mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-21 06:09:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
4b51903d86
openssl/providers/implementations/ciphers/cipher_aes_xts_hw.c
Shane Lontis 4b51903d86 Fix AES_XTS on x86-64 platforms with BSAES and VPAES support. 
Fixes #11622
Fixes #12378

Due to a missing else it was setting up the stream for BSAES and then using this incorrect stream with VPAES.
The correct behaviour is not to use VPAES at all in this case.
Also note that the original code in e_aes could set up VPAES and then would overwrite it with the generic implementation.
On a machine that supported both BSAES and VPAES the code was changed locally to force it to run both cases to verify
both paths produce the correct known answers.

Debugged using mageia 7.1, but is also highly likely to fix FreeBSD also.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12887)
2020-09-18 06:15:50 +10:00

177 lines
6.5 KiB
C
Raw Blame History

/*
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This file uses the low level AES functions (which are deprecated for
* non-internal use) in order to implement provider AES ciphers.
*/
#include "internal/deprecated.h"
#include "cipher_aes_xts.h"
#define XTS_SET_KEY_FN(fn_set_enc_key, fn_set_dec_key, \
fn_block_enc, fn_block_dec, \
fn_stream_enc, fn_stream_dec) { \
size_t bytes = keylen / 2; \
size_t bits = bytes * 8; \
\
if (ctx->enc) { \
fn_set_enc_key(key, bits, &xctx->ks1.ks); \
xctx->xts.block1 = (block128_f)fn_block_enc; \
} else { \
fn_set_dec_key(key, bits, &xctx->ks1.ks); \
xctx->xts.block1 = (block128_f)fn_block_dec; \
} \
fn_set_enc_key(key + bytes, bits, &xctx->ks2.ks); \
xctx->xts.block2 = (block128_f)fn_block_enc; \
xctx->xts.key1 = &xctx->ks1; \
xctx->xts.key2 = &xctx->ks2; \
xctx->stream = ctx->enc ? fn_stream_enc : fn_stream_dec; \
}
static int cipher_hw_aes_xts_generic_initkey(PROV_CIPHER_CTX *ctx,
const unsigned char *key,
size_t keylen)
{
PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
OSSL_xts_stream_fn stream_enc = NULL;
OSSL_xts_stream_fn stream_dec = NULL;
#ifdef AES_XTS_ASM
stream_enc = AES_xts_encrypt;
stream_dec = AES_xts_decrypt;
#endif /* AES_XTS_ASM */
#ifdef HWAES_CAPABLE
if (HWAES_CAPABLE) {
# ifdef HWAES_xts_encrypt
stream_enc = HWAES_xts_encrypt;
# endif /* HWAES_xts_encrypt */
# ifdef HWAES_xts_decrypt
stream_dec = HWAES_xts_decrypt;
# endif /* HWAES_xts_decrypt */
XTS_SET_KEY_FN(HWAES_set_encrypt_key, HWAES_set_decrypt_key,
HWAES_encrypt, HWAES_decrypt,
stream_enc, stream_dec);
} else
#endif /* HWAES_CAPABLE */
#ifdef BSAES_CAPABLE
if (BSAES_CAPABLE) {
stream_enc = bsaes_xts_encrypt;
stream_dec = bsaes_xts_decrypt;
} else
#endif /* BSAES_CAPABLE */
#ifdef VPAES_CAPABLE
if (VPAES_CAPABLE) {
XTS_SET_KEY_FN(vpaes_set_encrypt_key, vpaes_set_decrypt_key,
vpaes_encrypt, vpaes_decrypt, stream_enc, stream_dec);
return 1;
} else
#endif /* VPAES_CAPABLE */
{
(void)0;
}
{
XTS_SET_KEY_FN(AES_set_encrypt_key, AES_set_decrypt_key,
AES_encrypt, AES_decrypt, stream_enc, stream_dec);
}
return 1;
}
static void cipher_hw_aes_xts_copyctx(PROV_CIPHER_CTX *dst,
const PROV_CIPHER_CTX *src)
{
PROV_AES_XTS_CTX *sctx = (PROV_AES_XTS_CTX *)src;
PROV_AES_XTS_CTX *dctx = (PROV_AES_XTS_CTX *)dst;
*dctx = *sctx;
dctx->xts.key1 = &dctx->ks1.ks;
dctx->xts.key2 = &dctx->ks2.ks;
}
#if defined(AESNI_CAPABLE)
static int cipher_hw_aesni_xts_initkey(PROV_CIPHER_CTX *ctx,
const unsigned char *key, size_t keylen)
{
PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
XTS_SET_KEY_FN(aesni_set_encrypt_key, aesni_set_decrypt_key,
aesni_encrypt, aesni_decrypt,
aesni_xts_encrypt, aesni_xts_decrypt);
return 1;
}
# define PROV_CIPHER_HW_declare_xts() \
static const PROV_CIPHER_HW aesni_xts = { \
cipher_hw_aesni_xts_initkey, \
NULL, \
cipher_hw_aes_xts_copyctx \
};
# define PROV_CIPHER_HW_select_xts() \
if (AESNI_CAPABLE) \
return &aesni_xts;
# elif defined(SPARC_AES_CAPABLE)
static int cipher_hw_aes_xts_t4_initkey(PROV_CIPHER_CTX *ctx,
const unsigned char *key, size_t keylen)
{
PROV_AES_XTS_CTX *xctx = (PROV_AES_XTS_CTX *)ctx;
OSSL_xts_stream_fn stream_enc = NULL;
OSSL_xts_stream_fn stream_dec = NULL;
/* Note: keylen is the size of 2 keys */
switch (keylen) {
case 32:
stream_enc = aes128_t4_xts_encrypt;
stream_dec = aes128_t4_xts_decrypt;
break;
case 64:
stream_enc = aes256_t4_xts_encrypt;
stream_dec = aes256_t4_xts_decrypt;
break;
default:
return 0;
}
XTS_SET_KEY_FN(aes_t4_set_encrypt_key, aes_t4_set_decrypt_key,
aes_t4_encrypt, aes_t4_decrypt,
stream_enc, stream_dec);
return 1;
}
# define PROV_CIPHER_HW_declare_xts() \
static const PROV_CIPHER_HW aes_xts_t4 = { \
cipher_hw_aes_xts_t4_initkey, \
NULL, \
cipher_hw_aes_xts_copyctx \
};
# define PROV_CIPHER_HW_select_xts() \
if (SPARC_AES_CAPABLE) \
return &aes_xts_t4;
# else
/* The generic case */
# define PROV_CIPHER_HW_declare_xts()
# define PROV_CIPHER_HW_select_xts()
#endif
static const PROV_CIPHER_HW aes_generic_xts = {
cipher_hw_aes_xts_generic_initkey,
NULL,
cipher_hw_aes_xts_copyctx
};
PROV_CIPHER_HW_declare_xts()
const PROV_CIPHER_HW *PROV_CIPHER_HW_aes_xts(size_t keybits)
{
PROV_CIPHER_HW_select_xts()
return &aes_generic_xts;
}
Reference in New Issue View Git Blame Copy Permalink