2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
24 * The following code is an implementation of the AES-128-CBC cipher
25 * using intel's AES instruction set.
28 #include <gnutls_errors.h>
29 #include <gnutls_int.h>
30 #include <gnutls/crypto.h>
31 #include <gnutls_errors.h>
42 unsigned int _gnutls_x86_cpuid_s[4];
45 aes_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, int enc)
47 /* we use key size to distinguish */
48 if (algorithm != GNUTLS_CIPHER_AES_128_CBC
49 && algorithm != GNUTLS_CIPHER_AES_192_CBC
50 && algorithm != GNUTLS_CIPHER_AES_256_CBC)
51 return GNUTLS_E_INVALID_REQUEST;
53 *_ctx = gnutls_calloc(1, sizeof(struct aes_ctx));
56 return GNUTLS_E_MEMORY_ERROR;
59 ((struct aes_ctx *) (*_ctx))->enc = enc;
65 aes_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
67 struct aes_ctx *ctx = _ctx;
72 aesni_set_encrypt_key(userkey, keysize * 8,
73 ALIGN16(&ctx->expanded_key));
76 aesni_set_decrypt_key(userkey, keysize * 8,
77 ALIGN16(&ctx->expanded_key));
80 return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
85 static int aes_setiv(void *_ctx, const void *iv, size_t iv_size)
87 struct aes_ctx *ctx = _ctx;
89 memcpy(ctx->iv, iv, 16);
94 aes_encrypt(void *_ctx, const void *src, size_t src_size,
95 void *dst, size_t dst_size)
97 struct aes_ctx *ctx = _ctx;
99 aesni_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
105 aes_decrypt(void *_ctx, const void *src, size_t src_size,
106 void *dst, size_t dst_size)
108 struct aes_ctx *ctx = _ctx;
110 aesni_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
116 static void aes_deinit(void *_ctx)
121 static const gnutls_crypto_cipher_st aesni_struct = {
122 .init = aes_cipher_init,
123 .setkey = aes_cipher_setkey,
125 .encrypt = aes_encrypt,
126 .decrypt = aes_decrypt,
127 .deinit = aes_deinit,
131 aes_ssse3_cipher_setkey(void *_ctx, const void *userkey, size_t keysize)
133 struct aes_ctx *ctx = _ctx;
138 vpaes_set_encrypt_key(userkey, keysize * 8,
139 ALIGN16(&ctx->expanded_key));
142 vpaes_set_decrypt_key(userkey, keysize * 8,
143 ALIGN16(&ctx->expanded_key));
146 return gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
152 aes_ssse3_encrypt(void *_ctx, const void *src, size_t src_size,
153 void *dst, size_t dst_size)
155 struct aes_ctx *ctx = _ctx;
157 vpaes_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
163 aes_ssse3_decrypt(void *_ctx, const void *src, size_t src_size,
164 void *dst, size_t dst_size)
166 struct aes_ctx *ctx = _ctx;
168 vpaes_cbc_encrypt(src, dst, src_size, ALIGN16(&ctx->expanded_key),
174 static const gnutls_crypto_cipher_st aes_ssse3_struct = {
175 .init = aes_cipher_init,
176 .setkey = aes_ssse3_cipher_setkey,
178 .encrypt = aes_ssse3_encrypt,
179 .decrypt = aes_ssse3_decrypt,
180 .deinit = aes_deinit,
183 static unsigned check_optimized_aes(void)
185 return (_gnutls_x86_cpuid_s[2] & 0x2000000);
188 static unsigned check_ssse3(void)
190 return (_gnutls_x86_cpuid_s[2] & 0x0000200);
194 static unsigned check_pclmul(void)
196 return (_gnutls_x86_cpuid_s[2] & 0x2);
200 static unsigned check_intel_or_amd(void)
202 unsigned int a, b, c, d;
203 gnutls_cpuid(0, &a, &b, &c, &d);
205 if ((memcmp(&b, "Genu", 4) == 0 &&
206 memcmp(&d, "ineI", 4) == 0 &&
207 memcmp(&c, "ntel", 4) == 0) ||
208 (memcmp(&b, "Auth", 4) == 0 &&
209 memcmp(&d, "enti", 4) == 0 && memcmp(&c, "cAMD", 4) == 0)) {
216 void register_x86_crypto(void)
220 if (check_intel_or_amd() == 0)
223 gnutls_cpuid(1, &_gnutls_x86_cpuid_s[0], &_gnutls_x86_cpuid_s[1],
224 &_gnutls_x86_cpuid_s[2], &_gnutls_x86_cpuid_s[3]);
227 _gnutls_debug_log("Intel SSSE3 was detected\n");
230 gnutls_crypto_single_cipher_register
231 (GNUTLS_CIPHER_AES_128_CBC, 79, &aes_ssse3_struct);
237 gnutls_crypto_single_cipher_register
238 (GNUTLS_CIPHER_AES_192_CBC, 79, &aes_ssse3_struct);
244 gnutls_crypto_single_cipher_register
245 (GNUTLS_CIPHER_AES_256_CBC, 79, &aes_ssse3_struct);
251 gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA1,
259 gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA224,
267 gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA256,
276 gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA1,
278 &hmac_sha_x86_struct);
283 gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA224,
285 &hmac_sha_x86_struct);
290 gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA256,
292 &hmac_sha_x86_struct);
298 gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA384,
305 gnutls_crypto_single_digest_register(GNUTLS_DIG_SHA512,
311 gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA384,
313 &hmac_sha_x86_struct);
318 gnutls_crypto_single_mac_register(GNUTLS_DIG_SHA512,
320 &hmac_sha_x86_struct);
326 if (check_optimized_aes()) {
327 _gnutls_debug_log("Intel AES accelerator was detected\n");
329 gnutls_crypto_single_cipher_register
330 (GNUTLS_CIPHER_AES_128_CBC, 80, &aesni_struct);
336 gnutls_crypto_single_cipher_register
337 (GNUTLS_CIPHER_AES_192_CBC, 80, &aesni_struct);
343 gnutls_crypto_single_cipher_register
344 (GNUTLS_CIPHER_AES_256_CBC, 80, &aesni_struct);
349 if (check_pclmul()) {
350 /* register GCM ciphers */
352 ("Intel GCM accelerator was detected\n");
354 gnutls_crypto_single_cipher_register
355 (GNUTLS_CIPHER_AES_128_GCM, 80,
362 gnutls_crypto_single_cipher_register
363 (GNUTLS_CIPHER_AES_256_GCM, 80,
372 /* convert _gnutls_x86_cpuid_s the way openssl asm expects it */
373 _gnutls_x86_cpuid_s[1] = _gnutls_x86_cpuid_s[2];