www.gitorious.org Git - gnutls:gnutls.git/blob - lib/accelerated/x86/aes-x86.c

1 /*

3 *

4 * Author: Nikos Mavrogiannopoulos

5 *

6 * This file is part of GnuTLS.

7 *

8 * The GnuTLS is free software; you can redistribute it and/or

9 * modify it under the terms of the GNU Lesser General Public License

10 * as published by the Free Software Foundation; either version 2.1 of

11 * the License, or (at your option) any later version.

12 *

13 * This library is distributed in the hope that it will be useful, but

14 * WITHOUT ANY WARRANTY; without even the implied warranty of

15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

16 * Lesser General Public License for more details.

17 *

18 * You should have received a copy of the GNU Lesser General Public License

19 * along with this program. If not, see <http://www.gnu.org/licenses/>

20 *

21 */

23 /*

24 * The following code is an implementation of the AES-128-CBC cipher

25 * using intel's AES instruction set.

26 */

28 #include <gnutls_errors.h>

29 #include <gnutls_int.h>

30 #include <gnutls/crypto.h>

31 #include <gnutls_errors.h>

32 #include <aes-x86.h>

33 #include <sha-x86.h>

34 #include <x86.h>

36 struct aes_ctx {

37 AES_KEY expanded_key;

38 uint8_t iv[16];

39 int enc;

40 };

42 unsigned int _gnutls_x86_cpuid_s[4];

44 static int

45 aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)

46 {

47 /* we use key size to distinguish */

48 if (algorithm != GNUTLS_CIPHER_AES_128_CBC

49 && algorithm != GNUTLS_CIPHER_AES_192_CBC

50 && algorithm != GNUTLS_CIPHER_AES_256_CBC)

51 return GNUTLS_E_INVALID_REQUEST;

53 *_ctx = gnutls_calloc(1, sizeof(struct aes_ctx));

54 if (*_ctx == NULL) {

55 gnutls_assert();

56 return GNUTLS_E_MEMORY_ERROR;

57 }

59 ((struct aes_ctx *) (*_ctx))->enc = enc;

61 return 0;

62 }

64 static int

65 aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)

66 {

67 struct aes_ctx *ctx = _ctx;

68 int ret;

70 if (ctx->enc)

71 ret =

72 aesni_set_encrypt_key(userkey, keysize * 8,

73 ALIGN16(&ctx->expanded_key));

74 else

75 ret =

76 aesni_set_decrypt_key(userkey, keysize * 8,

77 ALIGN16(&ctx->expanded_key));

79 if (ret != 0)

80 return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);

82 return 0;

83 }

85 static int aes_setiv(void *_ctx, const void *iv, size_t iv_size)

86 {

87 struct aes_ctx *ctx = _ctx;

89 memcpy(ctx->iv, iv, 16);

90 return 0;

91 }

93 static int

94 aes_encrypt(void *_ctx, const void *src, size_t src_size,

95 void *dst, size_t dst_size)

96 {

97 struct aes_ctx *ctx = _ctx;

99 aesni_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),

100 ctx->iv, 1);

101 return 0;

102 }

103

104 static int

105 aes_decrypt(void *_ctx, const void *src, size_t src_size,

106 void *dst, size_t dst_size)

107 {

108 struct aes_ctx *ctx = _ctx;

109

110 aesni_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),

111 ctx->iv, 0);

112

113 return 0;

114 }

115

116 static void aes_deinit(void *_ctx)

117 {

118 gnutls_free(_ctx);

119 }

120

121 static const gnutls_crypto_cipher_st aesni_struct = {

122 .init = aes_cipher_init,

123 .setkey = aes_cipher_setkey,

124 .setiv = aes_setiv,

125 .encrypt = aes_encrypt,

126 .decrypt = aes_decrypt,

127 .deinit = aes_deinit,

128 };

129

130 static int

131 aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)

132 {

133 struct aes_ctx *ctx = _ctx;

134 int ret;

135

136 if (ctx->enc)

137 ret =

138 vpaes_set_encrypt_key(userkey, keysize * 8,

139 ALIGN16(&ctx->expanded_key));

140 else

141 ret =

142 vpaes_set_decrypt_key(userkey, keysize * 8,

143 ALIGN16(&ctx->expanded_key));

144

145 if (ret != 0)

146 return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);

147

148 return 0;

149 }

150

151 static int

152 aes_ssse3_encrypt(void *_ctx, const void *src, size_t src_size,

153 void *dst, size_t dst_size)

154 {

155 struct aes_ctx *ctx = _ctx;

156

157 vpaes_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),

158 ctx->iv, 1);

159 return 0;

160 }

161

162 static int

163 aes_ssse3_decrypt(void *_ctx, const void *src, size_t src_size,

164 void *dst, size_t dst_size)

165 {

166 struct aes_ctx *ctx = _ctx;

167

168 vpaes_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),

169 ctx->iv, 0);

170

171 return 0;

172 }

173

174 static const gnutls_crypto_cipher_st aes_ssse3_struct = {

175 .init = aes_cipher_init,

176 .setkey = aes_ssse3_cipher_setkey,

177 .setiv = aes_setiv,

178 .encrypt = aes_ssse3_encrypt,

179 .decrypt = aes_ssse3_decrypt,

180 .deinit = aes_deinit,

181 };

182

183 static unsigned check_optimized_aes(void)

184 {

185 return (_gnutls_x86_cpuid_s[2] & 0x2000000);

186 }

187

188 static unsigned check_ssse3(void)

189 {

190 return (_gnutls_x86_cpuid_s[2] & 0x0000200);

191 }

192

193 #ifdef ASM_X86_64

194 static unsigned check_pclmul(void)

195 {

196 return (_gnutls_x86_cpuid_s[2] & 0x2);

197 }

198 #endif

199

200 static unsigned check_intel_or_amd(void)

201 {

202 unsigned int a, b, c, d;

203 gnutls_cpuid(0, &a, &b, &c, &d);

204

205 if ((memcmp(&b, "Genu", 4) == 0 &&

206 memcmp(&d, "ineI", 4) == 0 &&

207 memcmp(&c, "ntel", 4) == 0) ||

208 (memcmp(&b, "Auth", 4) == 0 &&

209 memcmp(&d, "enti", 4) == 0 && memcmp(&c, "cAMD", 4) == 0)) {

210 return 1;

211 }

212

213 return 0;

214 }

215

216 void register_x86_crypto(void)

217 {

218 int ret;

219

220 if (check_intel_or_amd() == 0)

221 return;

222

223 gnutls_cpuid(1, &_gnutls_x86_cpuid_s[0], &_gnutls_x86_cpuid_s[1],

224 &_gnutls_x86_cpuid_s[2], &_gnutls_x86_cpuid_s[3]);

225

226 if (check_ssse3()) {

227 _gnutls_debug_log("Intel SSSE3 was detected\n");

228

229 ret =

230 gnutls_crypto_single_cipher_register

231 (GNUTLS_CIPHER_AES_128_CBC, 79, &aes_ssse3_struct);

232 if (ret < 0) {

233 gnutls_assert();

234 }

235

236 ret =

237 gnutls_crypto_single_cipher_register

238 (GNUTLS_CIPHER_AES_192_CBC, 79, &aes_ssse3_struct);

239 if (ret < 0) {

240 gnutls_assert();

241 }

242

243 ret =

244 gnutls_crypto_single_cipher_register

245 (GNUTLS_CIPHER_AES_256_CBC, 79, &aes_ssse3_struct);

246 if (ret < 0) {

247 gnutls_assert();

248 }

249

250 ret =

251 gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1,

252 80,

253 &sha_x86_struct);

254 if (ret < 0) {

255 gnutls_assert();

256 }

257

258 ret =

259 gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA224,

260 80,

261 &sha_x86_struct);

262 if (ret < 0) {

263 gnutls_assert();

264 }

265

266 ret =

267 gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA256,

268 80,

269 &sha_x86_struct);

270 if (ret < 0) {

271 gnutls_assert();

272 }

273

274

275 ret =

276 gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA1,

277 80,

278 &hmac_sha_x86_struct);

279 if (ret < 0)

280 gnutls_assert();

281

282 ret =

283 gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA224,

284 80,

285 &hmac_sha_x86_struct);

286 if (ret < 0)

287 gnutls_assert();

288

289 ret =

290 gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA256,

291 80,

292 &hmac_sha_x86_struct);

293 if (ret < 0)

294 gnutls_assert();

295

296 #ifdef ENABLE_SHA512

297 ret =

298 gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA384,

299 80,

300 &sha_x86_struct);

301 if (ret < 0)

302 gnutls_assert();

303

304 ret =

305 gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA512,

306 80,

307 &sha_x86_struct);

308 if (ret < 0)

309 gnutls_assert();

310 ret =

311 gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA384,

312 80,

313 &hmac_sha_x86_struct);

314 if (ret < 0)

315 gnutls_assert();

316

317 ret =

318 gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA512,

319 80,

320 &hmac_sha_x86_struct);

321 if (ret < 0)

322 gnutls_assert();

323 #endif

324 }

325

326 if (check_optimized_aes()) {

327 _gnutls_debug_log("Intel AES accelerator was detected\n");

328 ret =

329 gnutls_crypto_single_cipher_register

330 (GNUTLS_CIPHER_AES_128_CBC, 80, &aesni_struct);

331 if (ret < 0) {

332 gnutls_assert();

333 }

334

335 ret =

336 gnutls_crypto_single_cipher_register

337 (GNUTLS_CIPHER_AES_192_CBC, 80, &aesni_struct);

338 if (ret < 0) {

339 gnutls_assert();

340 }

341

342 ret =

343 gnutls_crypto_single_cipher_register

344 (GNUTLS_CIPHER_AES_256_CBC, 80, &aesni_struct);

345 if (ret < 0) {

346 gnutls_assert();

347 }

348 #ifdef ASM_X86_64

349 if (check_pclmul()) {

350 /* register GCM ciphers */

351 _gnutls_debug_log

352 ("Intel GCM accelerator was detected\n");

353 ret =

354 gnutls_crypto_single_cipher_register

355 (GNUTLS_CIPHER_AES_128_GCM, 80,

356 &aes_gcm_struct);

357 if (ret < 0) {

358 gnutls_assert();

359 }

360

361 ret =

362 gnutls_crypto_single_cipher_register

363 (GNUTLS_CIPHER_AES_256_GCM, 80,

364 &aes_gcm_struct);

365 if (ret < 0) {

366 gnutls_assert();

367 }

368 }

369 #endif

370 }

371

372 /* convert _gnutls_x86_cpuid_s the way openssl asm expects it */

373 _gnutls_x86_cpuid_s[1] = _gnutls_x86_cpuid_s[2];

374

375 return;

376 }