encrypt_key(key, 32*8, ctx); +} + +static int +aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, + int enc) +{ + /* we use key size to distinguish */ + if (algorithm != GNUTLS_CIPHER_AES_128_GCM && + algorithm != GNUTLS_CIPHER_AES_192_GCM && + algorithm != GNUTLS_CIPHER_AES_256_GCM) + return GNUTLS_E_INVALID_REQUEST; + + *_ctx = gnutls_calloc(1, sizeof(struct gcm_x86_aes_ctx)); + if (*_ctx == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + return 0; +} + +static int +aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t length) +{ + struct gcm_x86_aes_ctx *ctx = _ctx; + + if (length == 16) { + GCM_SET_KEY(&ctx->inner, x86_aes128_set_encrypt_key, x86_aes_encrypt, + key); + } else if (length == 24) { + GCM_SET_KEY(&ctx->inner, x86_aes192_set_encrypt_key, x86_aes_encrypt, + key); + } else if (length == 32) { + GCM_SET_KEY(&ctx->inner, x86_aes256_set_encrypt_key, x86_aes_encrypt, + key); + } else + return GNUTLS_E_INVALID_REQUEST; + + ctx->rekey_counter = 0; + return 0; +} + +static int aes_gcm_setiv(void *_ctx, const void *iv, size_t iv_size) +{ + struct gcm_x86_aes_ctx *ctx = _ctx; + + if (iv_size != GCM_BLOCK_SIZE - 4) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + GCM_SET_IV(&ctx->inner, iv_size, iv); + + ctx->rekey_counter = 0; + return 0; +} + +static int +aes_gcm_encrypt(void *_ctx, const void *src, size_t src_size, + void *dst, size_t length) +{ + struct gcm_x86_aes_ctx *ctx = _ctx; + int ret; + + if (unlikely(length < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + + ret = record_aes_gcm_encrypt_size(&ctx->rekey_counter, src_size); + if (ret < 0) { + return gnutls_assert_val(ret); + } + + GCM_ENCRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src); + + return 0; +} + +static int +aes_gcm_decrypt(void *_ctx, const void *src, size_t src_size, + void *dst, size_t dst_size) +{ + struct gcm_x86_aes_ctx *ctx = _ctx; + + if (unlikely(dst_size < src_size)) + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + + GCM_DECRYPT(&ctx->inner, x86_aes_encrypt, src_size, dst, src); + return 0; +} + +static int aes_gcm_auth(void *_ctx, const void *src, size_t src_size) +{ + struct gcm_x86_aes_ctx *ctx = _ctx; + + GCM_UPDATE(&ctx->inner, src_size, src); + + return 0; +} + +static void aes_gcm_tag(void *_ctx, void *tag, size_t tagsize) +{ + struct gcm_x86_aes_ctx *ctx = _ctx; + + GCM_DIGEST(&ctx->inner, x86_aes_encrypt, tagsize, tag); +} + +static void aes_gcm_deinit(void *_ctx) +{ + struct gcm_x86_aes_ctx *ctx = _ctx; + + zeroize_temp_key(ctx, sizeof(*ctx)); + gnutls_free(ctx); +} + +#include "aes-gcm-aead.h" + +const gnutls_crypto_cipher_st _gnutls_aes_gcm_x86_aesni = { + .init = aes_gcm_cipher_init, + .setkey = aes_gcm_cipher_setkey, + .setiv = aes_gcm_setiv, + .aead_encrypt = aes_gcm_aead_encrypt, + .aead_decrypt = aes_gcm_aead_decrypt, + .encrypt = aes_gcm_encrypt, + .decrypt = aes_gcm_decrypt, + .deinit = aes_gcm_deinit, + .tag = aes_gcm_tag, + .auth = aes_gcm_auth, +}; + +#endif |