|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2011-2012 Free Software Foundation, Inc.
|
|
Packit Service |
4684c1 |
* Copyright (C) 2018 Red Hat, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Author: Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
4684c1 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
4684c1 |
* the License, or (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* Lesser General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* The following code is an implementation of the AES-128-CBC cipher
|
|
Packit Service |
4684c1 |
* using intel's AES instruction set.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include "errors.h"
|
|
Packit Service |
4684c1 |
#include "gnutls_int.h"
|
|
Packit Service |
4684c1 |
#include <gnutls/crypto.h>
|
|
Packit Service |
4684c1 |
#include "errors.h"
|
|
Packit Service |
4684c1 |
#include <aes-x86.h>
|
|
Packit Service |
4684c1 |
#include <sha-x86.h>
|
|
Packit Service |
4684c1 |
#include <x86-common.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
struct aes_ctx {
|
|
Packit Service |
4684c1 |
AES_KEY expanded_key;
|
|
Packit Service |
4684c1 |
uint8_t iv[16];
|
|
Packit Service |
4684c1 |
int enc;
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
/* we use key size to distinguish */
|
|
Packit Service |
4684c1 |
if (algorithm != GNUTLS_CIPHER_AES_128_CBC
|
|
Packit Service |
4684c1 |
&& algorithm != GNUTLS_CIPHER_AES_192_CBC
|
|
Packit Service |
4684c1 |
&& algorithm != GNUTLS_CIPHER_AES_256_CBC)
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
*_ctx = gnutls_calloc(1, sizeof(struct aes_ctx));
|
|
Packit Service |
4684c1 |
if (*_ctx == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
((struct aes_ctx *) (*_ctx))->enc = enc;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
struct aes_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
CHECK_AES_KEYSIZE(keysize);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ctx->enc)
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
vpaes_set_encrypt_key(userkey, keysize * 8,
|
|
Packit Service |
4684c1 |
ALIGN16(&ctx->expanded_key));
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
vpaes_set_decrypt_key(userkey, keysize * 8,
|
|
Packit Service |
4684c1 |
ALIGN16(&ctx->expanded_key));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ret != 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
aes_ssse3_encrypt(void *_ctx, const void *src, size_t src_size,
|
|
Packit Service |
4684c1 |
void *dst, size_t dst_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
struct aes_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(src_size % 16 != 0))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
vpaes_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
|
|
Packit Service |
4684c1 |
ctx->iv, 1);
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
aes_ssse3_decrypt(void *_ctx, const void *src, size_t src_size,
|
|
Packit Service |
4684c1 |
void *dst, size_t dst_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
struct aes_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(src_size % 16 != 0))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
vpaes_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
|
|
Packit Service |
4684c1 |
ctx->iv, 0);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int aes_setiv(void *_ctx, const void *iv, size_t iv_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
struct aes_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (iv_size != 16)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memcpy(ctx->iv, iv, 16);
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static void aes_deinit(void *_ctx)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
struct aes_ctx *ctx = _ctx;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
zeroize_temp_key(ctx, sizeof(*ctx));
|
|
Packit Service |
4684c1 |
gnutls_free(ctx);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
const gnutls_crypto_cipher_st _gnutls_aes_ssse3 = {
|
|
Packit Service |
4684c1 |
.init = aes_cipher_init,
|
|
Packit Service |
4684c1 |
.setkey = aes_ssse3_cipher_setkey,
|
|
Packit Service |
4684c1 |
.setiv = aes_setiv,
|
|
Packit Service |
4684c1 |
.encrypt = aes_ssse3_encrypt,
|
|
Packit Service |
4684c1 |
.decrypt = aes_ssse3_decrypt,
|
|
Packit Service |
4684c1 |
.deinit = aes_deinit,
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|