diff options
| author | jsing <> | 2025-07-13 06:01:33 +0000 |
|---|---|---|
| committer | jsing <> | 2025-07-13 06:01:33 +0000 |
| commit | 55a6fa359c711ca58fdf4ab2e45fb4d6e5ee0265 (patch) | |
| tree | a43688f8969e5bd862faf101152f51b1560e7731 /src | |
| parent | 8082d2222ff57c8446f00bdd20755af6c4f93747 (diff) | |
| download | openbsd-55a6fa359c711ca58fdf4ab2e45fb4d6e5ee0265.tar.gz openbsd-55a6fa359c711ca58fdf4ab2e45fb4d6e5ee0265.tar.bz2 openbsd-55a6fa359c711ca58fdf4ab2e45fb4d6e5ee0265.zip | |
Simplify AES-XTS implementation and remove AES-NI specific code from EVP.
Provide aes_xts_encrypt_internal() and call that from aes_xts_cipher().
Have amd64 and i386 provide their own versions that dispatch to
aesni_xts_encrypt()/aesni_xts_decrypt() as appropriate. The
AESNI_CAPABLE code and methods can then be removed.
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/aes/aes.c | 32 | ||||
| -rw-r--r-- | src/lib/libcrypto/aes/aes_amd64.c | 31 | ||||
| -rw-r--r-- | src/lib/libcrypto/aes/aes_i386.c | 31 | ||||
| -rw-r--r-- | src/lib/libcrypto/aes/aes_local.h | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/arch/amd64/crypto_arch.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/arch/i386/crypto_arch.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/e_aes.c | 139 | ||||
| -rw-r--r-- | src/lib/libcrypto/modes/modes_local.h | 4 |
8 files changed, 117 insertions, 132 deletions
diff --git a/src/lib/libcrypto/aes/aes.c b/src/lib/libcrypto/aes/aes.c index e9dbe975e3..45b7a3b109 100644 --- a/src/lib/libcrypto/aes/aes.c +++ b/src/lib/libcrypto/aes/aes.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: aes.c,v 1.10 2025/06/27 17:10:45 jsing Exp $ */ | 1 | /* $OpenBSD: aes.c,v 1.11 2025/07/13 06:01:33 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -57,6 +57,7 @@ | |||
| 57 | 57 | ||
| 58 | #include "crypto_arch.h" | 58 | #include "crypto_arch.h" |
| 59 | #include "crypto_internal.h" | 59 | #include "crypto_internal.h" |
| 60 | #include "modes_local.h" | ||
| 60 | 61 | ||
| 61 | static const unsigned char aes_wrap_default_iv[] = { | 62 | static const unsigned char aes_wrap_default_iv[] = { |
| 62 | 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, | 63 | 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, |
| @@ -322,6 +323,35 @@ AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, | |||
| 322 | } | 323 | } |
| 323 | LCRYPTO_ALIAS(AES_ofb128_encrypt); | 324 | LCRYPTO_ALIAS(AES_ofb128_encrypt); |
| 324 | 325 | ||
| 326 | void | ||
| 327 | aes_xts_encrypt_generic(const unsigned char *in, unsigned char *out, size_t len, | ||
| 328 | const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16], | ||
| 329 | int encrypt) | ||
| 330 | { | ||
| 331 | XTS128_CONTEXT xctx; | ||
| 332 | |||
| 333 | if (encrypt) | ||
| 334 | xctx.block1 = aes_encrypt_block128; | ||
| 335 | else | ||
| 336 | xctx.block1 = aes_decrypt_block128; | ||
| 337 | |||
| 338 | xctx.block2 = aes_encrypt_block128; | ||
| 339 | xctx.key1 = key1; | ||
| 340 | xctx.key2 = key2; | ||
| 341 | |||
| 342 | CRYPTO_xts128_encrypt(&xctx, iv, in, out, len, encrypt); | ||
| 343 | } | ||
| 344 | |||
| 345 | #ifndef HAVE_AES_XTS_ENCRYPT_INTERNAL | ||
| 346 | void | ||
| 347 | aes_xts_encrypt_internal(const unsigned char *in, unsigned char *out, size_t len, | ||
| 348 | const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16], | ||
| 349 | int encrypt) | ||
| 350 | { | ||
| 351 | aes_xts_encrypt_generic(in, out, len, key1, key2, iv, encrypt); | ||
| 352 | } | ||
| 353 | #endif | ||
| 354 | |||
| 325 | int | 355 | int |
| 326 | AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, | 356 | AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, |
| 327 | const unsigned char *in, unsigned int inlen) | 357 | const unsigned char *in, unsigned int inlen) |
diff --git a/src/lib/libcrypto/aes/aes_amd64.c b/src/lib/libcrypto/aes/aes_amd64.c index 456409d186..5a40274675 100644 --- a/src/lib/libcrypto/aes/aes_amd64.c +++ b/src/lib/libcrypto/aes/aes_amd64.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: aes_amd64.c,v 1.2 2025/06/27 17:10:45 jsing Exp $ */ | 1 | /* $OpenBSD: aes_amd64.c,v 1.3 2025/07/13 06:01:33 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2025 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2025 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -18,6 +18,7 @@ | |||
| 18 | #include <openssl/aes.h> | 18 | #include <openssl/aes.h> |
| 19 | 19 | ||
| 20 | #include "crypto_arch.h" | 20 | #include "crypto_arch.h" |
| 21 | #include "modes_local.h" | ||
| 21 | 22 | ||
| 22 | int aes_set_encrypt_key_generic(const unsigned char *userKey, const int bits, | 23 | int aes_set_encrypt_key_generic(const unsigned char *userKey, const int bits, |
| 23 | AES_KEY *key); | 24 | AES_KEY *key); |
| @@ -35,6 +36,10 @@ void aes_cbc_encrypt_generic(const unsigned char *in, unsigned char *out, | |||
| 35 | void aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out, | 36 | void aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out, |
| 36 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]); | 37 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]); |
| 37 | 38 | ||
| 39 | void aes_xts_encrypt_generic(const unsigned char *in, unsigned char *out, | ||
| 40 | size_t len, const AES_KEY *key1, const AES_KEY *key2, | ||
| 41 | const unsigned char iv[16], int encrypt); | ||
| 42 | |||
| 38 | int aesni_set_encrypt_key(const unsigned char *userKey, int bits, | 43 | int aesni_set_encrypt_key(const unsigned char *userKey, int bits, |
| 39 | AES_KEY *key); | 44 | AES_KEY *key); |
| 40 | int aesni_set_decrypt_key(const unsigned char *userKey, int bits, | 45 | int aesni_set_decrypt_key(const unsigned char *userKey, int bits, |
| @@ -51,6 +56,14 @@ void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, | |||
| 51 | void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, | 56 | void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, |
| 52 | size_t blocks, const void *key, const unsigned char *ivec); | 57 | size_t blocks, const void *key, const unsigned char *ivec); |
| 53 | 58 | ||
| 59 | void aesni_xts_encrypt(const unsigned char *in, unsigned char *out, | ||
| 60 | size_t length, const AES_KEY *key1, const AES_KEY *key2, | ||
| 61 | const unsigned char iv[16]); | ||
| 62 | |||
| 63 | void aesni_xts_decrypt(const unsigned char *in, unsigned char *out, | ||
| 64 | size_t length, const AES_KEY *key1, const AES_KEY *key2, | ||
| 65 | const unsigned char iv[16]); | ||
| 66 | |||
| 54 | int | 67 | int |
| 55 | aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits, | 68 | aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits, |
| 56 | AES_KEY *key) | 69 | AES_KEY *key) |
| @@ -118,3 +131,19 @@ aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out, | |||
| 118 | 131 | ||
| 119 | aes_ctr32_encrypt_generic(in, out, blocks, key, ivec); | 132 | aes_ctr32_encrypt_generic(in, out, blocks, key, ivec); |
| 120 | } | 133 | } |
| 134 | |||
| 135 | void | ||
| 136 | aes_xts_encrypt_internal(const unsigned char *in, unsigned char *out, | ||
| 137 | size_t len, const AES_KEY *key1, const AES_KEY *key2, | ||
| 138 | const unsigned char iv[16], int encrypt) | ||
| 139 | { | ||
| 140 | if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0) { | ||
| 141 | if (encrypt) | ||
| 142 | aesni_xts_encrypt(in, out, len, key1, key2, iv); | ||
| 143 | else | ||
| 144 | aesni_xts_decrypt(in, out, len, key1, key2, iv); | ||
| 145 | return; | ||
| 146 | } | ||
| 147 | |||
| 148 | aes_xts_encrypt_generic(in, out, len, key1, key2, iv, encrypt); | ||
| 149 | } | ||
diff --git a/src/lib/libcrypto/aes/aes_i386.c b/src/lib/libcrypto/aes/aes_i386.c index 2da02a8d35..73b75d28f5 100644 --- a/src/lib/libcrypto/aes/aes_i386.c +++ b/src/lib/libcrypto/aes/aes_i386.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: aes_i386.c,v 1.2 2025/06/27 17:10:45 jsing Exp $ */ | 1 | /* $OpenBSD: aes_i386.c,v 1.3 2025/07/13 06:01:33 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2025 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2025 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -18,6 +18,7 @@ | |||
| 18 | #include <openssl/aes.h> | 18 | #include <openssl/aes.h> |
| 19 | 19 | ||
| 20 | #include "crypto_arch.h" | 20 | #include "crypto_arch.h" |
| 21 | #include "modes_local.h" | ||
| 21 | 22 | ||
| 22 | int aes_set_encrypt_key_generic(const unsigned char *userKey, const int bits, | 23 | int aes_set_encrypt_key_generic(const unsigned char *userKey, const int bits, |
| 23 | AES_KEY *key); | 24 | AES_KEY *key); |
| @@ -35,6 +36,10 @@ void aes_cbc_encrypt_generic(const unsigned char *in, unsigned char *out, | |||
| 35 | void aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out, | 36 | void aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out, |
| 36 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]); | 37 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]); |
| 37 | 38 | ||
| 39 | void aes_xts_encrypt_generic(const unsigned char *in, unsigned char *out, | ||
| 40 | size_t len, const AES_KEY *key1, const AES_KEY *key2, | ||
| 41 | const unsigned char iv[16], int encrypt); | ||
| 42 | |||
| 38 | int aesni_set_encrypt_key(const unsigned char *userKey, int bits, | 43 | int aesni_set_encrypt_key(const unsigned char *userKey, int bits, |
| 39 | AES_KEY *key); | 44 | AES_KEY *key); |
| 40 | int aesni_set_decrypt_key(const unsigned char *userKey, int bits, | 45 | int aesni_set_decrypt_key(const unsigned char *userKey, int bits, |
| @@ -51,6 +56,14 @@ void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, | |||
| 51 | void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, | 56 | void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, |
| 52 | size_t blocks, const void *key, const unsigned char *ivec); | 57 | size_t blocks, const void *key, const unsigned char *ivec); |
| 53 | 58 | ||
| 59 | void aesni_xts_encrypt(const unsigned char *in, unsigned char *out, | ||
| 60 | size_t length, const AES_KEY *key1, const AES_KEY *key2, | ||
| 61 | const unsigned char iv[16]); | ||
| 62 | |||
| 63 | void aesni_xts_decrypt(const unsigned char *in, unsigned char *out, | ||
| 64 | size_t length, const AES_KEY *key1, const AES_KEY *key2, | ||
| 65 | const unsigned char iv[16]); | ||
| 66 | |||
| 54 | int | 67 | int |
| 55 | aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits, | 68 | aes_set_encrypt_key_internal(const unsigned char *userKey, const int bits, |
| 56 | AES_KEY *key) | 69 | AES_KEY *key) |
| @@ -118,3 +131,19 @@ aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out, | |||
| 118 | 131 | ||
| 119 | aes_ctr32_encrypt_generic(in, out, blocks, key, ivec); | 132 | aes_ctr32_encrypt_generic(in, out, blocks, key, ivec); |
| 120 | } | 133 | } |
| 134 | |||
| 135 | void | ||
| 136 | aes_xts_encrypt_internal(const unsigned char *in, unsigned char *out, | ||
| 137 | size_t len, const AES_KEY *key1, const AES_KEY *key2, | ||
| 138 | const unsigned char iv[16], int encrypt) | ||
| 139 | { | ||
| 140 | if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0) { | ||
| 141 | if (encrypt) | ||
| 142 | aesni_xts_encrypt(in, out, len, key1, key2, iv); | ||
| 143 | else | ||
| 144 | aesni_xts_decrypt(in, out, len, key1, key2, iv); | ||
| 145 | return; | ||
| 146 | } | ||
| 147 | |||
| 148 | aes_xts_encrypt_generic(in, out, len, key1, key2, iv, encrypt); | ||
| 149 | } | ||
diff --git a/src/lib/libcrypto/aes/aes_local.h b/src/lib/libcrypto/aes/aes_local.h index 5052cf9e70..f68d4624e7 100644 --- a/src/lib/libcrypto/aes/aes_local.h +++ b/src/lib/libcrypto/aes/aes_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: aes_local.h,v 1.8 2025/07/06 15:37:33 jsing Exp $ */ | 1 | /* $OpenBSD: aes_local.h,v 1.9 2025/07/13 06:01:33 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -69,6 +69,10 @@ void aes_ctr32_encrypt_ctr128f(const unsigned char *in, unsigned char *out, | |||
| 69 | void aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out, | 69 | void aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out, |
| 70 | size_t len, const AES_KEY *key, int encrypt); | 70 | size_t len, const AES_KEY *key, int encrypt); |
| 71 | 71 | ||
| 72 | void aes_xts_encrypt_internal(const char unsigned *in, char unsigned *out, | ||
| 73 | size_t len, const AES_KEY *key1, const AES_KEY *key2, | ||
| 74 | const unsigned char iv[16], int encrypt); | ||
| 75 | |||
| 72 | __END_HIDDEN_DECLS | 76 | __END_HIDDEN_DECLS |
| 73 | 77 | ||
| 74 | #endif /* !HEADER_AES_LOCAL_H */ | 78 | #endif /* !HEADER_AES_LOCAL_H */ |
diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h index 9f292cc530..7c3c89a088 100644 --- a/src/lib/libcrypto/arch/amd64/crypto_arch.h +++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crypto_arch.h,v 1.9 2025/06/28 12:39:10 jsing Exp $ */ | 1 | /* $OpenBSD: crypto_arch.h,v 1.10 2025/07/13 06:01:33 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -39,6 +39,7 @@ extern uint64_t crypto_cpu_caps_amd64; | |||
| 39 | #define HAVE_AES_DECRYPT_INTERNAL | 39 | #define HAVE_AES_DECRYPT_INTERNAL |
| 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL | 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL |
| 41 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL | 41 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL |
| 42 | #define HAVE_AES_XTS_ENCRYPT_INTERNAL | ||
| 42 | 43 | ||
| 43 | #define HAVE_GCM128_INIT | 44 | #define HAVE_GCM128_INIT |
| 44 | 45 | ||
diff --git a/src/lib/libcrypto/arch/i386/crypto_arch.h b/src/lib/libcrypto/arch/i386/crypto_arch.h index 95d4cc468b..8b292165fb 100644 --- a/src/lib/libcrypto/arch/i386/crypto_arch.h +++ b/src/lib/libcrypto/arch/i386/crypto_arch.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crypto_arch.h,v 1.8 2025/06/28 12:39:10 jsing Exp $ */ | 1 | /* $OpenBSD: crypto_arch.h,v 1.9 2025/07/13 06:01:33 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -39,6 +39,7 @@ extern uint64_t crypto_cpu_caps_i386; | |||
| 39 | #define HAVE_AES_DECRYPT_INTERNAL | 39 | #define HAVE_AES_DECRYPT_INTERNAL |
| 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL | 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL |
| 41 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL | 41 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL |
| 42 | #define HAVE_AES_XTS_ENCRYPT_INTERNAL | ||
| 42 | 43 | ||
| 43 | #define HAVE_GCM128_INIT | 44 | #define HAVE_GCM128_INIT |
| 44 | 45 | ||
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 1779acec66..851da9ded6 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: e_aes.c,v 1.78 2025/07/06 15:37:33 jsing Exp $ */ | 1 | /* $OpenBSD: e_aes.c,v 1.79 2025/07/13 06:01:33 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -84,10 +84,7 @@ typedef struct { | |||
| 84 | 84 | ||
| 85 | typedef struct { | 85 | typedef struct { |
| 86 | AES_KEY ks1, ks2; /* AES key schedules to use */ | 86 | AES_KEY ks1, ks2; /* AES key schedules to use */ |
| 87 | XTS128_CONTEXT xts; | 87 | XTS128_CONTEXT xts; /* XXX - replace with flags. */ |
| 88 | void (*stream)(const unsigned char *in, unsigned char *out, | ||
| 89 | size_t length, const AES_KEY *key1, const AES_KEY *key2, | ||
| 90 | const unsigned char iv[16]); | ||
| 91 | } EVP_AES_XTS_CTX; | 88 | } EVP_AES_XTS_CTX; |
| 92 | 89 | ||
| 93 | typedef struct { | 90 | typedef struct { |
| @@ -103,13 +100,6 @@ typedef struct { | |||
| 103 | 100 | ||
| 104 | #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) | 101 | #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) |
| 105 | 102 | ||
| 106 | #ifdef AES_XTS_ASM | ||
| 107 | void AES_xts_encrypt(const char *inp, char *out, size_t len, | ||
| 108 | const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); | ||
| 109 | void AES_xts_decrypt(const char *inp, char *out, size_t len, | ||
| 110 | const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); | ||
| 111 | #endif | ||
| 112 | |||
| 113 | #if defined(AES_ASM) && ( \ | 103 | #if defined(AES_ASM) && ( \ |
| 114 | ((defined(__i386) || defined(__i386__) || \ | 104 | ((defined(__i386) || defined(__i386__) || \ |
| 115 | defined(_M_IX86)))|| \ | 105 | defined(_M_IX86)))|| \ |
| @@ -137,14 +127,6 @@ void aesni_decrypt(const unsigned char *in, unsigned char *out, | |||
| 137 | void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, | 127 | void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, |
| 138 | size_t length, const AES_KEY *key, int enc); | 128 | size_t length, const AES_KEY *key, int enc); |
| 139 | 129 | ||
| 140 | void aesni_xts_encrypt(const unsigned char *in, unsigned char *out, | ||
| 141 | size_t length, const AES_KEY *key1, const AES_KEY *key2, | ||
| 142 | const unsigned char iv[16]); | ||
| 143 | |||
| 144 | void aesni_xts_decrypt(const unsigned char *in, unsigned char *out, | ||
| 145 | size_t length, const AES_KEY *key1, const AES_KEY *key2, | ||
| 146 | const unsigned char iv[16]); | ||
| 147 | |||
| 148 | void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out, | 130 | void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out, |
| 149 | size_t blocks, const void *key, const unsigned char ivec[16], | 131 | size_t blocks, const void *key, const unsigned char ivec[16], |
| 150 | unsigned char cmac[16]); | 132 | unsigned char cmac[16]); |
| @@ -166,44 +148,6 @@ aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 166 | } | 148 | } |
| 167 | 149 | ||
| 168 | static int | 150 | static int |
| 169 | aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 170 | const unsigned char *iv, int enc) | ||
| 171 | { | ||
| 172 | EVP_AES_XTS_CTX *xctx = ctx->cipher_data; | ||
| 173 | |||
| 174 | if (!iv && !key) | ||
| 175 | return 1; | ||
| 176 | |||
| 177 | if (key) { | ||
| 178 | /* key_len is two AES keys */ | ||
| 179 | if (enc) { | ||
| 180 | aesni_set_encrypt_key(key, ctx->key_len * 4, | ||
| 181 | &xctx->ks1); | ||
| 182 | xctx->xts.block1 = (block128_f)aesni_encrypt; | ||
| 183 | xctx->stream = aesni_xts_encrypt; | ||
| 184 | } else { | ||
| 185 | aesni_set_decrypt_key(key, ctx->key_len * 4, | ||
| 186 | &xctx->ks1); | ||
| 187 | xctx->xts.block1 = (block128_f)aesni_decrypt; | ||
| 188 | xctx->stream = aesni_xts_decrypt; | ||
| 189 | } | ||
| 190 | |||
| 191 | aesni_set_encrypt_key(key + ctx->key_len / 2, | ||
| 192 | ctx->key_len * 4, &xctx->ks2); | ||
| 193 | xctx->xts.block2 = (block128_f)aesni_encrypt; | ||
| 194 | |||
| 195 | xctx->xts.key1 = &xctx->ks1; | ||
| 196 | } | ||
| 197 | |||
| 198 | if (iv) { | ||
| 199 | xctx->xts.key2 = &xctx->ks2; | ||
| 200 | memcpy(ctx->iv, iv, 16); | ||
| 201 | } | ||
| 202 | |||
| 203 | return 1; | ||
| 204 | } | ||
| 205 | |||
| 206 | static int | ||
| 207 | aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 151 | aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 208 | const unsigned char *iv, int enc) | 152 | const unsigned char *iv, int enc) |
| 209 | { | 153 | { |
| @@ -1242,36 +1186,24 @@ aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | |||
| 1242 | 1186 | ||
| 1243 | static int | 1187 | static int |
| 1244 | aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 1188 | aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 1245 | const unsigned char *iv, int enc) | 1189 | const unsigned char *iv, int encrypt) |
| 1246 | { | 1190 | { |
| 1247 | EVP_AES_XTS_CTX *xctx = ctx->cipher_data; | 1191 | EVP_AES_XTS_CTX *xctx = ctx->cipher_data; |
| 1248 | 1192 | ||
| 1249 | if (!iv && !key) | 1193 | if (key != NULL) { |
| 1250 | return 1; | ||
| 1251 | |||
| 1252 | if (key) { | ||
| 1253 | #ifdef AES_XTS_ASM | ||
| 1254 | xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; | ||
| 1255 | #else | ||
| 1256 | xctx->stream = NULL; | ||
| 1257 | #endif | ||
| 1258 | /* key_len is two AES keys */ | 1194 | /* key_len is two AES keys */ |
| 1259 | if (enc) { | 1195 | if (encrypt) |
| 1260 | AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); | 1196 | AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); |
| 1261 | xctx->xts.block1 = (block128_f)AES_encrypt; | 1197 | else |
| 1262 | } else { | ||
| 1263 | AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); | 1198 | AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); |
| 1264 | xctx->xts.block1 = (block128_f)AES_decrypt; | ||
| 1265 | } | ||
| 1266 | 1199 | ||
| 1267 | AES_set_encrypt_key(key + ctx->key_len / 2, | 1200 | AES_set_encrypt_key(key + ctx->key_len / 2, ctx->key_len * 4, |
| 1268 | ctx->key_len * 4, &xctx->ks2); | 1201 | &xctx->ks2); |
| 1269 | xctx->xts.block2 = (block128_f)AES_encrypt; | ||
| 1270 | 1202 | ||
| 1271 | xctx->xts.key1 = &xctx->ks1; | 1203 | xctx->xts.key1 = &xctx->ks1; |
| 1272 | } | 1204 | } |
| 1273 | 1205 | ||
| 1274 | if (iv) { | 1206 | if (iv != NULL) { |
| 1275 | xctx->xts.key2 = &xctx->ks2; | 1207 | xctx->xts.key2 = &xctx->ks2; |
| 1276 | memcpy(ctx->iv, iv, 16); | 1208 | memcpy(ctx->iv, iv, 16); |
| 1277 | } | 1209 | } |
| @@ -1285,17 +1217,15 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 1285 | { | 1217 | { |
| 1286 | EVP_AES_XTS_CTX *xctx = ctx->cipher_data; | 1218 | EVP_AES_XTS_CTX *xctx = ctx->cipher_data; |
| 1287 | 1219 | ||
| 1288 | if (!xctx->xts.key1 || !xctx->xts.key2) | 1220 | if (xctx->xts.key1 == NULL || xctx->xts.key2 == NULL) |
| 1289 | return 0; | ||
| 1290 | if (!out || !in || len < AES_BLOCK_SIZE) | ||
| 1291 | return 0; | 1221 | return 0; |
| 1292 | 1222 | ||
| 1293 | if (xctx->stream) | 1223 | if (out == NULL || in == NULL || len < AES_BLOCK_SIZE) |
| 1294 | (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2, | ||
| 1295 | ctx->iv); | ||
| 1296 | else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, | ||
| 1297 | ctx->encrypt)) | ||
| 1298 | return 0; | 1224 | return 0; |
| 1225 | |||
| 1226 | aes_xts_encrypt_internal(in, out, len, xctx->xts.key1, xctx->xts.key2, | ||
| 1227 | ctx->iv, ctx->encrypt); | ||
| 1228 | |||
| 1299 | return 1; | 1229 | return 1; |
| 1300 | } | 1230 | } |
| 1301 | 1231 | ||
| @@ -1303,22 +1233,6 @@ aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 1303 | ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ | 1233 | ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ |
| 1304 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) | 1234 | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) |
| 1305 | 1235 | ||
| 1306 | |||
| 1307 | #ifdef AESNI_CAPABLE | ||
| 1308 | static const EVP_CIPHER aesni_128_xts = { | ||
| 1309 | .nid = NID_aes_128_xts, | ||
| 1310 | .block_size = 1, | ||
| 1311 | .key_len = 2 * 16, | ||
| 1312 | .iv_len = 16, | ||
| 1313 | .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE, | ||
| 1314 | .init = aesni_xts_init_key, | ||
| 1315 | .do_cipher = aes_xts_cipher, | ||
| 1316 | .cleanup = NULL, | ||
| 1317 | .ctx_size = sizeof(EVP_AES_XTS_CTX), | ||
| 1318 | .ctrl = aes_xts_ctrl, | ||
| 1319 | }; | ||
| 1320 | #endif | ||
| 1321 | |||
| 1322 | static const EVP_CIPHER aes_128_xts = { | 1236 | static const EVP_CIPHER aes_128_xts = { |
| 1323 | .nid = NID_aes_128_xts, | 1237 | .nid = NID_aes_128_xts, |
| 1324 | .block_size = 1, | 1238 | .block_size = 1, |
| @@ -1335,29 +1249,10 @@ static const EVP_CIPHER aes_128_xts = { | |||
| 1335 | const EVP_CIPHER * | 1249 | const EVP_CIPHER * |
| 1336 | EVP_aes_128_xts(void) | 1250 | EVP_aes_128_xts(void) |
| 1337 | { | 1251 | { |
| 1338 | #ifdef AESNI_CAPABLE | ||
| 1339 | return AESNI_CAPABLE ? &aesni_128_xts : &aes_128_xts; | ||
| 1340 | #else | ||
| 1341 | return &aes_128_xts; | 1252 | return &aes_128_xts; |
| 1342 | #endif | ||
| 1343 | } | 1253 | } |
| 1344 | LCRYPTO_ALIAS(EVP_aes_128_xts); | 1254 | LCRYPTO_ALIAS(EVP_aes_128_xts); |
| 1345 | 1255 | ||
| 1346 | #ifdef AESNI_CAPABLE | ||
| 1347 | static const EVP_CIPHER aesni_256_xts = { | ||
| 1348 | .nid = NID_aes_256_xts, | ||
| 1349 | .block_size = 1, | ||
| 1350 | .key_len = 2 * 32, | ||
| 1351 | .iv_len = 16, | ||
| 1352 | .flags = XTS_FLAGS | EVP_CIPH_XTS_MODE, | ||
| 1353 | .init = aesni_xts_init_key, | ||
| 1354 | .do_cipher = aes_xts_cipher, | ||
| 1355 | .cleanup = NULL, | ||
| 1356 | .ctx_size = sizeof(EVP_AES_XTS_CTX), | ||
| 1357 | .ctrl = aes_xts_ctrl, | ||
| 1358 | }; | ||
| 1359 | #endif | ||
| 1360 | |||
| 1361 | static const EVP_CIPHER aes_256_xts = { | 1256 | static const EVP_CIPHER aes_256_xts = { |
| 1362 | .nid = NID_aes_256_xts, | 1257 | .nid = NID_aes_256_xts, |
| 1363 | .block_size = 1, | 1258 | .block_size = 1, |
| @@ -1374,11 +1269,7 @@ static const EVP_CIPHER aes_256_xts = { | |||
| 1374 | const EVP_CIPHER * | 1269 | const EVP_CIPHER * |
| 1375 | EVP_aes_256_xts(void) | 1270 | EVP_aes_256_xts(void) |
| 1376 | { | 1271 | { |
| 1377 | #ifdef AESNI_CAPABLE | ||
| 1378 | return AESNI_CAPABLE ? &aesni_256_xts : &aes_256_xts; | ||
| 1379 | #else | ||
| 1380 | return &aes_256_xts; | 1272 | return &aes_256_xts; |
| 1381 | #endif | ||
| 1382 | } | 1273 | } |
| 1383 | LCRYPTO_ALIAS(EVP_aes_256_xts); | 1274 | LCRYPTO_ALIAS(EVP_aes_256_xts); |
| 1384 | 1275 | ||
diff --git a/src/lib/libcrypto/modes/modes_local.h b/src/lib/libcrypto/modes/modes_local.h index d833d40ee3..5c1acfc25f 100644 --- a/src/lib/libcrypto/modes/modes_local.h +++ b/src/lib/libcrypto/modes/modes_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: modes_local.h,v 1.6 2025/05/18 09:05:59 jsing Exp $ */ | 1 | /* $OpenBSD: modes_local.h,v 1.7 2025/07/13 06:01:33 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2010 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2010 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -46,7 +46,7 @@ struct gcm128_context { | |||
| 46 | }; | 46 | }; |
| 47 | 47 | ||
| 48 | struct xts128_context { | 48 | struct xts128_context { |
| 49 | void *key1, *key2; | 49 | const void *key1, *key2; |
| 50 | block128_f block1, block2; | 50 | block128_f block1, block2; |
| 51 | }; | 51 | }; |
| 52 | 52 | ||