Changeset View
Changeset View
Standalone View
Standalone View
sys/crypto/armv8/armv8_crypto_wrap.c
Show First 20 Lines • Show All 257 Lines • ▼ Show 20 Lines | armv8_aes_encrypt_gcm(AES_key_t *aes_key, size_t len, | ||||
/* EK0 for a final GMAC round */ | /* EK0 for a final GMAC round */ | ||||
aes_v8_encrypt(aes_counter, EK0.c, aes_key); | aes_v8_encrypt(aes_counter, EK0.c, aes_key); | ||||
/* GCM starts with 2 as counter, 1 is used for final xor of tag. */ | /* GCM starts with 2 as counter, 1 is used for final xor of tag. */ | ||||
aes_counter[AES_BLOCK_LEN - 1] = 2; | aes_counter[AES_BLOCK_LEN - 1] = 2; | ||||
memset(Xi.c, 0, sizeof(Xi.c)); | memset(Xi.c, 0, sizeof(Xi.c)); | ||||
trailer = authdatalen % AES_BLOCK_LEN; | |||||
if (authdatalen - trailer > 0) { | |||||
gcm_ghash_v8(Xi.u, Htable, authdata, authdatalen - trailer); | |||||
authdata += authdatalen - trailer; | |||||
} | |||||
if (trailer > 0 || authdatalen == 0) { | |||||
memset(block, 0, sizeof(block)); | memset(block, 0, sizeof(block)); | ||||
memcpy(block, authdata, min(authdatalen, sizeof(block))); | memcpy(block, authdata, trailer); | ||||
gcm_ghash_v8(Xi.u, Htable, block, AES_BLOCK_LEN); | gcm_ghash_v8(Xi.u, Htable, block, AES_BLOCK_LEN); | ||||
} | |||||
from64 = (const uint64_t*)from; | from64 = (const uint64_t*)from; | ||||
to64 = (uint64_t*)to; | to64 = (uint64_t*)to; | ||||
trailer = len % AES_BLOCK_LEN; | trailer = len % AES_BLOCK_LEN; | ||||
for (i = 0; i < (len - trailer); i += AES_BLOCK_LEN) { | for (i = 0; i < (len - trailer); i += AES_BLOCK_LEN) { | ||||
aes_v8_encrypt(aes_counter, EKi.c, aes_key); | aes_v8_encrypt(aes_counter, EKi.c, aes_key); | ||||
AES_INC_COUNTER(aes_counter); | AES_INC_COUNTER(aes_counter); | ||||
to64[0] = from64[0] ^ EKi.u[0]; | to64[0] = from64[0] ^ EKi.u[0]; | ||||
to64[1] = from64[1] ^ EKi.u[1]; | to64[1] = from64[1] ^ EKi.u[1]; | ||||
gcm_ghash_v8(Xi.u, Htable, (uint8_t*)to64, AES_BLOCK_LEN); | gcm_ghash_v8(Xi.u, Htable, (uint8_t*)to64, AES_BLOCK_LEN); | ||||
to64 += 2; | to64 += 2; | ||||
from64 += 2; | from64 += 2; | ||||
} | } | ||||
to += (len - trailer); | to += (len - trailer); | ||||
from += (len - trailer); | from += (len - trailer); | ||||
if (trailer) { | if (trailer) { | ||||
aes_v8_encrypt(aes_counter, EKi.c, aes_key); | aes_v8_encrypt(aes_counter, EKi.c, aes_key); | ||||
AES_INC_COUNTER(aes_counter); | AES_INC_COUNTER(aes_counter); | ||||
memset(block, 0, sizeof(block)); | |||||
for (i = 0; i < trailer; i++) { | for (i = 0; i < trailer; i++) { | ||||
block[i] = to[i] = from[i] ^ EKi.c[i % AES_BLOCK_LEN]; | block[i] = to[i] = from[i] ^ EKi.c[i]; | ||||
} | } | ||||
for (; i < AES_BLOCK_LEN; i++) | |||||
block[i] = 0; | |||||
gcm_ghash_v8(Xi.u, Htable, block, AES_BLOCK_LEN); | gcm_ghash_v8(Xi.u, Htable, block, AES_BLOCK_LEN); | ||||
} | } | ||||
/* Lengths block */ | /* Lengths block */ | ||||
lenblock.u[0] = lenblock.u[1] = 0; | lenblock.u[0] = lenblock.u[1] = 0; | ||||
lenblock.d[1] = htobe32(authdatalen * 8); | lenblock.d[1] = htobe32(authdatalen * 8); | ||||
lenblock.d[3] = htobe32(len * 8); | lenblock.d[3] = htobe32(len * 8); | ||||
gcm_ghash_v8(Xi.u, Htable, lenblock.c, AES_BLOCK_LEN); | gcm_ghash_v8(Xi.u, Htable, lenblock.c, AES_BLOCK_LEN); | ||||
Show All 32 Lines | armv8_aes_decrypt_gcm(AES_key_t *aes_key, size_t len, | ||||
/* Setup the counter */ | /* Setup the counter */ | ||||
aes_counter[AES_BLOCK_LEN - 1] = 1; | aes_counter[AES_BLOCK_LEN - 1] = 1; | ||||
/* EK0 for a final GMAC round */ | /* EK0 for a final GMAC round */ | ||||
aes_v8_encrypt(aes_counter, EK0.c, aes_key); | aes_v8_encrypt(aes_counter, EK0.c, aes_key); | ||||
memset(Xi.c, 0, sizeof(Xi.c)); | memset(Xi.c, 0, sizeof(Xi.c)); | ||||
trailer = authdatalen % AES_BLOCK_LEN; | |||||
if (authdatalen - trailer > 0) { | |||||
gcm_ghash_v8(Xi.u, Htable, authdata, authdatalen - trailer); | |||||
authdata += authdatalen - trailer; | |||||
} | |||||
if (trailer > 0 || authdatalen == 0) { | |||||
memset(block, 0, sizeof(block)); | memset(block, 0, sizeof(block)); | ||||
memcpy(block, authdata, min(authdatalen, sizeof(block))); | memcpy(block, authdata, trailer); | ||||
gcm_ghash_v8(Xi.u, Htable, block, AES_BLOCK_LEN); | gcm_ghash_v8(Xi.u, Htable, block, AES_BLOCK_LEN); | ||||
} | |||||
trailer = len % AES_BLOCK_LEN; | trailer = len % AES_BLOCK_LEN; | ||||
if (len - trailer > 0) | |||||
gcm_ghash_v8(Xi.u, Htable, from, len - trailer); | gcm_ghash_v8(Xi.u, Htable, from, len - trailer); | ||||
if (trailer > 0) { | |||||
if (trailer) { | memset(block, 0, sizeof(block)); | ||||
for (i = 0; i < trailer; i++) | memcpy(block, from + len - trailer, trailer); | ||||
block[i] = from[len - trailer + i]; | |||||
for (; i < AES_BLOCK_LEN; i++) | |||||
block[i] = 0; | |||||
gcm_ghash_v8(Xi.u, Htable, block, AES_BLOCK_LEN); | gcm_ghash_v8(Xi.u, Htable, block, AES_BLOCK_LEN); | ||||
} | } | ||||
/* Lengths block */ | /* Lengths block */ | ||||
lenblock.u[0] = lenblock.u[1] = 0; | lenblock.u[0] = lenblock.u[1] = 0; | ||||
lenblock.d[1] = htobe32(authdatalen * 8); | lenblock.d[1] = htobe32(authdatalen * 8); | ||||
lenblock.d[3] = htobe32(len * 8); | lenblock.d[3] = htobe32(len * 8); | ||||
gcm_ghash_v8(Xi.u, Htable, lenblock.c, AES_BLOCK_LEN); | gcm_ghash_v8(Xi.u, Htable, lenblock.c, AES_BLOCK_LEN); | ||||
Show All 22 Lines | armv8_aes_decrypt_gcm(AES_key_t *aes_key, size_t len, | ||||
to += (len - trailer); | to += (len - trailer); | ||||
from += (len - trailer); | from += (len - trailer); | ||||
if (trailer) { | if (trailer) { | ||||
aes_v8_encrypt(aes_counter, EKi.c, aes_key); | aes_v8_encrypt(aes_counter, EKi.c, aes_key); | ||||
AES_INC_COUNTER(aes_counter); | AES_INC_COUNTER(aes_counter); | ||||
for (i = 0; i < trailer; i++) | for (i = 0; i < trailer; i++) | ||||
to[i] = from[i] ^ EKi.c[i % AES_BLOCK_LEN]; | to[i] = from[i] ^ EKi.c[i]; | ||||
} | } | ||||
out: | out: | ||||
explicit_bzero(aes_counter, sizeof(aes_counter)); | explicit_bzero(aes_counter, sizeof(aes_counter)); | ||||
explicit_bzero(Xi.c, sizeof(Xi.c)); | explicit_bzero(Xi.c, sizeof(Xi.c)); | ||||
explicit_bzero(EK0.c, sizeof(EK0.c)); | explicit_bzero(EK0.c, sizeof(EK0.c)); | ||||
explicit_bzero(EKi.c, sizeof(EKi.c)); | explicit_bzero(EKi.c, sizeof(EKi.c)); | ||||
explicit_bzero(lenblock.c, sizeof(lenblock.c)); | explicit_bzero(lenblock.c, sizeof(lenblock.c)); | ||||
return (error); | return (error); | ||||
} | } |