2 * Support for Intel AES-NI intruction set
3 * Author: Huang Ying <ying.huang@intel.com>
5 * Intel AES-NI is a new set of Single Instruction Multiple Data
6 * (SIMD) instructions that are going to be introduced in the next
7 * generation of Intel processor, as of 2009. These instructions
8 * enable fast and secure data encryption and decryption, using the
9 * Advanced Encryption Standard (AES), defined by FIPS Publication
10 * number 197. The architecture introduces six instructions that
11 * offer full hardware support for AES. Four of them support high
12 * performance data encryption and decryption, and the other two
13 * instructions support the AES key expansion procedure.
15 * The white paper can be downloaded from:
16 * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
18 * This file is based on engines/e_padlock.c
21 /* ====================================================================
22 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
24 * Redistribution and use in source and binary forms, with or without
25 * modification, are permitted provided that the following conditions
28 * 1. Redistributions of source code must retain the above copyright
29 * notice, this list of conditions and the following disclaimer.
31 * 2. Redistributions in binary form must reproduce the above copyright
32 * notice, this list of conditions and the following disclaimer in
33 * the documentation and/or other materials provided with the
36 * 3. All advertising materials mentioning features or use of this
37 * software must display the following acknowledgment:
38 * "This product includes software developed by the OpenSSL Project
39 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
41 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
42 * endorse or promote products derived from this software without
43 * prior written permission. For written permission, please contact
44 * licensing@OpenSSL.org.
46 * 5. Products derived from this software may not be called "OpenSSL"
47 * nor may "OpenSSL" appear in their names without prior written
48 * permission of the OpenSSL Project.
50 * 6. Redistributions of any form whatsoever must retain the following
52 * "This product includes software developed by the OpenSSL Project
53 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
55 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
56 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
58 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
59 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
60 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
61 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
62 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
65 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66 * OF THE POSSIBILITY OF SUCH DAMAGE.
67 * ====================================================================
69 * This product includes cryptographic software written by Eric Young
70 * (eay@cryptsoft.com). This product includes software written by Tim
71 * Hudson (tjh@cryptsoft.com).
76 #include <openssl/opensslconf.h>
78 #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES)
82 #include <openssl/dso.h>
83 #include <openssl/engine.h>
84 #include <openssl/evp.h>
85 #include <openssl/aes.h>
86 #include <openssl/err.h>
87 #include <openssl/modes.h>
89 /* AES-NI is available *ONLY* on some x86 CPUs. Not only that it
90 doesn't exist elsewhere, but it even can't be compiled on other
92 #undef COMPILE_HW_AESNI
93 #if (defined(__x86_64) || defined(__x86_64__) || \
94 defined(_M_AMD64) || defined(_M_X64) || \
95 defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM)
96 #define COMPILE_HW_AESNI
97 static ENGINE *ENGINE_aesni (void);
100 void ENGINE_load_aesni (void)
102 /* On non-x86 CPUs it just returns. */
103 #ifdef COMPILE_HW_AESNI
104 ENGINE *toadd = ENGINE_aesni();
113 #ifdef COMPILE_HW_AESNI
114 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
116 int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
119 void aesni_encrypt(const unsigned char *in, unsigned char *out,
121 void aesni_decrypt(const unsigned char *in, unsigned char *out,
124 void aesni_ecb_encrypt(const unsigned char *in,
129 void aesni_cbc_encrypt(const unsigned char *in,
133 unsigned char *ivec, int enc);
135 /* Function for ENGINE detection and control */
136 static int aesni_init(ENGINE *e);
139 static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
140 const int **nids, int nid);
142 #define AESNI_MIN_ALIGN 16
143 #define AESNI_ALIGN(x) \
144 ((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1)))
147 static const char aesni_id[] = "aesni",
148 aesni_name[] = "Intel AES-NI engine",
149 no_aesni_name[] = "Intel AES-NI engine (no-aesni)";
151 /* ===== Engine "management" functions ===== */
153 /* Prepare the ENGINE structure for registration */
155 aesni_bind_helper(ENGINE *e)
157 int engage = (OPENSSL_ia32cap_P[1] & (1 << (57-32))) != 0;
159 /* Register everything or return with an error */
160 if (!ENGINE_set_id(e, aesni_id) ||
161 !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) ||
163 !ENGINE_set_init_function(e, aesni_init) ||
164 (engage && !ENGINE_set_ciphers (e, aesni_ciphers))
168 /* Everything looks good */
176 ENGINE *eng = ENGINE_new();
182 if (!aesni_bind_helper(eng)) {
190 /* Check availability of the engine */
192 aesni_init(ENGINE *e)
197 #if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
198 #define NID_aes_128_cfb NID_aes_128_cfb128
201 #if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
202 #define NID_aes_128_ofb NID_aes_128_ofb128
205 #if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
206 #define NID_aes_192_cfb NID_aes_192_cfb128
209 #if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
210 #define NID_aes_192_ofb NID_aes_192_ofb128
213 #if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
214 #define NID_aes_256_cfb NID_aes_256_cfb128
217 #if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
218 #define NID_aes_256_ofb NID_aes_256_ofb128
221 /* List of supported ciphers. */
222 static int aesni_cipher_nids[] = {
238 static int aesni_cipher_nids_num =
239 (sizeof(aesni_cipher_nids)/sizeof(aesni_cipher_nids[0]));
244 unsigned int _pad1[3];
248 aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
249 const unsigned char *iv, int enc)
252 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
254 if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
255 || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
257 ret=aesni_set_encrypt_key(user_key, ctx->key_len * 8, key);
259 ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
262 EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
269 static int aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
270 const unsigned char *in, size_t inl)
271 { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
272 aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt);
275 static int aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
276 const unsigned char *in, size_t inl)
277 { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
278 aesni_cbc_encrypt(in, out, inl, key,
279 ctx->iv, ctx->encrypt);
282 static int aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
283 const unsigned char *in, size_t inl)
284 { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
285 CRYPTO_cfb128_encrypt(in, out, inl, key, ctx->iv,
286 &ctx->num, ctx->encrypt,
287 (block128_f)aesni_encrypt);
290 static int aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
291 const unsigned char *in, size_t inl)
292 { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
293 CRYPTO_ofb128_encrypt(in, out, inl, key, ctx->iv,
294 &ctx->num, (block128_f)aesni_encrypt);
298 #define AES_BLOCK_SIZE 16
300 #define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
301 #define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
302 #define EVP_CIPHER_block_size_OFB 1
303 #define EVP_CIPHER_block_size_CFB 1
305 /* Declaring so many ciphers by hand would be a pain.
306 Instead introduce a bit of preprocessor magic :-) */
307 #define DECLARE_AES_EVP(ksize,lmode,umode) \
308 static const EVP_CIPHER aesni_##ksize##_##lmode = { \
309 NID_aes_##ksize##_##lmode, \
310 EVP_CIPHER_block_size_##umode, \
313 0 | EVP_CIPH_##umode##_MODE, \
315 aesni_cipher_##lmode, \
318 EVP_CIPHER_set_asn1_iv, \
319 EVP_CIPHER_get_asn1_iv, \
324 DECLARE_AES_EVP(128,ecb,ECB);
325 DECLARE_AES_EVP(128,cbc,CBC);
326 DECLARE_AES_EVP(128,cfb,CFB);
327 DECLARE_AES_EVP(128,ofb,OFB);
329 DECLARE_AES_EVP(192,ecb,ECB);
330 DECLARE_AES_EVP(192,cbc,CBC);
331 DECLARE_AES_EVP(192,cfb,CFB);
332 DECLARE_AES_EVP(192,ofb,OFB);
334 DECLARE_AES_EVP(256,ecb,ECB);
335 DECLARE_AES_EVP(256,cbc,CBC);
336 DECLARE_AES_EVP(256,cfb,CFB);
337 DECLARE_AES_EVP(256,ofb,OFB);
340 aesni_ciphers (ENGINE *e, const EVP_CIPHER **cipher,
341 const int **nids, int nid)
343 /* No specific cipher => return a list of supported nids ... */
345 *nids = aesni_cipher_nids;
346 return aesni_cipher_nids_num;
349 /* ... or the requested "cipher" otherwise */
351 case NID_aes_128_ecb:
352 *cipher = &aesni_128_ecb;
354 case NID_aes_128_cbc:
355 *cipher = &aesni_128_cbc;
357 case NID_aes_128_cfb:
358 *cipher = &aesni_128_cfb;
360 case NID_aes_128_ofb:
361 *cipher = &aesni_128_ofb;
364 case NID_aes_192_ecb:
365 *cipher = &aesni_192_ecb;
367 case NID_aes_192_cbc:
368 *cipher = &aesni_192_cbc;
370 case NID_aes_192_cfb:
371 *cipher = &aesni_192_cfb;
373 case NID_aes_192_ofb:
374 *cipher = &aesni_192_ofb;
377 case NID_aes_256_ecb:
378 *cipher = &aesni_256_ecb;
380 case NID_aes_256_cbc:
381 *cipher = &aesni_256_cbc;
383 case NID_aes_256_cfb:
384 *cipher = &aesni_256_cfb;
386 case NID_aes_256_ofb:
387 *cipher = &aesni_256_ofb;
391 /* Sorry, we don't support this NID */
399 #endif /* COMPILE_HW_AESNI */
400 #endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */