2 * Copyright (c) 2003 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 #include "rijndael-alg-fst.h"
40 #if defined(HAVE_AESNI_INTEL)
43 * NB. HAVE_AESNI_INTEL is only defined if -lang-asm is
47 static inline void __cpuid(unsigned int where[4], unsigned int leaf)
49 asm volatile("cpuid" :
53 "=d" (where[3]): "a" (leaf));
57 * has_intel_aes_instructions()
58 * return true if supports AES-NI and false if doesn't
60 static bool has_intel_aes_instructions(void)
62 static int has_aes_instructions = -1;
63 unsigned int cpuid_results[4];
65 if (has_aes_instructions != -1) {
66 return (bool)has_aes_instructions;
69 __cpuid(cpuid_results, 1);
70 has_aes_instructions = !!(cpuid_results[2] & (1 << 25));
71 return (bool)has_aes_instructions;
75 * Macro to ensure the AES key schedule starts on a 16 byte boundary.
78 #define SET_ACC_CTX(k) \
80 (k)->u.aes_ni.acc_ctx = \
81 (struct crypto_aes_ctx *)(((unsigned long)(k)->u.aes_ni._acc_ctx + 15) & ~0xfUL); \
85 * The next 4 functions call the Intel AES hardware implementations
88 * AES_set_encrypt_key()
89 * AES_set_decrypt_key()
94 static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
99 return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
102 static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
107 return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
110 static void AES_encrypt_aesni(const unsigned char *in,
114 aesni_enc(key->u.aes_ni.acc_ctx, out, in);
117 static void AES_decrypt_aesni(const unsigned char *in,
121 aesni_dec(key->u.aes_ni.acc_ctx, out, in);
123 #else /* defined(HAVE_AESNI_INTEL) */
126 * Dummy implementations if no Intel AES instructions present.
127 * Only has_intel_aes_instructions() will ever be called.
130 static bool has_intel_aes_instructions(void)
135 static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
142 static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
149 static void AES_encrypt_aesni(const unsigned char *in,
156 static void AES_decrypt_aesni(const unsigned char *in,
162 #endif /* defined(HAVE_AENI_INTEL) */
165 * The next 4 functions are the pure software implementations
168 * AES_set_encrypt_key()
169 * AES_set_decrypt_key()
175 AES_set_encrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key)
177 key->u.aes_rj.rounds = rijndaelKeySetupEnc(key->u.aes_rj.key, userkey, bits);
178 if (key->u.aes_rj.rounds == 0)
184 AES_set_decrypt_key_rj(const unsigned char *userkey, const int bits, AES_KEY *key)
186 key->u.aes_rj.rounds = rijndaelKeySetupDec(key->u.aes_rj.key, userkey, bits);
187 if (key->u.aes_rj.rounds == 0)
193 AES_encrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key)
195 rijndaelEncrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out);
199 AES_decrypt_rj(const unsigned char *in, unsigned char *out, const AES_KEY *key)
201 rijndaelDecrypt(key->u.aes_rj.key, key->u.aes_rj.rounds, in, out);
205 * The next 4 functions are the runtime switch for Intel AES hardware
206 * implementations of:
208 * AES_set_encrypt_key()
209 * AES_set_decrypt_key()
213 * If the hardware instructions don't exist, fall back to the software
218 AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
220 if (has_intel_aes_instructions()) {
221 return AES_set_encrypt_key_aesni(userkey, bits, key);
223 return AES_set_encrypt_key_rj(userkey, bits, key);
227 AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
229 if (has_intel_aes_instructions()) {
230 return AES_set_decrypt_key_aesni(userkey, bits, key);
232 return AES_set_decrypt_key_rj(userkey, bits, key);
236 AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
238 if (has_intel_aes_instructions()) {
239 return AES_encrypt_aesni(in, out, key);
241 return AES_encrypt_rj(in, out, key);
245 AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
247 if (has_intel_aes_instructions()) {
248 return AES_decrypt_aesni(in, out, key);
250 return AES_decrypt_rj(in, out, key);
253 #endif /* SAMBA_RIJNDAEL */
255 #ifdef SAMBA_AES_CBC_ENCRYPT
257 AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
258 unsigned long size, const AES_KEY *key,
259 unsigned char *iv, int forward_encrypt)
261 unsigned char tmp[AES_BLOCK_SIZE];
264 if (forward_encrypt) {
265 while (size >= AES_BLOCK_SIZE) {
266 for (i = 0; i < AES_BLOCK_SIZE; i++)
267 tmp[i] = in[i] ^ iv[i];
268 AES_encrypt(tmp, out, key);
269 memcpy(iv, out, AES_BLOCK_SIZE);
270 size -= AES_BLOCK_SIZE;
271 in += AES_BLOCK_SIZE;
272 out += AES_BLOCK_SIZE;
275 for (i = 0; i < size; i++)
276 tmp[i] = in[i] ^ iv[i];
277 for (i = size; i < AES_BLOCK_SIZE; i++)
279 AES_encrypt(tmp, out, key);
280 memcpy(iv, out, AES_BLOCK_SIZE);
283 while (size >= AES_BLOCK_SIZE) {
284 memcpy(tmp, in, AES_BLOCK_SIZE);
285 AES_decrypt(tmp, out, key);
286 for (i = 0; i < AES_BLOCK_SIZE; i++)
288 memcpy(iv, tmp, AES_BLOCK_SIZE);
289 size -= AES_BLOCK_SIZE;
290 in += AES_BLOCK_SIZE;
291 out += AES_BLOCK_SIZE;
294 memcpy(tmp, in, AES_BLOCK_SIZE);
295 AES_decrypt(tmp, out, key);
296 for (i = 0; i < size; i++)
298 memcpy(iv, tmp, AES_BLOCK_SIZE);
302 #endif /* SAMBA_AES_CBC_ENCRYPT */
304 #ifdef SAMBA_AES_CFB8_ENCRYPT
306 AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
307 unsigned long size, const AES_KEY *key,
308 unsigned char *iv, int forward_encrypt)
312 for (i = 0; i < size; i++) {
313 unsigned char tmp[AES_BLOCK_SIZE + 1];
315 memcpy(tmp, iv, AES_BLOCK_SIZE);
316 AES_encrypt(iv, iv, key);
317 if (!forward_encrypt) {
318 tmp[AES_BLOCK_SIZE] = in[i];
320 out[i] = in[i] ^ iv[0];
321 if (forward_encrypt) {
322 tmp[AES_BLOCK_SIZE] = out[i];
324 memcpy(iv, &tmp[1], AES_BLOCK_SIZE);
327 #endif /* SAMBA_AES_CFB8_ENCRYPT */