From: Andy Polyakov Date: Mon, 6 Jun 2011 11:40:03 +0000 (+0000) Subject: e_aes.c: move AES-NI run-time switch and implement the switch for remaining modes. X-Git-Tag: OpenSSL-fips-2_0-rc1~341 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=17f121de9d1420f7b52695e0766c76ffa973c47d;p=openssl e_aes.c: move AES-NI run-time switch and implement the switch for remaining modes. --- diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index d739f28008..6e47963383 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -66,44 +66,103 @@ typedef struct AES_KEY ks; } EVP_AES_KEY; +typedef struct + { + AES_KEY ks; /* AES key schedule to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + GCM128_CONTEXT gcm; + unsigned char *iv; /* Temporary IV store */ + int ivlen; /* IV length */ + int taglen; + int iv_gen; /* It is OK to generate IVs */ + } EVP_AES_GCM_CTX; + +typedef struct + { + AES_KEY ks1, ks2; /* AES key schedules to use */ + XTS128_CONTEXT xts; + } EVP_AES_XTS_CTX; + +typedef struct + { + AES_KEY ks; /* AES key schedule to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + int tag_set; /* Set if tag is valid */ + int len_set; /* Set if message length set */ + int L, M; /* L and M parameters from RFC3610 */ + CCM128_CONTEXT ccm; + } EVP_AES_CCM_CTX; + +#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) + #if defined(AES_ASM) && !defined(I386_ONLY) && ( \ ((defined(__i386) || defined(__i386__) || \ defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_AMD64) || defined(_M_X64) || \ defined(__INTEL__) ) +/* + * AES-NI section + */ +extern unsigned int OPENSSL_ia32cap_P[2]; +#define AESNI_CAPABLE (1<<(57-32)) int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); + AES_KEY *key); int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); + AES_KEY *key); void aesni_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void aesni_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void aesni_ecb_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, - int enc); + unsigned char *out, + size_t length, + const AES_KEY *key, + int enc); void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, - unsigned char *ivec, int enc); + unsigned char *out, + size_t length, + const AES_KEY *key, + unsigned char *ivec, int enc); void aesni_ctr32_encrypt_blocks(const unsigned char *in, - unsigned char *out, - size_t blocks, - const void *key, - const unsigned char *ivec); - -extern unsigned int OPENSSL_ia32cap_P[2]; -#define AESNI_CAPABLE (1<<(57-32)) - -static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + unsigned char *out, + size_t blocks, + const void *key, + const unsigned char *ivec); + +void aesni_xts_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); + +void aesni_xts_decrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); + +void aesni_ccm64_encrypt_blocks (const unsigned char *in, + unsigned char *out, + size_t blocks, + const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +void aesni_ccm64_decrypt_blocks (const unsigned char *in, + unsigned char *out, + size_t blocks, + const void *key, + const unsigned char ivec[16], + unsigned char cmac[16]); + +static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { int ret; @@ -111,13 +170,9 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_ECB_MODE || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CBC_MODE) && !enc) - ret = OPENSSL_ia32cap_P[1]&AESNI_CAPABLE ? - aesni_set_decrypt_key(key, ctx->key_len*8, ctx->cipher_data): - AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + ret = aesni_set_decrypt_key(key, ctx->key_len*8, ctx->cipher_data); else - ret = OPENSSL_ia32cap_P[1]&AESNI_CAPABLE ? - aesni_set_encrypt_key(key, ctx->key_len*8, ctx->cipher_data): - AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + ret = aesni_set_encrypt_key(key, ctx->key_len*8, ctx->cipher_data); if(ret < 0) { @@ -128,140 +183,410 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, +static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, const unsigned char *in, size_t len) { - if (OPENSSL_ia32cap_P[1]&AESNI_CAPABLE) - aesni_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt); - else - AES_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt); + aesni_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt); return 1; } -static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, +static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, const unsigned char *in, size_t len) { size_t bl = ctx->cipher->block_size; if (lencipher_data,ctx->encrypt); - else { - size_t i; - - if (ctx->encrypt) { - for (i=0,len-=bl;i<=len;i+=bl) - AES_encrypt(in+i,out+i,ctx->cipher_data); - } else { - for (i=0,len-=bl;i<=len;i+=bl) - AES_decrypt(in+i,out+i,ctx->cipher_data); - } - } + aesni_ecb_encrypt(in,out,len,ctx->cipher_data,ctx->encrypt); return 1; } -static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, +static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, const unsigned char *in,size_t len) { CRYPTO_ofb128_encrypt(in,out,len,ctx->cipher_data, ctx->iv,&ctx->num, - OPENSSL_ia32cap_P[1]&AESNI_CAPABLE ? - (block128_f)aesni_encrypt : - (block128_f)AES_encrypt); + (block128_f)aesni_encrypt); return 1; } -static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, +static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, const unsigned char *in,size_t len) { CRYPTO_cfb128_encrypt(in,out,len,ctx->cipher_data, ctx->iv,&ctx->num,ctx->encrypt, - OPENSSL_ia32cap_P[1]&AESNI_CAPABLE ? - (block128_f)aesni_encrypt : - (block128_f)AES_encrypt); + (block128_f)aesni_encrypt); return 1; } -static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, +static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, const unsigned char *in,size_t len) { CRYPTO_cfb128_8_encrypt(in,out,len,ctx->cipher_data, ctx->iv,&ctx->num,ctx->encrypt, - OPENSSL_ia32cap_P[1]&AESNI_CAPABLE ? - (block128_f)aesni_encrypt : - (block128_f)AES_encrypt); + (block128_f)aesni_encrypt); return 1; } -#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) - -static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, +static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, const unsigned char *in,size_t len) { - block128_f block = OPENSSL_ia32cap_P[1]&AESNI_CAPABLE ? - (block128_f)aesni_encrypt : - (block128_f)AES_encrypt; - if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) { CRYPTO_cfb128_1_encrypt(in,out,len,ctx->cipher_data, - ctx->iv,&ctx->num,ctx->encrypt,block); + ctx->iv,&ctx->num,ctx->encrypt, + (block128_f)aesni_encrypt); return 1; } while (len>=MAXBITCHUNK) { CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,ctx->cipher_data, - ctx->iv,&ctx->num,ctx->encrypt,block); + ctx->iv,&ctx->num,ctx->encrypt, + (block128_f)aesni_encrypt); len-=MAXBITCHUNK; } if (len) CRYPTO_cfb128_1_encrypt(in,out,len*8,ctx->cipher_data, - ctx->iv,&ctx->num,ctx->encrypt,block); + ctx->iv,&ctx->num,ctx->encrypt, + (block128_f)aesni_encrypt); return 1; } -static int aes_counter(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { unsigned int num; num = ctx->num; - if (OPENSSL_ia32cap_P[1]&AESNI_CAPABLE) - CRYPTO_ctr128_encrypt_ctr32(in,out,len, + CRYPTO_ctr128_encrypt_ctr32(in,out,len, ctx->cipher_data,ctx->iv,ctx->buf,&num, (ctr128_f)aesni_ctr32_encrypt_blocks); - else - CRYPTO_ctr128_encrypt(in,out,len, - ctx->cipher_data,ctx->iv,ctx->buf,&num, - (block128_f)AES_encrypt); + ctx->num = (size_t)num; return 1; } -#define BLOCK_CIPHER_mydef(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ +static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + if (!iv && !key) + return 1; + if (key) + { + aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f)aesni_encrypt); + /* If we have an iv can set it directly, otherwise use + * saved IV. + */ + if (iv == NULL && gctx->iv_set) + iv = gctx->iv; + if (iv) + { + CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + gctx->iv_set = 1; + } + gctx->key_set = 1; + } + else + { + /* If key set use IV, otherwise copy */ + if (gctx->key_set) + CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + else + memcpy(gctx->iv, iv, gctx->ivlen); + gctx->iv_set = 1; + gctx->iv_gen = 0; + } + return 1; + } + +static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { + EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + /* If not set up, return error */ + if (!gctx->iv_set && !gctx->key_set) + return -1; + if (!ctx->encrypt && gctx->taglen < 0) + return -1; + if (in) + { + if (out == NULL) + { + if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) + return -1; + } + else if (ctx->encrypt) + { + if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, + in, out, len, + aesni_ctr32_encrypt_blocks)) + return -1; + } + else + { + if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, + in, out, len, + aesni_ctr32_encrypt_blocks)) + return -1; + } + return len; + } + else + { + if (!ctx->encrypt) + { + if (CRYPTO_gcm128_finish(&gctx->gcm, + ctx->buf, gctx->taglen) != 0) + return -1; + gctx->iv_set = 0; + return 0; + } + CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); + gctx->taglen = 16; + /* Don't reuse the IV */ + gctx->iv_set = 0; + return 0; + } + + } + +static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + if (!iv && !key) + return 1; + + if (key) + { + /* key_len is two AES keys */ + if (enc) + { + aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); + xctx->xts.block1 = (block128_f)aesni_encrypt; + } + else + { + aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); + xctx->xts.block1 = (block128_f)aesni_decrypt; + } + + aesni_set_encrypt_key(key + ctx->key_len/2, + ctx->key_len * 4, &xctx->ks2); + xctx->xts.block2 = (block128_f)aesni_encrypt; + + xctx->xts.key1 = &xctx->ks1; + } + + if (iv) + { + xctx->xts.key2 = &xctx->ks2; + memcpy(ctx->iv, iv, 16); + } + + return 1; + } + +static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { + EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + if (!xctx->xts.key1 || !xctx->xts.key2) + return -1; + if (!out || !in) + return -1; +#ifdef OPENSSL_FIPS + /* Requirement of SP800-38E */ + if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && + (len > (1L<<20)*16)) + { + EVPerr(EVP_F_AES_XTS, EVP_R_TOO_LARGE); + return -1; + } +#endif + if (ctx->encrypt) + aesni_xts_encrypt(in, out, len, + xctx->xts.key1, xctx->xts.key2, ctx->iv); + else + aesni_xts_decrypt(in, out, len, + xctx->xts.key1, xctx->xts.key2, ctx->iv); + + return len; + } + +static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + if (!iv && !key) + return 1; + if (key) + { + aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f)aesni_encrypt); + cctx->key_set = 1; + } + if (iv) + { + memcpy(ctx->iv, iv, 15 - cctx->L); + cctx->iv_set = 1; + } + return 1; + } + +static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { + EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + CCM128_CONTEXT *ccm = &cctx->ccm; + /* If not set up, return error */ + if (!cctx->iv_set && !cctx->key_set) + return -1; + if (!ctx->encrypt && !cctx->tag_set) + return -1; + if (!out) + { + if (!in) + { + if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,len)) + return -1; + cctx->len_set = 1; + return len; + } + /* If have AAD need message length */ + if (!cctx->len_set && len) + return -1; + CRYPTO_ccm128_aad(ccm, in, len); + return len; + } + /* EVP_*Final() doesn't return any data */ + if (!in) + return 0; + /* If not set length yet do it */ + if (!cctx->len_set) + { + if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) + return -1; + cctx->len_set = 1; + } + if (ctx->encrypt) + { + if (CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, + aesni_ccm64_encrypt_blocks)) + return -1; + cctx->tag_set = 1; + return len; + } + else + { + int rv = -1; + if (!CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, + aesni_ccm64_decrypt_blocks)) + { + unsigned char tag[16]; + if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) + { + if (!memcmp(tag, ctx->buf, cctx->M)) + rv = len; + } + } + if (rv == -1) + OPENSSL_cleanse(out, len); + cctx->iv_set = 0; + cctx->tag_set = 0; + cctx->len_set = 0; + return rv; + } + + } + +#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +static const EVP_CIPHER aesni_##keylen##_##mode = { \ nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - aes_init_key,aes_##mode##_cipher,NULL,sizeof(EVP_AES_KEY), \ + flags|EVP_CIPH_##MODE##_MODE, \ + aesni_init_key, \ + aesni_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) { return &aes_##keylen##_##mode; } +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize, \ + keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL,NULL,NULL,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return (OPENSSL_ia32cap_P[1]&AESNI_CAPABLE)? \ + &aesni_##keylen##_##mode:&aes_##keylen##_##mode; } + +#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +static const EVP_CIPHER aesni_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aesni_##mode##_init_key, \ + aesni_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL,NULL,aes_##mode##_ctrl,NULL }; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL,NULL,aes_##mode##_ctrl,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return (OPENSSL_ia32cap_P[1]&AESNI_CAPABLE)? \ + &aesni_##keylen##_##mode:&aes_##keylen##_##mode; } -#define BLOCK_CIPHER_mydefs(nid,keylen,flags) \ - BLOCK_CIPHER_mydef(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_mydef(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_mydef(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_mydef(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_mydef(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_mydef(nid,keylen,1,16,cfb8,cfb8,CFB,flags) +#else + +#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_init_key, \ + aes_##mode##_cipher, \ + NULL, \ + sizeof(EVP_AES_KEY), \ + NULL,NULL,NULL,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return &aes_##keylen##_##mode; } -BLOCK_CIPHER_mydefs(NID_aes,128,EVP_CIPH_FLAG_FIPS) -BLOCK_CIPHER_mydefs(NID_aes,192,EVP_CIPH_FLAG_FIPS) -BLOCK_CIPHER_mydefs(NID_aes,256,EVP_CIPH_FLAG_FIPS) +#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ + aes_##mode##_init_key, \ + aes_##mode##_cipher, \ + aes_##mode##_cleanup, \ + sizeof(EVP_AES_##MODE##_CTX), \ + NULL,NULL,aes_##mode##_ctrl,NULL }; \ +const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ +{ return &aes_##keylen##_##mode; } +#endif -#else +#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ + BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags) static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) @@ -271,9 +596,9 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, if (((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_ECB_MODE || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CBC_MODE) && !enc) - ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + ret = AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); else - ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + ret = AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); if(ret < 0) { @@ -284,32 +609,85 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -#define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx) +static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, + const unsigned char *in, size_t len) +{ + AES_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt); + + return 1; +} + +static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, + const unsigned char *in, size_t len) +{ + size_t bl = ctx->cipher->block_size; + size_t i; + + if (lenencrypt) { + for (i=0,len-=bl;i<=len;i+=bl) + AES_encrypt(in+i,out+i,ctx->cipher_data); + } else { + for (i=0,len-=bl;i<=len;i+=bl) + AES_decrypt(in+i,out+i,ctx->cipher_data); + } + + return 1; +} -IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, - NID_aes_128, 16, 16, 16, 128, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, - aes_init_key, NULL, NULL, NULL, NULL) -IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, - NID_aes_192, 16, 24, 16, 128, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, - aes_init_key, NULL, NULL, NULL, NULL) -IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, - NID_aes_256, 16, 32, 16, 128, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, - aes_init_key, NULL, NULL, NULL, NULL) +static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, + const unsigned char *in,size_t len) +{ + CRYPTO_ofb128_encrypt(in,out,len,ctx->cipher_data, + ctx->iv,&ctx->num, + (block128_f)AES_encrypt); + return 1; +} -#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,EVP_CIPH_FLAG_FIPS) +static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, + const unsigned char *in,size_t len) +{ + CRYPTO_cfb128_encrypt(in,out,len,ctx->cipher_data, + ctx->iv,&ctx->num,ctx->encrypt, + (block128_f)AES_encrypt); + return 1; +} + +static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, + const unsigned char *in,size_t len) +{ + CRYPTO_cfb128_8_encrypt(in,out,len,ctx->cipher_data, + ctx->iv,&ctx->num,ctx->encrypt, + (block128_f)AES_encrypt); + return 1; +} -IMPLEMENT_AES_CFBR(128,1) -IMPLEMENT_AES_CFBR(192,1) -IMPLEMENT_AES_CFBR(256,1) +static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, + const unsigned char *in,size_t len) +{ + if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) { + CRYPTO_cfb128_1_encrypt(in,out,len,ctx->cipher_data, + ctx->iv,&ctx->num,ctx->encrypt, + (block128_f)AES_encrypt); + return 1; + } -IMPLEMENT_AES_CFBR(128,8) -IMPLEMENT_AES_CFBR(192,8) -IMPLEMENT_AES_CFBR(256,8) + while (len>=MAXBITCHUNK) { + CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,ctx->cipher_data, + ctx->iv,&ctx->num,ctx->encrypt, + (block128_f)AES_encrypt); + len-=MAXBITCHUNK; + } + if (len) + CRYPTO_cfb128_1_encrypt(in,out,len*8,ctx->cipher_data, + ctx->iv,&ctx->num,ctx->encrypt, + (block128_f)AES_encrypt); + + return 1; +} -static int aes_counter (EVP_CIPHER_CTX *ctx, unsigned char *out, +static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { unsigned int num; @@ -331,76 +709,9 @@ static int aes_counter (EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -#endif - -static const EVP_CIPHER aes_128_ctr_cipher= - { - NID_aes_128_ctr,1,16,16, - EVP_CIPH_CTR_MODE|EVP_CIPH_FLAG_FIPS, - aes_init_key, - aes_counter, - NULL, - sizeof(EVP_AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - -const EVP_CIPHER *EVP_aes_128_ctr (void) -{ return &aes_128_ctr_cipher; } - -static const EVP_CIPHER aes_192_ctr_cipher= - { - NID_aes_192_ctr,1,24,16, - EVP_CIPH_CTR_MODE|EVP_CIPH_FLAG_FIPS, - aes_init_key, - aes_counter, - NULL, - sizeof(EVP_AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - -const EVP_CIPHER *EVP_aes_192_ctr (void) -{ return &aes_192_ctr_cipher; } - -static const EVP_CIPHER aes_256_ctr_cipher= - { - NID_aes_256_ctr,1,32,16, - EVP_CIPH_CTR_MODE|EVP_CIPH_FLAG_FIPS, - aes_init_key, - aes_counter, - NULL, - sizeof(EVP_AES_KEY), - NULL, - NULL, - NULL, - NULL - }; - -const EVP_CIPHER *EVP_aes_256_ctr (void) -{ return &aes_256_ctr_cipher; } - -typedef struct - { - /* AES key schedule to use */ - AES_KEY ks; - /* Set if key initialised */ - int key_set; - /* Set if an iv is set */ - int iv_set; - GCM128_CONTEXT gcm; - /* Temporary IV store */ - unsigned char *iv; - /* IV length */ - int ivlen; - int taglen; - /* It is OK to generate IVs */ - int iv_gen; - } EVP_AES_GCM_CTX; +BLOCK_CIPHER_generic_pack(NID_aes,128,EVP_CIPH_FLAG_FIPS) +BLOCK_CIPHER_generic_pack(NID_aes,192,EVP_CIPH_FLAG_FIPS) +BLOCK_CIPHER_generic_pack(NID_aes,256,EVP_CIPH_FLAG_FIPS) static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { @@ -546,7 +857,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -static int aes_gcm(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_AES_GCM_CTX *gctx = ctx->cipher_data; @@ -593,69 +904,13 @@ static int aes_gcm(EVP_CIPHER_CTX *ctx, unsigned char *out, } -static const EVP_CIPHER aes_128_gcm_cipher= - { - NID_aes_128_gcm,1,16,12, - EVP_CIPH_GCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, - aes_gcm_init_key, - aes_gcm, - aes_gcm_cleanup, - sizeof(EVP_AES_GCM_CTX), - NULL, - NULL, - aes_gcm_ctrl, - NULL - }; - -const EVP_CIPHER *EVP_aes_128_gcm (void) -{ return &aes_128_gcm_cipher; } - -static const EVP_CIPHER aes_192_gcm_cipher= - { - NID_aes_192_gcm,1,24,12, - EVP_CIPH_GCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, - aes_gcm_init_key, - aes_gcm, - aes_gcm_cleanup, - sizeof(EVP_AES_GCM_CTX), - NULL, - NULL, - aes_gcm_ctrl, - NULL - }; - -const EVP_CIPHER *EVP_aes_192_gcm (void) -{ return &aes_192_gcm_cipher; } - -static const EVP_CIPHER aes_256_gcm_cipher= - { - NID_aes_256_gcm,1,32,12, - EVP_CIPH_GCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, - aes_gcm_init_key, - aes_gcm, - aes_gcm_cleanup, - sizeof(EVP_AES_GCM_CTX), - NULL, - NULL, - aes_gcm_ctrl, - NULL - }; - -const EVP_CIPHER *EVP_aes_256_gcm (void) -{ return &aes_256_gcm_cipher; } +#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT) -typedef struct - { - /* AES key schedules to use */ - AES_KEY ks1, ks2; - XTS128_CONTEXT xts; - } EVP_AES_XTS_CTX; +BLOCK_CIPHER_custom(NID_aes,128,1,12,gcm,GCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes,192,1,12,gcm,GCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { @@ -705,7 +960,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_AES_XTS_CTX *xctx = ctx->cipher_data; @@ -728,60 +983,10 @@ static int aes_xts(EVP_CIPHER_CTX *ctx, unsigned char *out, return len; } -static const EVP_CIPHER aes_128_xts_cipher= - { - NID_aes_128_xts,16,32,16, - EVP_CIPH_XTS_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, - aes_xts_init_key, - aes_xts, - 0, - sizeof(EVP_AES_XTS_CTX), - NULL, - NULL, - aes_xts_ctrl, - NULL - }; - -const EVP_CIPHER *EVP_aes_128_xts (void) -{ return &aes_128_xts_cipher; } - -static const EVP_CIPHER aes_256_xts_cipher= - { - NID_aes_256_xts,16,64,16, - EVP_CIPH_XTS_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, - aes_xts_init_key, - aes_xts, - 0, - sizeof(EVP_AES_XTS_CTX), - NULL, - NULL, - aes_xts_ctrl, - NULL - }; - -const EVP_CIPHER *EVP_aes_256_xts (void) -{ return &aes_256_xts_cipher; } +#define aes_xts_cleanup NULL -typedef struct - { - /* AES key schedule to use */ - AES_KEY ks; - /* Set if key initialised */ - int key_set; - /* Set if an iv is set */ - int iv_set; - /* Set if tag is valid */ - int tag_set; - /* Set if message length set */ - int len_set; - /* L and M parameters from RFC3610 */ - int L, M; - CCM128_CONTEXT ccm; - } EVP_AES_CCM_CTX; +BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { @@ -855,7 +1060,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; } -static int aes_ccm(EVP_CIPHER_CTX *ctx, unsigned char *out, +static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_AES_CCM_CTX *cctx = ctx->cipher_data; @@ -919,61 +1124,10 @@ static int aes_ccm(EVP_CIPHER_CTX *ctx, unsigned char *out, } -static const EVP_CIPHER aes_128_ccm_cipher= - { - NID_aes_128_ccm,1,16,12, - EVP_CIPH_CCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, - aes_ccm_init_key, - aes_ccm, - 0, - sizeof(EVP_AES_CCM_CTX), - NULL, - NULL, - aes_ccm_ctrl, - NULL - }; - -const EVP_CIPHER *EVP_aes_128_ccm (void) -{ return &aes_128_ccm_cipher; } - -static const EVP_CIPHER aes_192_ccm_cipher= - { - NID_aes_192_ccm,1,24,12, - EVP_CIPH_CCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, - aes_ccm_init_key, - aes_ccm, - 0, - sizeof(EVP_AES_CCM_CTX), - NULL, - NULL, - aes_ccm_ctrl, - NULL - }; - -const EVP_CIPHER *EVP_aes_192_ccm (void) -{ return &aes_192_ccm_cipher; } - -static const EVP_CIPHER aes_256_ccm_cipher= - { - NID_aes_256_ccm,1,32,12, - EVP_CIPH_CCM_MODE|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1 - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT, - aes_ccm_init_key, - aes_ccm, - 0, - sizeof(EVP_AES_CCM_CTX), - NULL, - NULL, - aes_ccm_ctrl, - NULL - }; - -const EVP_CIPHER *EVP_aes_256_ccm (void) -{ return &aes_256_ccm_cipher; } +#define aes_ccm_cleanup NULL + +BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) #endif