diff options
Diffstat (limited to '')
-rw-r--r-- | lib/crypto/aes.c | 329 |
1 files changed, 329 insertions, 0 deletions
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c new file mode 100644 index 0000000..4ff019a --- /dev/null +++ b/lib/crypto/aes.c @@ -0,0 +1,329 @@ +/* + * Copyright (c) 2003 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "replace.h" +#include "aes.h" + +#ifdef SAMBA_RIJNDAEL +#include "rijndael-alg-fst.h" + +#if defined(HAVE_AESNI_INTEL) + +/* + * NB. HAVE_AESNI_INTEL is only defined if -lang-asm is + * available. + */ + +static inline void __cpuid(unsigned int where[4], unsigned int leaf) +{ + asm volatile("cpuid" : + "=a" (where[0]), + "=b" (where[1]), + "=c" (where[2]), + "=d" (where[3]): "a" (leaf)); +} + +/* + * has_intel_aes_instructions() + * return true if supports AES-NI and false if doesn't + */ +static bool has_intel_aes_instructions(void) +{ + static int has_aes_instructions = -1; + unsigned int cpuid_results[4]; + + if (has_aes_instructions != -1) { + return (bool)has_aes_instructions; + } + + __cpuid(cpuid_results, 1); + has_aes_instructions = !!(cpuid_results[2] & (1 << 25)); + return (bool)has_aes_instructions; +} + +/* + * Macro to ensure the AES key schedule starts on a 16 byte boundary. + */ + +#define SET_ACC_CTX(k) \ + do { \ + (k)->u.aes_ni.acc_ctx = \ + (struct crypto_aes_ctx *)(((unsigned long)(k)->u.aes_ni._acc_ctx + 15) & ~0xfUL); \ + } while (0) + +/* + * The next 4 functions call the Intel AES hardware implementations + * of: + * + * AES_set_encrypt_key() + * AES_set_decrypt_key() + * AES_encrypt() + * AES_decrypt() + */ + +static int AES_set_encrypt_key_aesni(const unsigned char *userkey, + const int bits, + AES_KEY *key) +{ + SET_ACC_CTX(key); + return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8); +} + +static int AES_set_decrypt_key_aesni(const unsigned char *userkey, + const int bits, + AES_KEY *key) +{ + SET_ACC_CTX(key); + return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8); +} + +static void AES_encrypt_aesni(const unsigned char *in, + unsigned char *out, + const AES_KEY *key) +{ + aesni_enc(key->u.aes_ni.acc_ctx, out, in); +} + +static void AES_decrypt_aesni(const unsigned char *in, + unsigned char *out, + const AES_KEY *key) +{ + aesni_dec(key->u.aes_ni.acc_ctx, out, in); +} +#else /* defined(HAVE_AESNI_INTEL) */ + +/* + * Dummy implementations if no Intel AES instructions present. + * Only has_intel_aes_instructions() will ever be called. +*/ + +static bool has_intel_aes_instructions(void) +{ + return false; +} + +static int AES_set_encrypt_key_aesni(const unsigned char *userkey, + const int bits, + AES_KEY *key) +{ + return -1; +} + +static int AES_set_decrypt_key_aesni(const unsigned char *userkey, + const int bits, + AES_KEY *key) +{ + return -1; +} + +static void AES_encrypt_aesni(const unsigned char *in, + unsigned char *out, + const AES_KEY *key) +{ + abort(); +} + +static void AES_decrypt_aesni(const unsigned char *in, + unsigned char *out, + const AES_KEY *key) +{ + abort(); +} +#endif /* defined(HAVE_AENI_INTEL) */ + +/* + * The next 4 functions are the pure software implementations + * of: + * + * AES_set_encrypt_key() + * AES_set_decrypt_key() + * AES_encrypt() + * AES_decrypt() + */ + +static int +AES_set_encrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key) +{ + key->u.aes_rj.rounds = rijndaelKeySetupEnc(key->u.aes_rj.key, userkey, bits); + if (key->u.aes_rj.rounds == 0) + return -1; + return 0; +} + +static int +AES_set_decrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key) +{ + key->u.aes_rj.rounds = rijndaelKeySetupDec(key->u.aes_rj.key, userkey, bits); + if (key->u.aes_rj.rounds == 0) + return -1; + return 0; +} + +static void +AES_encrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + rijndaelEncrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out); +} + +static void +AES_decrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + rijndaelDecrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out); +} + +/* + * The next 4 functions are the runtime switch for Intel AES hardware + * implementations of: + * + * AES_set_encrypt_key() + * AES_set_decrypt_key() + * AES_encrypt() + * AES_decrypt() + * + * If the hardware instructions don't exist, fall back to the software + * versions. + */ + +int +AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) +{ + if (has_intel_aes_instructions()) { + return AES_set_encrypt_key_aesni(userkey, bits, key); + } + return AES_set_encrypt_key_rj(userkey, bits, key); +} + +int +AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key) +{ + if (has_intel_aes_instructions()) { + return AES_set_decrypt_key_aesni(userkey, bits, key); + } + return AES_set_decrypt_key_rj(userkey, bits, key); +} + +void +AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + if (has_intel_aes_instructions()) { + AES_encrypt_aesni(in, out, key); + return; + } + AES_encrypt_rj(in, out, key); +} + +void +AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + if (has_intel_aes_instructions()) { + AES_decrypt_aesni(in, out, key); + return; + } + AES_decrypt_rj(in, out, key); +} + +#endif /* SAMBA_RIJNDAEL */ + +#ifdef SAMBA_AES_CBC_ENCRYPT +void +AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + unsigned long size, const AES_KEY *key, + unsigned char *iv, int forward_encrypt) +{ + unsigned char tmp[AES_BLOCK_SIZE]; + int i; + + if (forward_encrypt) { + while (size >= AES_BLOCK_SIZE) { + for (i = 0; i < AES_BLOCK_SIZE; i++) + tmp[i] = in[i] ^ iv[i]; + AES_encrypt(tmp, out, key); + memcpy(iv, out, AES_BLOCK_SIZE); + size -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (size) { + for (i = 0; i < size; i++) + tmp[i] = in[i] ^ iv[i]; + for (i = size; i < AES_BLOCK_SIZE; i++) + tmp[i] = iv[i]; + AES_encrypt(tmp, out, key); + memcpy(iv, out, AES_BLOCK_SIZE); + } + } else { + while (size >= AES_BLOCK_SIZE) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(tmp, out, key); + for (i = 0; i < AES_BLOCK_SIZE; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, AES_BLOCK_SIZE); + size -= AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + if (size) { + memcpy(tmp, in, AES_BLOCK_SIZE); + AES_decrypt(tmp, out, key); + for (i = 0; i < size; i++) + out[i] ^= iv[i]; + memcpy(iv, tmp, AES_BLOCK_SIZE); + } + } +} +#endif /* SAMBA_AES_CBC_ENCRYPT */ + +#ifdef SAMBA_AES_CFB8_ENCRYPT +void +AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + unsigned long size, const AES_KEY *key, + unsigned char *iv, int forward_encrypt) +{ + int i; + + for (i = 0; i < size; i++) { + unsigned char tmp[AES_BLOCK_SIZE + 1]; + + memcpy(tmp, iv, AES_BLOCK_SIZE); + AES_encrypt(iv, iv, key); + if (!forward_encrypt) { + tmp[AES_BLOCK_SIZE] = in[i]; + } + out[i] = in[i] ^ iv[0]; + if (forward_encrypt) { + tmp[AES_BLOCK_SIZE] = out[i]; + } + memcpy(iv, &tmp[1], AES_BLOCK_SIZE); + } +} +#endif /* SAMBA_AES_CFB8_ENCRYPT */ |