e_padlock.c@ 105945

最後變更在這個檔案從105945是 104078,由 vboxsync 提交於 8 月前
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
檔案大小: 23.3 KB

行
1	/*
2	* Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11	* This file uses the low level AES and engine functions (which are deprecated
12	* for non-internal use) in order to implement the padlock engine AES ciphers.
13	*/
14	#define OPENSSL_SUPPRESS_DEPRECATED
15
16	#include <stdio.h>
17	#include <string.h>
18
19	#include <openssl/opensslconf.h>
20	#include <openssl/crypto.h>
21	#include <openssl/engine.h>
22	#include <openssl/evp.h>
23	#include <openssl/aes.h>
24	#include <openssl/rand.h>
25	#include <openssl/err.h>
26	#include <openssl/modes.h>
27
28	#ifndef OPENSSL_NO_PADLOCKENG
29
30	/*
31	* VIA PadLock AES is available ONLY on some x86 CPUs. Not only that it
32	* doesn't exist elsewhere, but it even can't be compiled on other platforms!
33	*/
34
35	# undef COMPILE_PADLOCKENG
36	# if defined(PADLOCK_ASM)
37	# define COMPILE_PADLOCKENG
38	# ifdef OPENSSL_NO_DYNAMIC_ENGINE
39	static ENGINE *ENGINE_padlock(void);
40	# endif
41	# endif
42
43	# ifdef OPENSSL_NO_DYNAMIC_ENGINE
44	void engine_load_padlock_int(void);
45	void engine_load_padlock_int(void)
46	{
47	/* On non-x86 CPUs it just returns. */
48	# ifdef COMPILE_PADLOCKENG
49	ENGINE *toadd = ENGINE_padlock();
50	if (!toadd)
51	return;
52	ERR_set_mark();
53	ENGINE_add(toadd);
54	/*
55	* If the "add" worked, it gets a structural reference. So either way, we
56	* release our just-created reference.
57	*/
58	ENGINE_free(toadd);
59	/*
60	* If the "add" didn't work, it was probably a conflict because it was
61	* already added (eg. someone calling ENGINE_load_blah then calling
62	* ENGINE_load_builtin_engines() perhaps).
63	*/
64	ERR_pop_to_mark();
65	# endif
66	}
67
68	# endif
69
70	# ifdef COMPILE_PADLOCKENG
71
72	/* Function for ENGINE detection and control */
73	static int padlock_available(void);
74	static int padlock_init(ENGINE *e);
75
76	/* RNG Stuff */
77	static RAND_METHOD padlock_rand;
78
79	/* Cipher Stuff */
80	static int padlock_ciphers(ENGINE e, const EVP_CIPHER *cipher,
81	const int **nids, int nid);
82
83	/* Engine names */
84	static const char *padlock_id = "padlock";
85	static char padlock_name[100];
86
87	/* Available features */
88	static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
89	static int padlock_use_rng = 0; /* Random Number Generator */
90
91	/* ===== Engine "management" functions ===== */
92
93	/* Prepare the ENGINE structure for registration */
94	static int padlock_bind_helper(ENGINE *e)
95	{
96	/* Check available features */
97	padlock_available();
98
99	/*
100	* RNG is currently disabled for reasons discussed in commentary just
101	* before padlock_rand_bytes function.
102	*/
103	padlock_use_rng = 0;
104
105	/* Generate a nice engine name with available features */
106	BIO_snprintf(padlock_name, sizeof(padlock_name),
107	"VIA PadLock (%s, %s)",
108	padlock_use_rng ? "RNG" : "no-RNG",
109	padlock_use_ace ? "ACE" : "no-ACE");
110
111	/* Register everything or return with an error */
112	if (!ENGINE_set_id(e, padlock_id) \|\|
113	!ENGINE_set_name(e, padlock_name) \|\|
114	!ENGINE_set_init_function(e, padlock_init) \|\|
115	(padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) \|\|
116	(padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
117	return 0;
118	}
119
120	/* Everything looks good */
121	return 1;
122	}
123
124	# ifdef OPENSSL_NO_DYNAMIC_ENGINE
125	/* Constructor */
126	static ENGINE *ENGINE_padlock(void)
127	{
128	ENGINE *eng = ENGINE_new();
129
130	if (eng == NULL) {
131	return NULL;
132	}
133
134	if (!padlock_bind_helper(eng)) {
135	ENGINE_free(eng);
136	return NULL;
137	}
138
139	return eng;
140	}
141	# endif
142
143	/* Check availability of the engine */
144	static int padlock_init(ENGINE *e)
145	{
146	return (padlock_use_rng \|\| padlock_use_ace);
147	}
148
149	# ifndef AES_ASM
150	static int padlock_aes_set_encrypt_key(const unsigned char *userKey,
151	const int bits,
152	AES_KEY *key);
153	static int padlock_aes_set_decrypt_key(const unsigned char *userKey,
154	const int bits,
155	AES_KEY *key);
156	# define AES_ASM
157	# define AES_set_encrypt_key padlock_aes_set_encrypt_key
158	# define AES_set_decrypt_key padlock_aes_set_decrypt_key
159	# include "../crypto/aes/aes_core.c"
160	# endif
161
162	/*
163	* This stuff is needed if this ENGINE is being compiled into a
164	* self-contained shared-library.
165	*/
166	# ifndef OPENSSL_NO_DYNAMIC_ENGINE
167	static int padlock_bind_fn(ENGINE e, const char id)
168	{
169	if (id && (strcmp(id, padlock_id) != 0)) {
170	return 0;
171	}
172
173	if (!padlock_bind_helper(e)) {
174	return 0;
175	}
176
177	return 1;
178	}
179
180	IMPLEMENT_DYNAMIC_CHECK_FN()
181	IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
182	# endif /* !OPENSSL_NO_DYNAMIC_ENGINE */
183	/* ===== Here comes the "real" engine ===== */
184
185	/* Some AES-related constants */
186	# define AES_BLOCK_SIZE 16
187	# define AES_KEY_SIZE_128 16
188	# define AES_KEY_SIZE_192 24
189	# define AES_KEY_SIZE_256 32
190	/*
191	* Here we store the status information relevant to the current context.
192	*/
193	/*
194	* BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on
195	* the order of items in this structure. Don't blindly modify, reorder,
196	* etc!
197	*/
198	struct padlock_cipher_data {
199	unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
200	union {
201	unsigned int pad[4];
202	struct {
203	int rounds:4;
204	int dgst:1; /* n/a in C3 */
205	int align:1; /* n/a in C3 */
206	int ciphr:1; /* n/a in C3 */
207	unsigned int keygen:1;
208	int interm:1;
209	unsigned int encdec:1;
210	int ksize:2;
211	} b;
212	} cword; /* Control word */
213	AES_KEY ks; /* Encryption key */
214	};
215
216	/* Interface to assembler module */
217	unsigned int padlock_capability(void);
218	void padlock_key_bswap(AES_KEY *key);
219	void padlock_verify_context(struct padlock_cipher_data *ctx);
220	void padlock_reload_key(void);
221	void padlock_aes_block(void out, const void inp,
222	struct padlock_cipher_data *ctx);
223	int padlock_ecb_encrypt(void out, const void inp,
224	struct padlock_cipher_data *ctx, size_t len);
225	int padlock_cbc_encrypt(void out, const void inp,
226	struct padlock_cipher_data *ctx, size_t len);
227	int padlock_cfb_encrypt(void out, const void inp,
228	struct padlock_cipher_data *ctx, size_t len);
229	int padlock_ofb_encrypt(void out, const void inp,
230	struct padlock_cipher_data *ctx, size_t len);
231	int padlock_ctr32_encrypt(void out, const void inp,
232	struct padlock_cipher_data *ctx, size_t len);
233	int padlock_xstore(void *out, int edx);
234	void padlock_sha1_oneshot(void ctx, const void inp, size_t len);
235	void padlock_sha1(void ctx, const void inp, size_t len);
236	void padlock_sha256_oneshot(void ctx, const void inp, size_t len);
237	void padlock_sha256(void ctx, const void inp, size_t len);
238
239	/*
240	* Load supported features of the CPU to see if the PadLock is available.
241	*/
242	static int padlock_available(void)
243	{
244	unsigned int edx = padlock_capability();
245
246	/* Fill up some flags */
247	padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
248	padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
249
250	return padlock_use_ace + padlock_use_rng;
251	}
252
253	/* ===== AES encryption/decryption ===== */
254
255	# if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
256	# define NID_aes_128_cfb NID_aes_128_cfb128
257	# endif
258
259	# if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
260	# define NID_aes_128_ofb NID_aes_128_ofb128
261	# endif
262
263	# if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
264	# define NID_aes_192_cfb NID_aes_192_cfb128
265	# endif
266
267	# if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
268	# define NID_aes_192_ofb NID_aes_192_ofb128
269	# endif
270
271	# if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
272	# define NID_aes_256_cfb NID_aes_256_cfb128
273	# endif
274
275	# if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
276	# define NID_aes_256_ofb NID_aes_256_ofb128
277	# endif
278
279	/* List of supported ciphers. */
280	static const int padlock_cipher_nids[] = {
281	NID_aes_128_ecb,
282	NID_aes_128_cbc,
283	NID_aes_128_cfb,
284	NID_aes_128_ofb,
285	NID_aes_128_ctr,
286
287	NID_aes_192_ecb,
288	NID_aes_192_cbc,
289	NID_aes_192_cfb,
290	NID_aes_192_ofb,
291	NID_aes_192_ctr,
292
293	NID_aes_256_ecb,
294	NID_aes_256_cbc,
295	NID_aes_256_cfb,
296	NID_aes_256_ofb,
297	NID_aes_256_ctr
298	};
299
300	static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
301	sizeof(padlock_cipher_nids[0]));
302
303	/* Function prototypes ... */
304	static int padlock_aes_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
305	const unsigned char *iv, int enc);
306
307	# define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
308	( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
309	# define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
310	NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx)))
311
312	static int
313	padlock_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out_arg,
314	const unsigned char *in_arg, size_t nbytes)
315	{
316	return padlock_ecb_encrypt(out_arg, in_arg,
317	ALIGNED_CIPHER_DATA(ctx), nbytes);
318	}
319
320	static int
321	padlock_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out_arg,
322	const unsigned char *in_arg, size_t nbytes)
323	{
324	struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
325	int ret;
326
327	memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
328	if ((ret = padlock_cbc_encrypt(out_arg, in_arg, cdata, nbytes)))
329	memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
330	return ret;
331	}
332
333	static int
334	padlock_cfb_cipher(EVP_CIPHER_CTX ctx, unsigned char out_arg,
335	const unsigned char *in_arg, size_t nbytes)
336	{
337	struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
338	size_t chunk;
339
340	if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) { /* borrow chunk variable */
341	unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
342
343	if (chunk >= AES_BLOCK_SIZE)
344	return 0; /* bogus value */
345
346	if (EVP_CIPHER_CTX_is_encrypting(ctx))
347	while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
348	ivp[chunk] = (out_arg++) = (in_arg++) ^ ivp[chunk];
349	chunk++, nbytes--;
350	} else
351	while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
352	unsigned char c = *(in_arg++);
353	*(out_arg++) = c ^ ivp[chunk];
354	ivp[chunk++] = c, nbytes--;
355	}
356
357	EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
358	}
359
360	if (nbytes == 0)
361	return 1;
362
363	memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
364
365	if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
366	if (!padlock_cfb_encrypt(out_arg, in_arg, cdata, chunk))
367	return 0;
368	nbytes -= chunk;
369	}
370
371	if (nbytes) {
372	unsigned char *ivp = cdata->iv;
373
374	out_arg += chunk;
375	in_arg += chunk;
376	EVP_CIPHER_CTX_set_num(ctx, nbytes);
377	if (cdata->cword.b.encdec) {
378	cdata->cword.b.encdec = 0;
379	padlock_reload_key();
380	padlock_aes_block(ivp, ivp, cdata);
381	cdata->cword.b.encdec = 1;
382	padlock_reload_key();
383	while (nbytes) {
384	unsigned char c = *(in_arg++);
385	(out_arg++) = c ^ ivp;
386	*(ivp++) = c, nbytes--;
387	}
388	} else {
389	padlock_reload_key();
390	padlock_aes_block(ivp, ivp, cdata);
391	padlock_reload_key();
392	while (nbytes) {
393	ivp = (out_arg++) = (in_arg++) ^ ivp;
394	ivp++, nbytes--;
395	}
396	}
397	}
398
399	memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
400
401	return 1;
402	}
403
404	static int
405	padlock_ofb_cipher(EVP_CIPHER_CTX ctx, unsigned char out_arg,
406	const unsigned char *in_arg, size_t nbytes)
407	{
408	struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
409	size_t chunk;
410
411	/*
412	* ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
413	*/
414	if ((chunk = EVP_CIPHER_CTX_get_num(ctx))) { /* borrow chunk variable */
415	unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
416
417	if (chunk >= AES_BLOCK_SIZE)
418	return 0; /* bogus value */
419
420	while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
421	(out_arg++) = (in_arg++) ^ ivp[chunk];
422	chunk++, nbytes--;
423	}
424
425	EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
426	}
427
428	if (nbytes == 0)
429	return 1;
430
431	memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
432
433	if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
434	if (!padlock_ofb_encrypt(out_arg, in_arg, cdata, chunk))
435	return 0;
436	nbytes -= chunk;
437	}
438
439	if (nbytes) {
440	unsigned char *ivp = cdata->iv;
441
442	out_arg += chunk;
443	in_arg += chunk;
444	EVP_CIPHER_CTX_set_num(ctx, nbytes);
445	padlock_reload_key(); /* empirically found */
446	padlock_aes_block(ivp, ivp, cdata);
447	padlock_reload_key(); /* empirically found */
448	while (nbytes) {
449	(out_arg++) = (in_arg++) ^ *ivp;
450	ivp++, nbytes--;
451	}
452	}
453
454	memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
455
456	return 1;
457	}
458
459	static void padlock_ctr32_encrypt_glue(const unsigned char *in,
460	unsigned char *out, size_t blocks,
461	struct padlock_cipher_data *ctx,
462	const unsigned char *ivec)
463	{
464	memcpy(ctx->iv, ivec, AES_BLOCK_SIZE);
465	padlock_ctr32_encrypt(out, in, ctx, AES_BLOCK_SIZE * blocks);
466	}
467
468	static int
469	padlock_ctr_cipher(EVP_CIPHER_CTX ctx, unsigned char out_arg,
470	const unsigned char *in_arg, size_t nbytes)
471	{
472	struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
473	int n = EVP_CIPHER_CTX_get_num(ctx);
474	unsigned int num;
475
476	if (n < 0)
477	return 0;
478	num = (unsigned int)n;
479
480	CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes,
481	cdata, EVP_CIPHER_CTX_iv_noconst(ctx),
482	EVP_CIPHER_CTX_buf_noconst(ctx), &num,
483	(ctr128_f) padlock_ctr32_encrypt_glue);
484
485	EVP_CIPHER_CTX_set_num(ctx, (size_t)num);
486	return 1;
487	}
488
489	# define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
490	# define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
491	# define EVP_CIPHER_block_size_OFB 1
492	# define EVP_CIPHER_block_size_CFB 1
493	# define EVP_CIPHER_block_size_CTR 1
494
495	/*
496	* Declaring so many ciphers by hand would be a pain. Instead introduce a bit
497	* of preprocessor magic :-)
498	*/
499	# define DECLARE_AES_EVP(ksize,lmode,umode) \
500	static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
501	static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
502	{ \
503	if (_hidden_aes_##ksize##_##lmode == NULL \
504	&& ((_hidden_aes_##ksize##_##lmode = \
505	EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode, \
506	EVP_CIPHER_block_size_##umode, \
507	AES_KEY_SIZE_##ksize)) == NULL \
508	\|\| !EVP_CIPHER_meth_set_iv_length(_hidden_aes_##ksize##_##lmode, \
509	AES_BLOCK_SIZE) \
510	\|\| !EVP_CIPHER_meth_set_flags(_hidden_aes_##ksize##_##lmode, \
511	0 \| EVP_CIPH_##umode##_MODE) \
512	\|\| !EVP_CIPHER_meth_set_init(_hidden_aes_##ksize##_##lmode, \
513	padlock_aes_init_key) \
514	\|\| !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_##ksize##_##lmode, \
515	padlock_##lmode##_cipher) \
516	\|\| !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_##ksize##_##lmode, \
517	sizeof(struct padlock_cipher_data) + 16) \
518	\|\| !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_##ksize##_##lmode, \
519	EVP_CIPHER_set_asn1_iv) \
520	\|\| !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_##ksize##_##lmode, \
521	EVP_CIPHER_get_asn1_iv))) { \
522	EVP_CIPHER_meth_free(_hidden_aes_##ksize##_##lmode); \
523	_hidden_aes_##ksize##_##lmode = NULL; \
524	} \
525	return _hidden_aes_##ksize##_##lmode; \
526	}
527
528	DECLARE_AES_EVP(128, ecb, ECB)
529	DECLARE_AES_EVP(128, cbc, CBC)
530	DECLARE_AES_EVP(128, cfb, CFB)
531	DECLARE_AES_EVP(128, ofb, OFB)
532	DECLARE_AES_EVP(128, ctr, CTR)
533
534	DECLARE_AES_EVP(192, ecb, ECB)
535	DECLARE_AES_EVP(192, cbc, CBC)
536	DECLARE_AES_EVP(192, cfb, CFB)
537	DECLARE_AES_EVP(192, ofb, OFB)
538	DECLARE_AES_EVP(192, ctr, CTR)
539
540	DECLARE_AES_EVP(256, ecb, ECB)
541	DECLARE_AES_EVP(256, cbc, CBC)
542	DECLARE_AES_EVP(256, cfb, CFB)
543	DECLARE_AES_EVP(256, ofb, OFB)
544	DECLARE_AES_EVP(256, ctr, CTR)
545
546	static int
547	padlock_ciphers(ENGINE e, const EVP_CIPHER cipher, const int *nids,
548	int nid)
549	{
550	/* No specific cipher => return a list of supported nids ... */
551	if (!cipher) {
552	*nids = padlock_cipher_nids;
553	return padlock_cipher_nids_num;
554	}
555
556	/* ... or the requested "cipher" otherwise */
557	switch (nid) {
558	case NID_aes_128_ecb:
559	*cipher = padlock_aes_128_ecb();
560	break;
561	case NID_aes_128_cbc:
562	*cipher = padlock_aes_128_cbc();
563	break;
564	case NID_aes_128_cfb:
565	*cipher = padlock_aes_128_cfb();
566	break;
567	case NID_aes_128_ofb:
568	*cipher = padlock_aes_128_ofb();
569	break;
570	case NID_aes_128_ctr:
571	*cipher = padlock_aes_128_ctr();
572	break;
573
574	case NID_aes_192_ecb:
575	*cipher = padlock_aes_192_ecb();
576	break;
577	case NID_aes_192_cbc:
578	*cipher = padlock_aes_192_cbc();
579	break;
580	case NID_aes_192_cfb:
581	*cipher = padlock_aes_192_cfb();
582	break;
583	case NID_aes_192_ofb:
584	*cipher = padlock_aes_192_ofb();
585	break;
586	case NID_aes_192_ctr:
587	*cipher = padlock_aes_192_ctr();
588	break;
589
590	case NID_aes_256_ecb:
591	*cipher = padlock_aes_256_ecb();
592	break;
593	case NID_aes_256_cbc:
594	*cipher = padlock_aes_256_cbc();
595	break;
596	case NID_aes_256_cfb:
597	*cipher = padlock_aes_256_cfb();
598	break;
599	case NID_aes_256_ofb:
600	*cipher = padlock_aes_256_ofb();
601	break;
602	case NID_aes_256_ctr:
603	*cipher = padlock_aes_256_ctr();
604	break;
605
606	default:
607	/* Sorry, we don't support this NID */
608	*cipher = NULL;
609	return 0;
610	}
611
612	return 1;
613	}
614
615	/* Prepare the encryption key for PadLock usage */
616	static int
617	padlock_aes_init_key(EVP_CIPHER_CTX ctx, const unsigned char key,
618	const unsigned char *iv, int enc)
619	{
620	struct padlock_cipher_data *cdata;
621	int key_len = EVP_CIPHER_CTX_get_key_length(ctx) * 8;
622	unsigned long mode = EVP_CIPHER_CTX_get_mode(ctx);
623
624	if (key == NULL)
625	return 0; /* ERROR */
626
627	cdata = ALIGNED_CIPHER_DATA(ctx);
628	memset(cdata, 0, sizeof(*cdata));
629
630	/* Prepare Control word. */
631	if (mode == EVP_CIPH_OFB_MODE \|\| mode == EVP_CIPH_CTR_MODE)
632	cdata->cword.b.encdec = 0;
633	else
634	cdata->cword.b.encdec = (EVP_CIPHER_CTX_is_encrypting(ctx) == 0);
635	cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
636	cdata->cword.b.ksize = (key_len - 128) / 64;
637
638	switch (key_len) {
639	case 128:
640	/*
641	* PadLock can generate an extended key for AES128 in hardware
642	*/
643	memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
644	cdata->cword.b.keygen = 0;
645	break;
646
647	case 192:
648	case 256:
649	/*
650	* Generate an extended AES key in software. Needed for AES192/AES256
651	*/
652	/*
653	* Well, the above applies to Stepping 8 CPUs and is listed as
654	* hardware errata. They most likely will fix it at some point and
655	* then a check for stepping would be due here.
656	*/
657	if ((mode == EVP_CIPH_ECB_MODE \|\| mode == EVP_CIPH_CBC_MODE)
658	&& !enc)
659	AES_set_decrypt_key(key, key_len, &cdata->ks);
660	else
661	AES_set_encrypt_key(key, key_len, &cdata->ks);
662	/*
663	* OpenSSL C functions use byte-swapped extended key.
664	*/
665	padlock_key_bswap(&cdata->ks);
666	cdata->cword.b.keygen = 1;
667	break;
668
669	default:
670	/* ERROR */
671	return 0;
672	}
673
674	/*
675	* This is done to cover for cases when user reuses the
676	* context for new key. The catch is that if we don't do
677	* this, padlock_eas_cipher might proceed with old key...
678	*/
679	padlock_reload_key();
680
681	return 1;
682	}
683
684	/* ===== Random Number Generator ===== */
685	/*
686	* This code is not engaged. The reason is that it does not comply
687	* with recommendations for VIA RNG usage for secure applications
688	* (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
689	* provide meaningful error control...
690	*/
691	/*
692	* Wrapper that provides an interface between the API and the raw PadLock
693	* RNG
694	*/
695	static int padlock_rand_bytes(unsigned char *output, int count)
696	{
697	unsigned int eax, buf;
698
699	while (count >= 8) {
700	eax = padlock_xstore(output, 0);
701	if (!(eax & (1 << 6)))
702	return 0; /* RNG disabled */
703	/* this ---vv--- covers DC bias, Raw Bits and String Filter */
704	if (eax & (0x1F << 10))
705	return 0;
706	if ((eax & 0x1F) == 0)
707	continue; /* no data, retry... */
708	if ((eax & 0x1F) != 8)
709	return 0; /* fatal failure... */
710	output += 8;
711	count -= 8;
712	}
713	while (count > 0) {
714	eax = padlock_xstore(&buf, 3);
715	if (!(eax & (1 << 6)))
716	return 0; /* RNG disabled */
717	/* this ---vv--- covers DC bias, Raw Bits and String Filter */
718	if (eax & (0x1F << 10))
719	return 0;
720	if ((eax & 0x1F) == 0)
721	continue; /* no data, retry... */
722	if ((eax & 0x1F) != 1)
723	return 0; /* fatal failure... */
724	*output++ = (unsigned char)buf;
725	count--;
726	}
727	OPENSSL_cleanse(&buf, sizeof(buf));
728
729	return 1;
730	}
731
732	/* Dummy but necessary function */
733	static int padlock_rand_status(void)
734	{
735	return 1;
736	}
737
738	/* Prepare structure for registration */
739	static RAND_METHOD padlock_rand = {
740	NULL, /* seed */
741	padlock_rand_bytes, /* bytes */
742	NULL, /* cleanup */
743	NULL, /* add */
744	padlock_rand_bytes, /* pseudorand */
745	padlock_rand_status, /* rand status */
746	};
747
748	# endif /* COMPILE_PADLOCKENG */
749	#endif /* !OPENSSL_NO_PADLOCKENG */
750
751	#if defined(OPENSSL_NO_PADLOCKENG) \|\| !defined(COMPILE_PADLOCKENG)
752	# ifndef OPENSSL_NO_DYNAMIC_ENGINE
753	OPENSSL_EXPORT
754	int bind_engine(ENGINE e, const char id, const dynamic_fns *fns);
755	OPENSSL_EXPORT
756	int bind_engine(ENGINE e, const char id, const dynamic_fns *fns)
757	{
758	return 0;
759	}
760
761	IMPLEMENT_DYNAMIC_CHECK_FN()
762	# endif
763	#endif

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.1.7/engines/e_padlock.c@ 105945

以其他格式下載: