crypto/aes/aes_modes.c

54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson/*
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * CDDL HEADER START
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson *
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * The contents of this file are subject to the terms of the
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Common Development and Distribution License (the "License").
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * You may not use this file except in compliance with the License.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson *
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * or http://www.opensolaris.org/os/licensing.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * See the License for the specific language governing permissions
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * and limitations under the License.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson *
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * When distributing Covered Code, include this CDDL HEADER in each
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * If applicable, add the following below this CDDL HEADER, with the
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * fields enclosed by brackets "[]" replaced with your own identifying
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * information: Portions Copyright [yyyy] [name of copyright owner]
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson *
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * CDDL HEADER END
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson/*
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Use is subject to license terms.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#include <sys/types.h>
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#include <sys/sysmacros.h>
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#include <modes/modes.h>
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#include "aes_impl.h"
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#ifndef _KERNEL
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#include <stdlib.h>
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif  /* !_KERNEL */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson/* Copy a 16-byte AES block from "in" to "out" */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonvoid
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonaes_copy_block(uint8_t *in, uint8_t *out)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson{
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    if (IS_P2ALIGNED2(in, out, sizeof (uint32_t))) {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        /* LINTED: pointer alignment */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        *(uint32_t *)&out[0] = *(uint32_t *)&in[0];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        /* LINTED: pointer alignment */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        *(uint32_t *)&out[4] = *(uint32_t *)&in[4];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        /* LINTED: pointer alignment */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        *(uint32_t *)&out[8] = *(uint32_t *)&in[8];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        /* LINTED: pointer alignment */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        *(uint32_t *)&out[12] = *(uint32_t *)&in[12];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    } else {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        AES_COPY_BLOCK(in, out);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    }
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson}
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson/* XOR a 16-byte AES block of data into dst */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonvoid
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonaes_xor_block(uint8_t *data, uint8_t *dst)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson{
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    if (IS_P2ALIGNED2(dst, data, sizeof (uint32_t))) {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        /* LINTED: pointer alignment */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        *(uint32_t *)&dst[0] ^= *(uint32_t *)&data[0];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        /* LINTED: pointer alignment */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        *(uint32_t *)&dst[4] ^= *(uint32_t *)&data[4];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        /* LINTED: pointer alignment */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        *(uint32_t *)&dst[8] ^= *(uint32_t *)&data[8];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        /* LINTED: pointer alignment */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        *(uint32_t *)&dst[12] ^= *(uint32_t *)&data[12];
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    } else {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        AES_XOR_BLOCK(data, dst);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    }
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson}
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson/*
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Encrypt multiple blocks of data according to mode.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonint
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonaes_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    crypto_data_t *out)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson{
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    aes_ctx_t *aes_ctx = ctx;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    int rv;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    if (aes_ctx->ac_flags & CTR_MODE) {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#ifdef _KERNEL
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    } else if (aes_ctx->ac_flags & CCM_MODE) {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        rv = ccm_mode_encrypt_contiguous_blocks(ctx, data, length,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            aes_xor_block);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    } else if (aes_ctx->ac_flags & (GCM_MODE|GMAC_MODE)) {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        rv = gcm_mode_encrypt_contiguous_blocks(ctx, data, length,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            aes_xor_block);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    } else if (aes_ctx->ac_flags & CBC_MODE) {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        rv = cbc_encrypt_contiguous_blocks(ctx,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            data, length, out, AES_BLOCK_LEN, aes_encrypt_block,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            aes_copy_block, aes_xor_block);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    } else {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            AES_BLOCK_LEN, aes_encrypt_block);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    }
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    return (rv);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson}
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson/*
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson * Decrypt multiple blocks of data according to mode.
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson */
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonint
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Andersonaes_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    crypto_data_t *out)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson{
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    aes_ctx_t *aes_ctx = ctx;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    int rv;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    if (aes_ctx->ac_flags & CTR_MODE) {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        rv = ctr_mode_contiguous_blocks(ctx, data, length, out,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            AES_BLOCK_LEN, aes_encrypt_block, aes_xor_block);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        if (rv == CRYPTO_DATA_LEN_RANGE)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#ifdef _KERNEL
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    } else if (aes_ctx->ac_flags & CCM_MODE) {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        rv = ccm_mode_decrypt_contiguous_blocks(ctx, data, length,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            aes_xor_block);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    } else if (aes_ctx->ac_flags & (GCM_MODE|GMAC_MODE)) {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        rv = gcm_mode_decrypt_contiguous_blocks(ctx, data, length,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            out, AES_BLOCK_LEN, aes_encrypt_block, aes_copy_block,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            aes_xor_block);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson#endif
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    } else if (aes_ctx->ac_flags & CBC_MODE) {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        rv = cbc_decrypt_contiguous_blocks(ctx, data, length, out,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            AES_BLOCK_LEN, aes_decrypt_block, aes_copy_block,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            aes_xor_block);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    } else {
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            AES_BLOCK_LEN, aes_decrypt_block);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson        if (rv == CRYPTO_DATA_LEN_RANGE)
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson            rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    }
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson    return (rv);
54034eb2d6e7d811adf4a1fe5105eac6fea6b0b5Dan OpenSolaris Anderson}