#include <assert.h>
#include <limits.h>
#include <string.h>
#include <openssl/aead.h>
#include <openssl/aes.h>
#include <openssl/cipher.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/nid.h>
#include "internal.h"
#include "../../internal.h"
#include "../aes/internal.h"
#include "../bcm_interface.h"
#include "../modes/internal.h"
#include "../service_indicator/internal.h"
#include "../delocate.h"
OPENSSL_MSVC_PRAGMA(…)
OPENSSL_MSVC_PRAGMA(…)
#define AES_GCM_NONCE_LENGTH …
#if defined(BSAES)
static void vpaes_ctr32_encrypt_blocks_with_bsaes(const uint8_t *in,
uint8_t *out, size_t blocks,
const AES_KEY *key,
const uint8_t ivec[16]) {
if (blocks < 8) {
vpaes_ctr32_encrypt_blocks(in, out, blocks, key, ivec);
return;
}
size_t bsaes_blocks = blocks;
if (bsaes_blocks % 8 < 6) {
bsaes_blocks -= bsaes_blocks % 8;
}
AES_KEY bsaes;
vpaes_encrypt_key_to_bsaes(&bsaes, key);
bsaes_ctr32_encrypt_blocks(in, out, bsaes_blocks, &bsaes, ivec);
OPENSSL_cleanse(&bsaes, sizeof(bsaes));
in += 16 * bsaes_blocks;
out += 16 * bsaes_blocks;
blocks -= bsaes_blocks;
uint8_t new_ivec[16];
memcpy(new_ivec, ivec, 12);
uint32_t ctr = CRYPTO_load_u32_be(ivec + 12) + bsaes_blocks;
CRYPTO_store_u32_be(new_ivec + 12, ctr);
vpaes_ctr32_encrypt_blocks(in, out, blocks, key, new_ivec);
}
#endif
EVP_AES_KEY;
EVP_AES_GCM_CTX;
static int aes_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) { … }
static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t len) { … }
static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t len) { … }
static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t len) { … }
static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t len) { … }
ctr128_f aes_ctr_set_key(AES_KEY *aes_key, GCM128_KEY *gcm_key,
block128_f *out_block, const uint8_t *key,
size_t key_bytes) { … }
#if defined(OPENSSL_32_BIT)
#define EVP_AES_GCM_CTX_PADDING …
#else
#define EVP_AES_GCM_CTX_PADDING …
#endif
static EVP_AES_GCM_CTX *aes_gcm_from_cipher_ctx(EVP_CIPHER_CTX *ctx) { … }
static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) { … }
static void aes_gcm_cleanup(EVP_CIPHER_CTX *c) { … }
static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { … }
static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t len) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_128_cbc) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_128_ctr) { … }
DEFINE_LOCAL_DATA(EVP_CIPHER, aes_128_ecb_generic) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_128_ofb) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_128_gcm) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_192_cbc) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_192_ctr) { … }
DEFINE_LOCAL_DATA(EVP_CIPHER, aes_192_ecb_generic) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_192_ofb) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_192_gcm) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_256_cbc) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_256_ctr) { … }
DEFINE_LOCAL_DATA(EVP_CIPHER, aes_256_ecb_generic) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_256_ofb) { … }
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_aes_256_gcm) { … }
#if defined(HWAES_ECB)
static int aes_hw_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
const uint8_t *in, size_t len) { … }
DEFINE_LOCAL_DATA(EVP_CIPHER, aes_hw_128_ecb) { … }
DEFINE_LOCAL_DATA(EVP_CIPHER, aes_hw_192_ecb) { … }
DEFINE_LOCAL_DATA(EVP_CIPHER, aes_hw_256_ecb) { … }
#define EVP_ECB_CIPHER_FUNCTION(keybits) …
#else
#define EVP_ECB_CIPHER_FUNCTION …
#endif
EVP_ECB_CIPHER_FUNCTION(…)
EVP_ECB_CIPHER_FUNCTION(…)
EVP_ECB_CIPHER_FUNCTION(…)
#define EVP_AEAD_AES_GCM_TAG_LEN …
struct aead_aes_gcm_ctx { … };
static int aead_aes_gcm_init_impl(struct aead_aes_gcm_ctx *gcm_ctx,
size_t *out_tag_len, const uint8_t *key,
size_t key_len, size_t tag_len) { … }
static_assert;
static_assert;
static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t requested_tag_len) { … }
static void aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) { … }
static int aead_aes_gcm_seal_scatter_impl(
const struct aead_aes_gcm_ctx *gcm_ctx,
uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *extra_in, size_t extra_in_len,
const uint8_t *ad, size_t ad_len,
size_t tag_len) { … }
static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out,
uint8_t *out_tag, size_t *out_tag_len,
size_t max_out_tag_len,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *extra_in,
size_t extra_in_len,
const uint8_t *ad, size_t ad_len) { … }
static int aead_aes_gcm_open_gather_impl(const struct aead_aes_gcm_ctx *gcm_ctx,
uint8_t *out,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *in_tag,
size_t in_tag_len,
const uint8_t *ad, size_t ad_len,
size_t tag_len) { … }
static int aead_aes_gcm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *in_tag, size_t in_tag_len,
const uint8_t *ad, size_t ad_len) { … }
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm) { … }
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_192_gcm) { … }
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm) { … }
static int aead_aes_gcm_init_randnonce(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len,
size_t requested_tag_len) { … }
static int aead_aes_gcm_seal_scatter_randnonce(
const EVP_AEAD_CTX *ctx,
uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len,
const uint8_t *external_nonce, size_t external_nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *extra_in, size_t extra_in_len,
const uint8_t *ad, size_t ad_len) { … }
static int aead_aes_gcm_open_gather_randnonce(
const EVP_AEAD_CTX *ctx, uint8_t *out,
const uint8_t *external_nonce, size_t external_nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *in_tag, size_t in_tag_len,
const uint8_t *ad, size_t ad_len) { … }
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_randnonce) { … }
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_randnonce) { … }
struct aead_aes_gcm_tls12_ctx { … };
static_assert;
static_assert;
static int aead_aes_gcm_tls12_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t requested_tag_len) { … }
static int aead_aes_gcm_tls12_seal_scatter(
const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
size_t extra_in_len, const uint8_t *ad, size_t ad_len) { … }
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_tls12) { … }
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_tls12) { … }
struct aead_aes_gcm_tls13_ctx { … };
static_assert;
static_assert;
static int aead_aes_gcm_tls13_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t requested_tag_len) { … }
static int aead_aes_gcm_tls13_seal_scatter(
const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
size_t extra_in_len, const uint8_t *ad, size_t ad_len) { … }
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_128_gcm_tls13) { … }
DEFINE_METHOD_FUNCTION(EVP_AEAD, EVP_aead_aes_256_gcm_tls13) { … }
int EVP_has_aes_hardware(void) { … }
OPENSSL_MSVC_PRAGMA(…)