2 * Support for Intel AES-NI intruction set
3 * Author: Huang Ying <ying.huang@intel.com>
5 * Intel AES-NI is a new set of Single Instruction Multiple Data
6 * (SIMD) instructions that are going to be introduced in the next
7 * generation of Intel processor, as of 2009. These instructions
8 * enable fast and secure data encryption and decryption, using the
9 * Advanced Encryption Standard (AES), defined by FIPS Publication
10 * number 197. The architecture introduces six instructions that
11 * offer full hardware support for AES. Four of them support high
12 * performance data encryption and decryption, and the other two
13 * instructions support the AES key expansion procedure.
15 * The white paper can be downloaded from:
16 * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf
18 * This file is based on engines/e_padlock.c
21 /* ====================================================================
22 * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
24 * Redistribution and use in source and binary forms, with or without
25 * modification, are permitted provided that the following conditions
28 * 1. Redistributions of source code must retain the above copyright
29 * notice, this list of conditions and the following disclaimer.
31 * 2. Redistributions in binary form must reproduce the above copyright
32 * notice, this list of conditions and the following disclaimer in
33 * the documentation and/or other materials provided with the
36 * 3. All advertising materials mentioning features or use of this
37 * software must display the following acknowledgment:
38 * "This product includes software developed by the OpenSSL Project
39 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
41 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
42 * endorse or promote products derived from this software without
43 * prior written permission. For written permission, please contact
44 * licensing@OpenSSL.org.
46 * 5. Products derived from this software may not be called "OpenSSL"
47 * nor may "OpenSSL" appear in their names without prior written
48 * permission of the OpenSSL Project.
50 * 6. Redistributions of any form whatsoever must retain the following
52 * "This product includes software developed by the OpenSSL Project
53 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
55 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
56 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
57 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
58 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
59 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
60 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
61 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
62 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
63 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
64 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
65 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66 * OF THE POSSIBILITY OF SUCH DAMAGE.
67 * ====================================================================
69 * This product includes cryptographic software written by Eric Young
70 * (eay@cryptsoft.com). This product includes software written by Tim
71 * Hudson (tjh@cryptsoft.com).
76 #include <openssl/opensslconf.h>
78 #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES)
82 #include <openssl/dso.h>
83 #include <openssl/engine.h>
84 #include <openssl/evp.h>
85 #include <openssl/aes.h>
86 #include <openssl/err.h>
87 #include <openssl/modes.h>
89 /* AES-NI is available *ONLY* on some x86 CPUs. Not only that it
90 doesn't exist elsewhere, but it even can't be compiled on other
92 #undef COMPILE_HW_AESNI
93 #if (defined(__x86_64) || defined(__x86_64__) || \
94 defined(_M_AMD64) || defined(_M_X64) || \
95 defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM)
96 #define COMPILE_HW_AESNI
97 static ENGINE *ENGINE_aesni (void);
100 void ENGINE_load_aesni (void)
102 /* On non-x86 CPUs it just returns. */
103 #ifdef COMPILE_HW_AESNI
104 ENGINE *toadd = ENGINE_aesni();
113 #ifdef COMPILE_HW_AESNI
115 typedef unsigned int u32;
116 typedef unsigned char u8;
118 #if defined(__GNUC__) && __GNUC__>=2 && !defined(PEDANTIC)
119 # define BSWAP4(x) ({ u32 ret=(x); \
120 asm volatile ("bswapl %0" \
121 : "+r"(ret)); ret; })
122 #elif defined(_MSC_VER)
124 # pragma intrinsic(_byteswap_ulong)
125 # define BSWAP4(x) _byteswap_ulong((u32)(x))
126 # elif defined(_M_IX86)
127 __inline u32 _bswap4(u32 val) {
131 # define BSWAP4(x) _bswap4(x)
136 #define GETU32(p) BSWAP4(*(const u32 *)(p))
137 #define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v)
139 #define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
140 #define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
143 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
145 int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
148 void aesni_encrypt(const unsigned char *in, unsigned char *out,
150 void aesni_decrypt(const unsigned char *in, unsigned char *out,
153 void aesni_ecb_encrypt(const unsigned char *in,
158 void aesni_cbc_encrypt(const unsigned char *in,
162 unsigned char *ivec, int enc);
164 void aesni_ctr32_encrypt_blocks(const unsigned char *in,
168 const unsigned char *ivec);
170 /* Function for ENGINE detection and control */
171 static int aesni_init(ENGINE *e);
174 static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
175 const int **nids, int nid);
177 #define AESNI_MIN_ALIGN 16
178 #define AESNI_ALIGN(x) \
179 ((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1)))
182 static const char aesni_id[] = "aesni",
183 aesni_name[] = "Intel AES-NI engine",
184 no_aesni_name[] = "Intel AES-NI engine (no-aesni)";
186 /* ===== Engine "management" functions ===== */
188 /* Prepare the ENGINE structure for registration */
190 aesni_bind_helper(ENGINE *e)
192 int engage = (OPENSSL_ia32cap_P[1] & (1 << (57-32))) != 0;
194 /* Register everything or return with an error */
195 if (!ENGINE_set_id(e, aesni_id) ||
196 !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) ||
198 !ENGINE_set_init_function(e, aesni_init) ||
199 (engage && !ENGINE_set_ciphers (e, aesni_ciphers))
203 /* Everything looks good */
211 ENGINE *eng = ENGINE_new();
217 if (!aesni_bind_helper(eng)) {
225 /* Check availability of the engine */
227 aesni_init(ENGINE *e)
232 #if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
233 #define NID_aes_128_cfb NID_aes_128_cfb128
236 #if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
237 #define NID_aes_128_ofb NID_aes_128_ofb128
240 #if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
241 #define NID_aes_192_cfb NID_aes_192_cfb128
244 #if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
245 #define NID_aes_192_ofb NID_aes_192_ofb128
248 #if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
249 #define NID_aes_256_cfb NID_aes_256_cfb128
252 #if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
253 #define NID_aes_256_ofb NID_aes_256_ofb128
256 /* List of supported ciphers. */
257 static int aesni_cipher_nids[] = {
276 static int aesni_cipher_nids_num =
277 (sizeof(aesni_cipher_nids)/sizeof(aesni_cipher_nids[0]));
282 unsigned int _pad1[3];
286 aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key,
287 const unsigned char *iv, int enc)
290 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
292 if (((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_ECB_MODE
293 || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CBC_MODE)
295 ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key);
297 ret=aesni_set_encrypt_key(user_key, ctx->key_len * 8, key);
300 EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
304 if (ctx->cipher->flags&EVP_CIPH_CUSTOM_IV)
307 memcpy (ctx->iv,iv,ctx->cipher->iv_len);
309 EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_IV_SETUP_FAILED);
317 static int aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out,
318 const unsigned char *in, size_t inl)
319 { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
320 aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt);
323 static int aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out,
324 const unsigned char *in, size_t inl)
325 { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
326 aesni_cbc_encrypt(in, out, inl, key,
327 ctx->iv, ctx->encrypt);
330 static int aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out,
331 const unsigned char *in, size_t inl)
332 { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
333 CRYPTO_cfb128_encrypt(in, out, inl, key, ctx->iv,
334 &ctx->num, ctx->encrypt,
335 (block128_f)aesni_encrypt);
338 static int aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out,
339 const unsigned char *in, size_t inl)
340 { AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
341 CRYPTO_ofb128_encrypt(in, out, inl, key, ctx->iv,
342 &ctx->num, (block128_f)aesni_encrypt);
346 #define AES_BLOCK_SIZE 16
348 #define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
349 #define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
350 #define EVP_CIPHER_block_size_OFB 1
351 #define EVP_CIPHER_block_size_CFB 1
353 /* Declaring so many ciphers by hand would be a pain.
354 Instead introduce a bit of preprocessor magic :-) */
355 #define DECLARE_AES_EVP(ksize,lmode,umode) \
356 static const EVP_CIPHER aesni_##ksize##_##lmode = { \
357 NID_aes_##ksize##_##lmode, \
358 EVP_CIPHER_block_size_##umode, \
361 0 | EVP_CIPH_##umode##_MODE, \
363 aesni_cipher_##lmode, \
366 EVP_CIPHER_set_asn1_iv, \
367 EVP_CIPHER_get_asn1_iv, \
372 DECLARE_AES_EVP(128,ecb,ECB);
373 DECLARE_AES_EVP(128,cbc,CBC);
374 DECLARE_AES_EVP(128,cfb,CFB);
375 DECLARE_AES_EVP(128,ofb,OFB);
377 DECLARE_AES_EVP(192,ecb,ECB);
378 DECLARE_AES_EVP(192,cbc,CBC);
379 DECLARE_AES_EVP(192,cfb,CFB);
380 DECLARE_AES_EVP(192,ofb,OFB);
382 DECLARE_AES_EVP(256,ecb,ECB);
383 DECLARE_AES_EVP(256,cbc,CBC);
384 DECLARE_AES_EVP(256,cfb,CFB);
385 DECLARE_AES_EVP(256,ofb,OFB);
388 static void ctr96_inc(unsigned char *counter) {
402 static int aesni_counter(EVP_CIPHER_CTX *ctx, unsigned char *out,
403 const unsigned char *in, size_t len)
405 AES_KEY *key = AESNI_ALIGN(ctx->cipher_data);
407 CRYPTO_ctr128_encrypt_ctr32(in,out,len,key,
408 ctx->iv,ctx->buf,(unsigned int *)&ctx->num,
409 aesni_ctr32_encrypt_blocks);
413 static const EVP_CIPHER aesni_128_ctr=
415 NID_aes_128_ctr,1,16,16,
427 static const EVP_CIPHER aesni_192_ctr=
429 NID_aes_192_ctr,1,24,16,
441 static const EVP_CIPHER aesni_256_ctr=
443 NID_aes_256_ctr,1,32,16,
456 aesni_ciphers (ENGINE *e, const EVP_CIPHER **cipher,
457 const int **nids, int nid)
459 /* No specific cipher => return a list of supported nids ... */
461 *nids = aesni_cipher_nids;
462 return aesni_cipher_nids_num;
465 /* ... or the requested "cipher" otherwise */
467 case NID_aes_128_ecb:
468 *cipher = &aesni_128_ecb;
470 case NID_aes_128_cbc:
471 *cipher = &aesni_128_cbc;
473 case NID_aes_128_cfb:
474 *cipher = &aesni_128_cfb;
476 case NID_aes_128_ofb:
477 *cipher = &aesni_128_ofb;
479 case NID_aes_128_ctr:
480 *cipher = &aesni_128_ctr;
483 case NID_aes_192_ecb:
484 *cipher = &aesni_192_ecb;
486 case NID_aes_192_cbc:
487 *cipher = &aesni_192_cbc;
489 case NID_aes_192_cfb:
490 *cipher = &aesni_192_cfb;
492 case NID_aes_192_ofb:
493 *cipher = &aesni_192_ofb;
495 case NID_aes_192_ctr:
496 *cipher = &aesni_192_ctr;
499 case NID_aes_256_ecb:
500 *cipher = &aesni_256_ecb;
502 case NID_aes_256_cbc:
503 *cipher = &aesni_256_cbc;
505 case NID_aes_256_cfb:
506 *cipher = &aesni_256_cfb;
508 case NID_aes_256_ofb:
509 *cipher = &aesni_256_ofb;
511 case NID_aes_256_ctr:
512 *cipher = &aesni_256_ctr;
516 /* Sorry, we don't support this NID */
524 #endif /* COMPILE_HW_AESNI */
525 #endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */