diff options
| author | jsing <> | 2025-07-21 10:24:23 +0000 |
|---|---|---|
| committer | jsing <> | 2025-07-21 10:24:23 +0000 |
| commit | b73facdeca098be7e538e556c1a293942db3110c (patch) | |
| tree | ff569faf5125c023700a2783ef5d648c47c81313 /src | |
| parent | 32c75086555dc2a71cc1500a21b0d024fe48ceaf (diff) | |
| download | openbsd-b73facdeca098be7e538e556c1a293942db3110c.tar.gz openbsd-b73facdeca098be7e538e556c1a293942db3110c.tar.bz2 openbsd-b73facdeca098be7e538e556c1a293942db3110c.zip | |
Move AES-NI from EVP to AES for CCM mode.
The mode implementation for CCM has two variants - one takes the block
function, while the other takes a "ccm64" function. The latter is expected
to handle the lower 64 bits of the IV/counter but only for 16 byte blocks.
The AES-NI implementation for CCM currently uses the second variant.
Provide aes_ccm64_encrypt_internal() as a function that can be replaced on
a machine dependent basis, along with an aes_ccm64_encrypt_generic()
function that provides the default implementation and can be used as a
fallback. Wire up the AES-NI version for amd64 and i386, change EVP's
aes_ccm_cipher() to use CRYPTO_ctr128_{en,de}crypt_ccm64() with
aes_ccm64_encrypt_internal()) and remove the various AES-NI specific
EVP_CIPHER methods for CCM.
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/aes/aes.c | 70 | ||||
| -rw-r--r-- | src/lib/libcrypto/aes/aes_amd64.c | 30 | ||||
| -rw-r--r-- | src/lib/libcrypto/aes/aes_i386.c | 30 | ||||
| -rw-r--r-- | src/lib/libcrypto/aes/aes_local.h | 10 | ||||
| -rw-r--r-- | src/lib/libcrypto/arch/amd64/crypto_arch.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/arch/i386/crypto_arch.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/e_aes.c | 111 |
7 files changed, 145 insertions, 112 deletions
diff --git a/src/lib/libcrypto/aes/aes.c b/src/lib/libcrypto/aes/aes.c index cbfb548b3b..33e6273268 100644 --- a/src/lib/libcrypto/aes/aes.c +++ b/src/lib/libcrypto/aes/aes.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: aes.c,v 1.12 2025/07/20 08:55:49 jsing Exp $ */ | 1 | /* $OpenBSD: aes.c,v 1.13 2025/07/21 10:24:23 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -173,6 +173,74 @@ AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length, | |||
| 173 | LCRYPTO_ALIAS(AES_cfb8_encrypt); | 173 | LCRYPTO_ALIAS(AES_cfb8_encrypt); |
| 174 | 174 | ||
| 175 | void | 175 | void |
| 176 | aes_ccm64_encrypt_generic(const unsigned char *in, unsigned char *out, | ||
| 177 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 178 | unsigned char cmac[16], int encrypt) | ||
| 179 | { | ||
| 180 | uint8_t iv[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; | ||
| 181 | uint8_t in_mask; | ||
| 182 | uint64_t ctr; | ||
| 183 | int i; | ||
| 184 | |||
| 185 | in_mask = 0 - (encrypt != 0); | ||
| 186 | |||
| 187 | memcpy(iv, ivec, sizeof(iv)); | ||
| 188 | |||
| 189 | ctr = crypto_load_be64toh(&iv[8]); | ||
| 190 | |||
| 191 | while (blocks > 0) { | ||
| 192 | crypto_store_htobe64(&iv[8], ctr); | ||
| 193 | aes_encrypt_internal(iv, buf, key); | ||
| 194 | ctr++; | ||
| 195 | |||
| 196 | for (i = 0; i < 16; i++) { | ||
| 197 | out[i] = in[i] ^ buf[i]; | ||
| 198 | cmac[i] ^= (in[i] & in_mask) | (out[i] & ~in_mask); | ||
| 199 | } | ||
| 200 | |||
| 201 | aes_encrypt_internal(cmac, cmac, key); | ||
| 202 | |||
| 203 | in += 16; | ||
| 204 | out += 16; | ||
| 205 | blocks--; | ||
| 206 | } | ||
| 207 | |||
| 208 | explicit_bzero(buf, sizeof(buf)); | ||
| 209 | explicit_bzero(iv, sizeof(iv)); | ||
| 210 | } | ||
| 211 | |||
| 212 | #ifdef HAVE_AES_CCM64_ENCRYPT_INTERNAL | ||
| 213 | void aes_ccm64_encrypt_internal(const unsigned char *in, unsigned char *out, | ||
| 214 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 215 | unsigned char cmac[16], int encrypt); | ||
| 216 | |||
| 217 | #else | ||
| 218 | static inline void | ||
| 219 | aes_ccm64_encrypt_internal(const unsigned char *in, unsigned char *out, | ||
| 220 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 221 | unsigned char cmac[16], int encrypt) | ||
| 222 | { | ||
| 223 | aes_ccm64_encrypt_generic(in, out, blocks, key, ivec, cmac, encrypt); | ||
| 224 | } | ||
| 225 | #endif | ||
| 226 | |||
| 227 | void | ||
| 228 | aes_ccm64_encrypt_ccm128f(const unsigned char *in, unsigned char *out, | ||
| 229 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 230 | unsigned char cmac[16]) | ||
| 231 | { | ||
| 232 | aes_ccm64_encrypt_internal(in, out, blocks, key, ivec, cmac, 1); | ||
| 233 | } | ||
| 234 | |||
| 235 | void | ||
| 236 | aes_ccm64_decrypt_ccm128f(const unsigned char *in, unsigned char *out, | ||
| 237 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 238 | unsigned char cmac[16]) | ||
| 239 | { | ||
| 240 | aes_ccm64_encrypt_internal(in, out, blocks, key, ivec, cmac, 0); | ||
| 241 | } | ||
| 242 | |||
| 243 | void | ||
| 176 | aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out, | 244 | aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out, |
| 177 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]) | 245 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]) |
| 178 | { | 246 | { |
diff --git a/src/lib/libcrypto/aes/aes_amd64.c b/src/lib/libcrypto/aes/aes_amd64.c index 5a40274675..436983d872 100644 --- a/src/lib/libcrypto/aes/aes_amd64.c +++ b/src/lib/libcrypto/aes/aes_amd64.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: aes_amd64.c,v 1.3 2025/07/13 06:01:33 jsing Exp $ */ | 1 | /* $OpenBSD: aes_amd64.c,v 1.4 2025/07/21 10:24:23 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2025 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2025 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -33,6 +33,10 @@ void aes_decrypt_generic(const unsigned char *in, unsigned char *out, | |||
| 33 | void aes_cbc_encrypt_generic(const unsigned char *in, unsigned char *out, | 33 | void aes_cbc_encrypt_generic(const unsigned char *in, unsigned char *out, |
| 34 | size_t len, const AES_KEY *key, unsigned char *ivec, const int enc); | 34 | size_t len, const AES_KEY *key, unsigned char *ivec, const int enc); |
| 35 | 35 | ||
| 36 | void aes_ccm64_encrypt_generic(const unsigned char *in, unsigned char *out, | ||
| 37 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 38 | unsigned char cmac[16], int encrypt); | ||
| 39 | |||
| 36 | void aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out, | 40 | void aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out, |
| 37 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]); | 41 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]); |
| 38 | 42 | ||
| @@ -53,6 +57,14 @@ void aesni_decrypt(const unsigned char *in, unsigned char *out, | |||
| 53 | void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, | 57 | void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, |
| 54 | size_t len, const AES_KEY *key, unsigned char *ivec, const int enc); | 58 | size_t len, const AES_KEY *key, unsigned char *ivec, const int enc); |
| 55 | 59 | ||
| 60 | void aesni_ccm64_encrypt_blocks(const unsigned char *in, unsigned char *out, | ||
| 61 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 62 | unsigned char cmac[16]); | ||
| 63 | |||
| 64 | void aesni_ccm64_decrypt_blocks(const unsigned char *in, unsigned char *out, | ||
| 65 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 66 | unsigned char cmac[16]); | ||
| 67 | |||
| 56 | void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, | 68 | void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, |
| 57 | size_t blocks, const void *key, const unsigned char *ivec); | 69 | size_t blocks, const void *key, const unsigned char *ivec); |
| 58 | 70 | ||
| @@ -121,6 +133,22 @@ aes_cbc_encrypt_internal(const unsigned char *in, unsigned char *out, | |||
| 121 | } | 133 | } |
| 122 | 134 | ||
| 123 | void | 135 | void |
| 136 | aes_ccm64_encrypt_internal(const unsigned char *in, unsigned char *out, | ||
| 137 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 138 | unsigned char cmac[16], int encrypt) | ||
| 139 | { | ||
| 140 | if ((crypto_cpu_caps_amd64 & CRYPTO_CPU_CAPS_AMD64_AES) != 0) { | ||
| 141 | if (encrypt) | ||
| 142 | aesni_ccm64_encrypt_blocks(in, out, blocks, key, ivec, cmac); | ||
| 143 | else | ||
| 144 | aesni_ccm64_decrypt_blocks(in, out, blocks, key, ivec, cmac); | ||
| 145 | return; | ||
| 146 | } | ||
| 147 | |||
| 148 | aes_ccm64_encrypt_generic(in, out, blocks, key, ivec, cmac, encrypt); | ||
| 149 | } | ||
| 150 | |||
| 151 | void | ||
| 124 | aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out, | 152 | aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out, |
| 125 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]) | 153 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]) |
| 126 | { | 154 | { |
diff --git a/src/lib/libcrypto/aes/aes_i386.c b/src/lib/libcrypto/aes/aes_i386.c index 73b75d28f5..7f2241eaf5 100644 --- a/src/lib/libcrypto/aes/aes_i386.c +++ b/src/lib/libcrypto/aes/aes_i386.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: aes_i386.c,v 1.3 2025/07/13 06:01:33 jsing Exp $ */ | 1 | /* $OpenBSD: aes_i386.c,v 1.4 2025/07/21 10:24:23 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2025 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2025 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -33,6 +33,10 @@ void aes_decrypt_generic(const unsigned char *in, unsigned char *out, | |||
| 33 | void aes_cbc_encrypt_generic(const unsigned char *in, unsigned char *out, | 33 | void aes_cbc_encrypt_generic(const unsigned char *in, unsigned char *out, |
| 34 | size_t len, const AES_KEY *key, unsigned char *ivec, const int enc); | 34 | size_t len, const AES_KEY *key, unsigned char *ivec, const int enc); |
| 35 | 35 | ||
| 36 | void aes_ccm64_encrypt_generic(const unsigned char *in, unsigned char *out, | ||
| 37 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 38 | unsigned char cmac[16], int encrypt); | ||
| 39 | |||
| 36 | void aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out, | 40 | void aes_ctr32_encrypt_generic(const unsigned char *in, unsigned char *out, |
| 37 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]); | 41 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]); |
| 38 | 42 | ||
| @@ -53,6 +57,14 @@ void aesni_decrypt(const unsigned char *in, unsigned char *out, | |||
| 53 | void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, | 57 | void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, |
| 54 | size_t len, const AES_KEY *key, unsigned char *ivec, const int enc); | 58 | size_t len, const AES_KEY *key, unsigned char *ivec, const int enc); |
| 55 | 59 | ||
| 60 | void aesni_ccm64_encrypt_blocks(const unsigned char *in, unsigned char *out, | ||
| 61 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 62 | unsigned char cmac[16]); | ||
| 63 | |||
| 64 | void aesni_ccm64_decrypt_blocks(const unsigned char *in, unsigned char *out, | ||
| 65 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 66 | unsigned char cmac[16]); | ||
| 67 | |||
| 56 | void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, | 68 | void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, |
| 57 | size_t blocks, const void *key, const unsigned char *ivec); | 69 | size_t blocks, const void *key, const unsigned char *ivec); |
| 58 | 70 | ||
| @@ -121,6 +133,22 @@ aes_cbc_encrypt_internal(const unsigned char *in, unsigned char *out, | |||
| 121 | } | 133 | } |
| 122 | 134 | ||
| 123 | void | 135 | void |
| 136 | aes_ccm64_encrypt_internal(const unsigned char *in, unsigned char *out, | ||
| 137 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 138 | unsigned char cmac[16], int encrypt) | ||
| 139 | { | ||
| 140 | if ((crypto_cpu_caps_i386 & CRYPTO_CPU_CAPS_I386_AES) != 0) { | ||
| 141 | if (encrypt) | ||
| 142 | aesni_ccm64_encrypt_blocks(in, out, blocks, key, ivec, cmac); | ||
| 143 | else | ||
| 144 | aesni_ccm64_decrypt_blocks(in, out, blocks, key, ivec, cmac); | ||
| 145 | return; | ||
| 146 | } | ||
| 147 | |||
| 148 | aes_ccm64_encrypt_generic(in, out, blocks, key, ivec, cmac, encrypt); | ||
| 149 | } | ||
| 150 | |||
| 151 | void | ||
| 124 | aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out, | 152 | aes_ctr32_encrypt_internal(const unsigned char *in, unsigned char *out, |
| 125 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]) | 153 | size_t blocks, const AES_KEY *key, const unsigned char ivec[AES_BLOCK_SIZE]) |
| 126 | { | 154 | { |
diff --git a/src/lib/libcrypto/aes/aes_local.h b/src/lib/libcrypto/aes/aes_local.h index f68d4624e7..539373ea06 100644 --- a/src/lib/libcrypto/aes/aes_local.h +++ b/src/lib/libcrypto/aes/aes_local.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: aes_local.h,v 1.9 2025/07/13 06:01:33 jsing Exp $ */ | 1 | /* $OpenBSD: aes_local.h,v 1.10 2025/07/21 10:24:23 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -66,6 +66,14 @@ __BEGIN_HIDDEN_DECLS | |||
| 66 | void aes_ctr32_encrypt_ctr128f(const unsigned char *in, unsigned char *out, | 66 | void aes_ctr32_encrypt_ctr128f(const unsigned char *in, unsigned char *out, |
| 67 | size_t blocks, const void *key, const unsigned char ivec[AES_BLOCK_SIZE]); | 67 | size_t blocks, const void *key, const unsigned char ivec[AES_BLOCK_SIZE]); |
| 68 | 68 | ||
| 69 | void aes_ccm64_encrypt_ccm128f(const unsigned char *in, unsigned char *out, | ||
| 70 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 71 | unsigned char cmac[16]); | ||
| 72 | |||
| 73 | void aes_ccm64_decrypt_ccm128f(const unsigned char *in, unsigned char *out, | ||
| 74 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 75 | unsigned char cmac[16]); | ||
| 76 | |||
| 69 | void aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out, | 77 | void aes_ecb_encrypt_internal(const unsigned char *in, unsigned char *out, |
| 70 | size_t len, const AES_KEY *key, int encrypt); | 78 | size_t len, const AES_KEY *key, int encrypt); |
| 71 | 79 | ||
diff --git a/src/lib/libcrypto/arch/amd64/crypto_arch.h b/src/lib/libcrypto/arch/amd64/crypto_arch.h index 7c3c89a088..a51021a307 100644 --- a/src/lib/libcrypto/arch/amd64/crypto_arch.h +++ b/src/lib/libcrypto/arch/amd64/crypto_arch.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crypto_arch.h,v 1.10 2025/07/13 06:01:33 jsing Exp $ */ | 1 | /* $OpenBSD: crypto_arch.h,v 1.11 2025/07/21 10:24:23 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -38,6 +38,7 @@ extern uint64_t crypto_cpu_caps_amd64; | |||
| 38 | #define HAVE_AES_ENCRYPT_INTERNAL | 38 | #define HAVE_AES_ENCRYPT_INTERNAL |
| 39 | #define HAVE_AES_DECRYPT_INTERNAL | 39 | #define HAVE_AES_DECRYPT_INTERNAL |
| 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL | 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL |
| 41 | #define HAVE_AES_CCM64_ENCRYPT_INTERNAL | ||
| 41 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL | 42 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL |
| 42 | #define HAVE_AES_XTS_ENCRYPT_INTERNAL | 43 | #define HAVE_AES_XTS_ENCRYPT_INTERNAL |
| 43 | 44 | ||
diff --git a/src/lib/libcrypto/arch/i386/crypto_arch.h b/src/lib/libcrypto/arch/i386/crypto_arch.h index 8b292165fb..34d041b382 100644 --- a/src/lib/libcrypto/arch/i386/crypto_arch.h +++ b/src/lib/libcrypto/arch/i386/crypto_arch.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: crypto_arch.h,v 1.9 2025/07/13 06:01:33 jsing Exp $ */ | 1 | /* $OpenBSD: crypto_arch.h,v 1.10 2025/07/21 10:24:23 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2024 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -38,6 +38,7 @@ extern uint64_t crypto_cpu_caps_i386; | |||
| 38 | #define HAVE_AES_ENCRYPT_INTERNAL | 38 | #define HAVE_AES_ENCRYPT_INTERNAL |
| 39 | #define HAVE_AES_DECRYPT_INTERNAL | 39 | #define HAVE_AES_DECRYPT_INTERNAL |
| 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL | 40 | #define HAVE_AES_CBC_ENCRYPT_INTERNAL |
| 41 | #define HAVE_AES_CCM64_ENCRYPT_INTERNAL | ||
| 41 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL | 42 | #define HAVE_AES_CTR32_ENCRYPT_INTERNAL |
| 42 | #define HAVE_AES_XTS_ENCRYPT_INTERNAL | 43 | #define HAVE_AES_XTS_ENCRYPT_INTERNAL |
| 43 | 44 | ||
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 851da9ded6..0949c8bdb4 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: e_aes.c,v 1.79 2025/07/13 06:01:33 jsing Exp $ */ | 1 | /* $OpenBSD: e_aes.c,v 1.80 2025/07/21 10:24:23 jsing Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -95,7 +95,6 @@ typedef struct { | |||
| 95 | int len_set; /* Set if message length set */ | 95 | int len_set; /* Set if message length set */ |
| 96 | int L, M; /* L and M parameters from RFC3610 */ | 96 | int L, M; /* L and M parameters from RFC3610 */ |
| 97 | CCM128_CONTEXT ccm; | 97 | CCM128_CONTEXT ccm; |
| 98 | ccm128_f str; | ||
| 99 | } EVP_AES_CCM_CTX; | 98 | } EVP_AES_CCM_CTX; |
| 100 | 99 | ||
| 101 | #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) | 100 | #define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) |
| @@ -114,27 +113,9 @@ typedef struct { | |||
| 114 | */ | 113 | */ |
| 115 | #define AESNI_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_AESNI) | 114 | #define AESNI_CAPABLE (crypto_cpu_caps_ia32() & CPUCAP_MASK_AESNI) |
| 116 | 115 | ||
| 117 | int aesni_set_encrypt_key(const unsigned char *userKey, int bits, | ||
| 118 | AES_KEY *key); | ||
| 119 | int aesni_set_decrypt_key(const unsigned char *userKey, int bits, | ||
| 120 | AES_KEY *key); | ||
| 121 | |||
| 122 | void aesni_encrypt(const unsigned char *in, unsigned char *out, | ||
| 123 | const AES_KEY *key); | ||
| 124 | void aesni_decrypt(const unsigned char *in, unsigned char *out, | ||
| 125 | const AES_KEY *key); | ||
| 126 | |||
| 127 | void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, | 116 | void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, |
| 128 | size_t length, const AES_KEY *key, int enc); | 117 | size_t length, const AES_KEY *key, int enc); |
| 129 | 118 | ||
| 130 | void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out, | ||
| 131 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 132 | unsigned char cmac[16]); | ||
| 133 | |||
| 134 | void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out, | ||
| 135 | size_t blocks, const void *key, const unsigned char ivec[16], | ||
| 136 | unsigned char cmac[16]); | ||
| 137 | |||
| 138 | static int | 119 | static int |
| 139 | aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 120 | aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 140 | const unsigned char *in, size_t len) | 121 | const unsigned char *in, size_t len) |
| @@ -146,29 +127,6 @@ aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 146 | 127 | ||
| 147 | return 1; | 128 | return 1; |
| 148 | } | 129 | } |
| 149 | |||
| 150 | static int | ||
| 151 | aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | ||
| 152 | const unsigned char *iv, int enc) | ||
| 153 | { | ||
| 154 | EVP_AES_CCM_CTX *cctx = ctx->cipher_data; | ||
| 155 | |||
| 156 | if (!iv && !key) | ||
| 157 | return 1; | ||
| 158 | if (key) { | ||
| 159 | aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); | ||
| 160 | CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, | ||
| 161 | &cctx->ks, (block128_f)aesni_encrypt); | ||
| 162 | cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks : | ||
| 163 | (ccm128_f)aesni_ccm64_decrypt_blocks; | ||
| 164 | cctx->key_set = 1; | ||
| 165 | } | ||
| 166 | if (iv) { | ||
| 167 | memcpy(ctx->iv, iv, 15 - cctx->L); | ||
| 168 | cctx->iv_set = 1; | ||
| 169 | } | ||
| 170 | return 1; | ||
| 171 | } | ||
| 172 | #endif | 130 | #endif |
| 173 | 131 | ||
| 174 | static int | 132 | static int |
| @@ -1353,7 +1311,6 @@ aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
| 1353 | AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); | 1311 | AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); |
| 1354 | CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, | 1312 | CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, |
| 1355 | &cctx->ks, (block128_f)AES_encrypt); | 1313 | &cctx->ks, (block128_f)AES_encrypt); |
| 1356 | cctx->str = NULL; | ||
| 1357 | cctx->key_set = 1; | 1314 | cctx->key_set = 1; |
| 1358 | } | 1315 | } |
| 1359 | if (iv) { | 1316 | if (iv) { |
| @@ -1405,15 +1362,15 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 1405 | cctx->len_set = 1; | 1362 | cctx->len_set = 1; |
| 1406 | } | 1363 | } |
| 1407 | if (ctx->encrypt) { | 1364 | if (ctx->encrypt) { |
| 1408 | if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, | 1365 | if (CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, |
| 1409 | cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) | 1366 | aes_ccm64_encrypt_ccm128f) != 0) |
| 1410 | return -1; | 1367 | return -1; |
| 1411 | cctx->tag_set = 1; | 1368 | cctx->tag_set = 1; |
| 1412 | return len; | 1369 | return len; |
| 1413 | } else { | 1370 | } else { |
| 1414 | int rv = -1; | 1371 | int rv = -1; |
| 1415 | if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, | 1372 | if (CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, |
| 1416 | cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { | 1373 | aes_ccm64_decrypt_ccm128f) == 0) { |
| 1417 | unsigned char tag[16]; | 1374 | unsigned char tag[16]; |
| 1418 | if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { | 1375 | if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { |
| 1419 | if (timingsafe_memcmp(tag, ctx->buf, cctx->M) == 0) | 1376 | if (timingsafe_memcmp(tag, ctx->buf, cctx->M) == 0) |
| @@ -1427,24 +1384,8 @@ aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 1427 | cctx->len_set = 0; | 1384 | cctx->len_set = 0; |
| 1428 | return rv; | 1385 | return rv; |
| 1429 | } | 1386 | } |
| 1430 | |||
| 1431 | } | 1387 | } |
| 1432 | 1388 | ||
| 1433 | #ifdef AESNI_CAPABLE | ||
| 1434 | static const EVP_CIPHER aesni_128_ccm = { | ||
| 1435 | .nid = NID_aes_128_ccm, | ||
| 1436 | .block_size = 1, | ||
| 1437 | .key_len = 16, | ||
| 1438 | .iv_len = 12, | ||
| 1439 | .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, | ||
| 1440 | .init = aesni_ccm_init_key, | ||
| 1441 | .do_cipher = aes_ccm_cipher, | ||
| 1442 | .cleanup = NULL, | ||
| 1443 | .ctx_size = sizeof(EVP_AES_CCM_CTX), | ||
| 1444 | .ctrl = aes_ccm_ctrl, | ||
| 1445 | }; | ||
| 1446 | #endif | ||
| 1447 | |||
| 1448 | static const EVP_CIPHER aes_128_ccm = { | 1389 | static const EVP_CIPHER aes_128_ccm = { |
| 1449 | .nid = NID_aes_128_ccm, | 1390 | .nid = NID_aes_128_ccm, |
| 1450 | .block_size = 1, | 1391 | .block_size = 1, |
| @@ -1461,29 +1402,10 @@ static const EVP_CIPHER aes_128_ccm = { | |||
| 1461 | const EVP_CIPHER * | 1402 | const EVP_CIPHER * |
| 1462 | EVP_aes_128_ccm(void) | 1403 | EVP_aes_128_ccm(void) |
| 1463 | { | 1404 | { |
| 1464 | #ifdef AESNI_CAPABLE | ||
| 1465 | return AESNI_CAPABLE ? &aesni_128_ccm : &aes_128_ccm; | ||
| 1466 | #else | ||
| 1467 | return &aes_128_ccm; | 1405 | return &aes_128_ccm; |
| 1468 | #endif | ||
| 1469 | } | 1406 | } |
| 1470 | LCRYPTO_ALIAS(EVP_aes_128_ccm); | 1407 | LCRYPTO_ALIAS(EVP_aes_128_ccm); |
| 1471 | 1408 | ||
| 1472 | #ifdef AESNI_CAPABLE | ||
| 1473 | static const EVP_CIPHER aesni_192_ccm = { | ||
| 1474 | .nid = NID_aes_192_ccm, | ||
| 1475 | .block_size = 1, | ||
| 1476 | .key_len = 24, | ||
| 1477 | .iv_len = 12, | ||
| 1478 | .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, | ||
| 1479 | .init = aesni_ccm_init_key, | ||
| 1480 | .do_cipher = aes_ccm_cipher, | ||
| 1481 | .cleanup = NULL, | ||
| 1482 | .ctx_size = sizeof(EVP_AES_CCM_CTX), | ||
| 1483 | .ctrl = aes_ccm_ctrl, | ||
| 1484 | }; | ||
| 1485 | #endif | ||
| 1486 | |||
| 1487 | static const EVP_CIPHER aes_192_ccm = { | 1409 | static const EVP_CIPHER aes_192_ccm = { |
| 1488 | .nid = NID_aes_192_ccm, | 1410 | .nid = NID_aes_192_ccm, |
| 1489 | .block_size = 1, | 1411 | .block_size = 1, |
| @@ -1500,29 +1422,10 @@ static const EVP_CIPHER aes_192_ccm = { | |||
| 1500 | const EVP_CIPHER * | 1422 | const EVP_CIPHER * |
| 1501 | EVP_aes_192_ccm(void) | 1423 | EVP_aes_192_ccm(void) |
| 1502 | { | 1424 | { |
| 1503 | #ifdef AESNI_CAPABLE | ||
| 1504 | return AESNI_CAPABLE ? &aesni_192_ccm : &aes_192_ccm; | ||
| 1505 | #else | ||
| 1506 | return &aes_192_ccm; | 1425 | return &aes_192_ccm; |
| 1507 | #endif | ||
| 1508 | } | 1426 | } |
| 1509 | LCRYPTO_ALIAS(EVP_aes_192_ccm); | 1427 | LCRYPTO_ALIAS(EVP_aes_192_ccm); |
| 1510 | 1428 | ||
| 1511 | #ifdef AESNI_CAPABLE | ||
| 1512 | static const EVP_CIPHER aesni_256_ccm = { | ||
| 1513 | .nid = NID_aes_256_ccm, | ||
| 1514 | .block_size = 1, | ||
| 1515 | .key_len = 32, | ||
| 1516 | .iv_len = 12, | ||
| 1517 | .flags = CUSTOM_FLAGS | EVP_CIPH_CCM_MODE, | ||
| 1518 | .init = aesni_ccm_init_key, | ||
| 1519 | .do_cipher = aes_ccm_cipher, | ||
| 1520 | .cleanup = NULL, | ||
| 1521 | .ctx_size = sizeof(EVP_AES_CCM_CTX), | ||
| 1522 | .ctrl = aes_ccm_ctrl, | ||
| 1523 | }; | ||
| 1524 | #endif | ||
| 1525 | |||
| 1526 | static const EVP_CIPHER aes_256_ccm = { | 1429 | static const EVP_CIPHER aes_256_ccm = { |
| 1527 | .nid = NID_aes_256_ccm, | 1430 | .nid = NID_aes_256_ccm, |
| 1528 | .block_size = 1, | 1431 | .block_size = 1, |
| @@ -1539,11 +1442,7 @@ static const EVP_CIPHER aes_256_ccm = { | |||
| 1539 | const EVP_CIPHER * | 1442 | const EVP_CIPHER * |
| 1540 | EVP_aes_256_ccm(void) | 1443 | EVP_aes_256_ccm(void) |
| 1541 | { | 1444 | { |
| 1542 | #ifdef AESNI_CAPABLE | ||
| 1543 | return AESNI_CAPABLE ? &aesni_256_ccm : &aes_256_ccm; | ||
| 1544 | #else | ||
| 1545 | return &aes_256_ccm; | 1445 | return &aes_256_ccm; |
| 1546 | #endif | ||
| 1547 | } | 1446 | } |
| 1548 | LCRYPTO_ALIAS(EVP_aes_256_ccm); | 1447 | LCRYPTO_ALIAS(EVP_aes_256_ccm); |
| 1549 | 1448 | ||