Added Mike Hamburg's SSSE3 AES implementation.
[gnutls:gnutls.git] / lib / accelerated / x86 / aes-x86.c
1 /*
2  * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3  *
4  * Author: Nikos Mavrogiannopoulos
5  *
6  * This file is part of GnuTLS.
7  *
8  * The GnuTLS is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public License
10  * as published by the Free Software Foundation; either version 2.1 of
11  * the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public License
19  * along with this program.  If not, see <http://www.gnu.org/licenses/>
20  *
21  */
22
23 /*
24  * The following code is an implementation of the AES-128-CBC cipher
25  * using intel's AES instruction set. 
26  */
27
28 #include <gnutls_errors.h>
29 #include <gnutls_int.h>
30 #include <gnutls/crypto.h>
31 #include <gnutls_errors.h>
32 #include <aes-x86.h>
33 #include <sha-x86.h>
34 #include <x86.h>
35
36 struct aes_ctx {
37         AES_KEY expanded_key;
38         uint8_t iv[16];
39         int enc;
40 };
41
42 unsigned int _gnutls_x86_cpuid_s[4];
43
44 static int
45 aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
46 {
47         /* we use key size to distinguish */
48         if (algorithm != GNUTLS_CIPHER_AES_128_CBC
49             && algorithm != GNUTLS_CIPHER_AES_192_CBC
50             && algorithm != GNUTLS_CIPHER_AES_256_CBC)
51                 return GNUTLS_E_INVALID_REQUEST;
52
53         *_ctx = gnutls_calloc(1, sizeof(struct aes_ctx));
54         if (*_ctx == NULL) {
55                 gnutls_assert();
56                 return GNUTLS_E_MEMORY_ERROR;
57         }
58
59         ((struct aes_ctx *) (*_ctx))->enc = enc;
60
61         return 0;
62 }
63
64 static int
65 aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
66 {
67         struct aes_ctx *ctx = _ctx;
68         int ret;
69
70         if (ctx->enc)
71                 ret =
72                     aesni_set_encrypt_key(userkey, keysize * 8,
73                                           ALIGN16(&ctx->expanded_key));
74         else
75                 ret =
76                     aesni_set_decrypt_key(userkey, keysize * 8,
77                                           ALIGN16(&ctx->expanded_key));
78
79         if (ret != 0)
80                 return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
81
82         return 0;
83 }
84
85 static int aes_setiv(void *_ctx, const void *iv, size_t iv_size)
86 {
87         struct aes_ctx *ctx = _ctx;
88
89         memcpy(ctx->iv, iv, 16);
90         return 0;
91 }
92
93 static int
94 aes_encrypt(void *_ctx, const void *src, size_t src_size,
95             void *dst, size_t dst_size)
96 {
97         struct aes_ctx *ctx = _ctx;
98
99         aesni_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
100                           ctx->iv, 1);
101         return 0;
102 }
103
104 static int
105 aes_decrypt(void *_ctx, const void *src, size_t src_size,
106             void *dst, size_t dst_size)
107 {
108         struct aes_ctx *ctx = _ctx;
109
110         aesni_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
111                           ctx->iv, 0);
112
113         return 0;
114 }
115
116 static void aes_deinit(void *_ctx)
117 {
118         gnutls_free(_ctx);
119 }
120
121 static const gnutls_crypto_cipher_st aesni_struct = {
122         .init = aes_cipher_init,
123         .setkey = aes_cipher_setkey,
124         .setiv = aes_setiv,
125         .encrypt = aes_encrypt,
126         .decrypt = aes_decrypt,
127         .deinit = aes_deinit,
128 };
129
130 static int
131 aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
132 {
133         struct aes_ctx *ctx = _ctx;
134         int ret;
135
136         if (ctx->enc)
137                 ret =
138                     vpaes_set_encrypt_key(userkey, keysize * 8,
139                                           ALIGN16(&ctx->expanded_key));
140         else
141                 ret =
142                     vpaes_set_decrypt_key(userkey, keysize * 8,
143                                           ALIGN16(&ctx->expanded_key));
144
145         if (ret != 0)
146                 return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
147
148         return 0;
149 }
150
151 static int
152 aes_ssse3_encrypt(void *_ctx, const void *src, size_t src_size,
153             void *dst, size_t dst_size)
154 {
155         struct aes_ctx *ctx = _ctx;
156
157         vpaes_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
158                           ctx->iv, 1);
159         return 0;
160 }
161
162 static int
163 aes_ssse3_decrypt(void *_ctx, const void *src, size_t src_size,
164             void *dst, size_t dst_size)
165 {
166         struct aes_ctx *ctx = _ctx;
167
168         vpaes_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
169                           ctx->iv, 0);
170
171         return 0;
172 }
173
174 static const gnutls_crypto_cipher_st aes_ssse3_struct = {
175         .init = aes_cipher_init,
176         .setkey = aes_ssse3_cipher_setkey,
177         .setiv = aes_setiv,
178         .encrypt = aes_ssse3_encrypt,
179         .decrypt = aes_ssse3_decrypt,
180         .deinit = aes_deinit,
181 };
182
183 static unsigned check_optimized_aes(void)
184 {
185         return (_gnutls_x86_cpuid_s[2] & 0x2000000);
186 }
187
188 static unsigned check_ssse3(void)
189 {
190         return (_gnutls_x86_cpuid_s[2] & 0x0000200);
191 }
192
193 #ifdef ASM_X86_64
194 static unsigned check_pclmul(void)
195 {
196         return (_gnutls_x86_cpuid_s[2] & 0x2);
197 }
198 #endif
199
200 static unsigned check_intel_or_amd(void)
201 {
202         unsigned int a, b, c, d;
203         gnutls_cpuid(0, &a, &b, &c, &d);
204
205         if ((memcmp(&b, "Genu", 4) == 0 &&
206              memcmp(&d, "ineI", 4) == 0 &&
207              memcmp(&c, "ntel", 4) == 0) ||
208             (memcmp(&b, "Auth", 4) == 0 &&
209              memcmp(&d, "enti", 4) == 0 && memcmp(&c, "cAMD", 4) == 0)) {
210                 return 1;
211         }
212
213         return 0;
214 }
215
216 void register_x86_crypto(void)
217 {
218         int ret;
219
220         if (check_intel_or_amd() == 0)
221                 return;
222
223         gnutls_cpuid(1, &_gnutls_x86_cpuid_s[0], &_gnutls_x86_cpuid_s[1], 
224                 &_gnutls_x86_cpuid_s[2], &_gnutls_x86_cpuid_s[3]);
225         
226         if (check_ssse3()) {
227                 _gnutls_debug_log("Intel SSSE3 was detected\n");
228
229                 ret =
230                     gnutls_crypto_single_cipher_register
231                     (GNUTLS_CIPHER_AES_128_CBC, 79, &aes_ssse3_struct);
232                 if (ret < 0) {
233                         gnutls_assert();
234                 }
235
236                 ret =
237                     gnutls_crypto_single_cipher_register
238                     (GNUTLS_CIPHER_AES_192_CBC, 79, &aes_ssse3_struct);
239                 if (ret < 0) {
240                         gnutls_assert();
241                 }
242
243                 ret =
244                     gnutls_crypto_single_cipher_register
245                     (GNUTLS_CIPHER_AES_256_CBC, 79, &aes_ssse3_struct);
246                 if (ret < 0) {
247                         gnutls_assert();
248                 }
249
250                 ret =
251                     gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1,
252                                                          80,
253                                                          &sha_x86_struct);
254                 if (ret < 0) {
255                         gnutls_assert();
256                 }
257
258                 ret =
259                     gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA224,
260                                                          80,
261                                                          &sha_x86_struct);
262                 if (ret < 0) {
263                         gnutls_assert();
264                 }
265
266                 ret =
267                     gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA256,
268                                                          80,
269                                                          &sha_x86_struct);
270                 if (ret < 0) {
271                         gnutls_assert();
272                 }
273
274
275                 ret =
276                     gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA1,
277                                                          80,
278                                                          &hmac_sha_x86_struct);
279                 if (ret < 0)
280                         gnutls_assert();
281
282                 ret =
283                     gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA224,
284                                                          80,
285                                                          &hmac_sha_x86_struct);
286                 if (ret < 0)
287                         gnutls_assert();
288
289                 ret =
290                     gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA256,
291                                                          80,
292                                                          &hmac_sha_x86_struct);
293                 if (ret < 0)
294                         gnutls_assert();
295
296 #ifdef ENABLE_SHA512
297                 ret =
298                     gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA384,
299                                                          80,
300                                                          &sha_x86_struct);
301                 if (ret < 0)
302                         gnutls_assert();
303
304                 ret =
305                     gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA512,
306                                                          80,
307                                                          &sha_x86_struct);
308                 if (ret < 0)
309                         gnutls_assert();
310                 ret =
311                     gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA384,
312                                                          80,
313                                                          &hmac_sha_x86_struct);
314                 if (ret < 0)
315                         gnutls_assert();
316
317                 ret =
318                     gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA512,
319                                                          80,
320                                                          &hmac_sha_x86_struct);
321                 if (ret < 0)
322                         gnutls_assert();
323 #endif
324         }
325
326         if (check_optimized_aes()) {
327                 _gnutls_debug_log("Intel AES accelerator was detected\n");
328                 ret =
329                     gnutls_crypto_single_cipher_register
330                     (GNUTLS_CIPHER_AES_128_CBC, 80, &aesni_struct);
331                 if (ret < 0) {
332                         gnutls_assert();
333                 }
334
335                 ret =
336                     gnutls_crypto_single_cipher_register
337                     (GNUTLS_CIPHER_AES_192_CBC, 80, &aesni_struct);
338                 if (ret < 0) {
339                         gnutls_assert();
340                 }
341
342                 ret =
343                     gnutls_crypto_single_cipher_register
344                     (GNUTLS_CIPHER_AES_256_CBC, 80, &aesni_struct);
345                 if (ret < 0) {
346                         gnutls_assert();
347                 }
348 #ifdef ASM_X86_64
349                 if (check_pclmul()) {
350                         /* register GCM ciphers */
351                         _gnutls_debug_log
352                             ("Intel GCM accelerator was detected\n");
353                         ret =
354                             gnutls_crypto_single_cipher_register
355                             (GNUTLS_CIPHER_AES_128_GCM, 80,
356                              &aes_gcm_struct);
357                         if (ret < 0) {
358                                 gnutls_assert();
359                         }
360
361                         ret =
362                             gnutls_crypto_single_cipher_register
363                             (GNUTLS_CIPHER_AES_256_GCM, 80,
364                              &aes_gcm_struct);
365                         if (ret < 0) {
366                                 gnutls_assert();
367                         }
368                 }
369 #endif
370         }
371
372         /* convert _gnutls_x86_cpuid_s the way openssl asm expects it */
373         _gnutls_x86_cpuid_s[1] = _gnutls_x86_cpuid_s[2];
374
375         return;
376 }