summaryrefslogtreecommitdiffstats
path: root/lib/crypto/aes.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
commit4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree8ce7b00f7a76baa386372422adebbe64510812d4 /lib/crypto/aes.c
parentInitial commit. (diff)
downloadsamba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz
samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/crypto/aes.c')
-rw-r--r--lib/crypto/aes.c329
1 files changed, 329 insertions, 0 deletions
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
new file mode 100644
index 0000000..4ff019a
--- /dev/null
+++ b/lib/crypto/aes.c
@@ -0,0 +1,329 @@
+/*
+ * Copyright (c) 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "replace.h"
+#include "aes.h"
+
+#ifdef SAMBA_RIJNDAEL
+#include "rijndael-alg-fst.h"
+
+#if defined(HAVE_AESNI_INTEL)
+
+/*
+ * NB. HAVE_AESNI_INTEL is only defined if -lang-asm is
+ * available.
+ */
+
+static inline void __cpuid(unsigned int where[4], unsigned int leaf)
+{
+ asm volatile("cpuid" :
+ "=a" (where[0]),
+ "=b" (where[1]),
+ "=c" (where[2]),
+ "=d" (where[3]): "a" (leaf));
+}
+
+/*
+ * has_intel_aes_instructions()
+ * return true if supports AES-NI and false if doesn't
+ */
+static bool has_intel_aes_instructions(void)
+{
+ static int has_aes_instructions = -1;
+ unsigned int cpuid_results[4];
+
+ if (has_aes_instructions != -1) {
+ return (bool)has_aes_instructions;
+ }
+
+ __cpuid(cpuid_results, 1);
+ has_aes_instructions = !!(cpuid_results[2] & (1 << 25));
+ return (bool)has_aes_instructions;
+}
+
+/*
+ * Macro to ensure the AES key schedule starts on a 16 byte boundary.
+ */
+
+#define SET_ACC_CTX(k) \
+ do { \
+ (k)->u.aes_ni.acc_ctx = \
+ (struct crypto_aes_ctx *)(((unsigned long)(k)->u.aes_ni._acc_ctx + 15) & ~0xfUL); \
+ } while (0)
+
+/*
+ * The next 4 functions call the Intel AES hardware implementations
+ * of:
+ *
+ * AES_set_encrypt_key()
+ * AES_set_decrypt_key()
+ * AES_encrypt()
+ * AES_decrypt()
+ */
+
+static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
+ const int bits,
+ AES_KEY *key)
+{
+ SET_ACC_CTX(key);
+ return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
+}
+
+static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
+ const int bits,
+ AES_KEY *key)
+{
+ SET_ACC_CTX(key);
+ return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
+}
+
+static void AES_encrypt_aesni(const unsigned char *in,
+ unsigned char *out,
+ const AES_KEY *key)
+{
+ aesni_enc(key->u.aes_ni.acc_ctx, out, in);
+}
+
+static void AES_decrypt_aesni(const unsigned char *in,
+ unsigned char *out,
+ const AES_KEY *key)
+{
+ aesni_dec(key->u.aes_ni.acc_ctx, out, in);
+}
+#else /* defined(HAVE_AESNI_INTEL) */
+
+/*
+ * Dummy implementations if no Intel AES instructions present.
+ * Only has_intel_aes_instructions() will ever be called.
+*/
+
+static bool has_intel_aes_instructions(void)
+{
+ return false;
+}
+
+static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
+ const int bits,
+ AES_KEY *key)
+{
+ return -1;
+}
+
+static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
+ const int bits,
+ AES_KEY *key)
+{
+ return -1;
+}
+
+static void AES_encrypt_aesni(const unsigned char *in,
+ unsigned char *out,
+ const AES_KEY *key)
+{
+ abort();
+}
+
+static void AES_decrypt_aesni(const unsigned char *in,
+ unsigned char *out,
+ const AES_KEY *key)
+{
+ abort();
+}
+#endif /* defined(HAVE_AENI_INTEL) */
+
+/*
+ * The next 4 functions are the pure software implementations
+ * of:
+ *
+ * AES_set_encrypt_key()
+ * AES_set_decrypt_key()
+ * AES_encrypt()
+ * AES_decrypt()
+ */
+
+static int
+AES_set_encrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key)
+{
+ key->u.aes_rj.rounds = rijndaelKeySetupEnc(key->u.aes_rj.key, userkey, bits);
+ if (key->u.aes_rj.rounds == 0)
+ return -1;
+ return 0;
+}
+
+static int
+AES_set_decrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key)
+{
+ key->u.aes_rj.rounds = rijndaelKeySetupDec(key->u.aes_rj.key, userkey, bits);
+ if (key->u.aes_rj.rounds == 0)
+ return -1;
+ return 0;
+}
+
+static void
+AES_encrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key)
+{
+ rijndaelEncrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out);
+}
+
+static void
+AES_decrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key)
+{
+ rijndaelDecrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out);
+}
+
+/*
+ * The next 4 functions are the runtime switch for Intel AES hardware
+ * implementations of:
+ *
+ * AES_set_encrypt_key()
+ * AES_set_decrypt_key()
+ * AES_encrypt()
+ * AES_decrypt()
+ *
+ * If the hardware instructions don't exist, fall back to the software
+ * versions.
+ */
+
+int
+AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
+{
+ if (has_intel_aes_instructions()) {
+ return AES_set_encrypt_key_aesni(userkey, bits, key);
+ }
+ return AES_set_encrypt_key_rj(userkey, bits, key);
+}
+
+int
+AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
+{
+ if (has_intel_aes_instructions()) {
+ return AES_set_decrypt_key_aesni(userkey, bits, key);
+ }
+ return AES_set_decrypt_key_rj(userkey, bits, key);
+}
+
+void
+AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
+{
+ if (has_intel_aes_instructions()) {
+ AES_encrypt_aesni(in, out, key);
+ return;
+ }
+ AES_encrypt_rj(in, out, key);
+}
+
+void
+AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
+{
+ if (has_intel_aes_instructions()) {
+ AES_decrypt_aesni(in, out, key);
+ return;
+ }
+ AES_decrypt_rj(in, out, key);
+}
+
+#endif /* SAMBA_RIJNDAEL */
+
+#ifdef SAMBA_AES_CBC_ENCRYPT
+void
+AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ unsigned long size, const AES_KEY *key,
+ unsigned char *iv, int forward_encrypt)
+{
+ unsigned char tmp[AES_BLOCK_SIZE];
+ int i;
+
+ if (forward_encrypt) {
+ while (size >= AES_BLOCK_SIZE) {
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
+ tmp[i] = in[i] ^ iv[i];
+ AES_encrypt(tmp, out, key);
+ memcpy(iv, out, AES_BLOCK_SIZE);
+ size -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ if (size) {
+ for (i = 0; i < size; i++)
+ tmp[i] = in[i] ^ iv[i];
+ for (i = size; i < AES_BLOCK_SIZE; i++)
+ tmp[i] = iv[i];
+ AES_encrypt(tmp, out, key);
+ memcpy(iv, out, AES_BLOCK_SIZE);
+ }
+ } else {
+ while (size >= AES_BLOCK_SIZE) {
+ memcpy(tmp, in, AES_BLOCK_SIZE);
+ AES_decrypt(tmp, out, key);
+ for (i = 0; i < AES_BLOCK_SIZE; i++)
+ out[i] ^= iv[i];
+ memcpy(iv, tmp, AES_BLOCK_SIZE);
+ size -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ if (size) {
+ memcpy(tmp, in, AES_BLOCK_SIZE);
+ AES_decrypt(tmp, out, key);
+ for (i = 0; i < size; i++)
+ out[i] ^= iv[i];
+ memcpy(iv, tmp, AES_BLOCK_SIZE);
+ }
+ }
+}
+#endif /* SAMBA_AES_CBC_ENCRYPT */
+
+#ifdef SAMBA_AES_CFB8_ENCRYPT
+void
+AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ unsigned long size, const AES_KEY *key,
+ unsigned char *iv, int forward_encrypt)
+{
+ int i;
+
+ for (i = 0; i < size; i++) {
+ unsigned char tmp[AES_BLOCK_SIZE + 1];
+
+ memcpy(tmp, iv, AES_BLOCK_SIZE);
+ AES_encrypt(iv, iv, key);
+ if (!forward_encrypt) {
+ tmp[AES_BLOCK_SIZE] = in[i];
+ }
+ out[i] = in[i] ^ iv[0];
+ if (forward_encrypt) {
+ tmp[AES_BLOCK_SIZE] = out[i];
+ }
+ memcpy(iv, &tmp[1], AES_BLOCK_SIZE);
+ }
+}
+#endif /* SAMBA_AES_CFB8_ENCRYPT */