1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 #ifndef _RIJNDAEL_H_ 6 #define _RIJNDAEL_H_ 1 7 8 #include "blapii.h" 9 #include <stdint.h> 10 11 #if defined(NSS_X86_OR_X64) 12 /* GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 */ 13 #if !defined(__clang__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && \ 14 (__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ <= 8)) 15 #pragma GCC push_options 16 #pragma GCC target("sse2") 17 #undef NSS_DISABLE_SSE2 18 #define NSS_DISABLE_SSE2 1 19 #endif /* GCC <= 4.8 */ 20 21 #include <emmintrin.h> /* __m128i */ 22 23 #ifdef NSS_DISABLE_SSE2 24 #undef NSS_DISABLE_SSE2 25 #pragma GCC pop_options 26 #endif /* NSS_DISABLE_SSE2 */ 27 #endif 28 29 typedef void AESBlockFunc(AESContext *cx, 30 unsigned char *output, 31 const unsigned char *input); 32 33 /* RIJNDAEL_NUM_ROUNDS 34 * 35 * Number of rounds per execution 36 * Nk - number of key bytes 37 * Nb - blocksize (in bytes) 38 */ 39 #define RIJNDAEL_NUM_ROUNDS(Nk, Nb) \ 40 (PR_MAX(Nk, Nb) + 6) 41 42 /* 43 * This magic number is (Nb_max * (Nr_max + 1)) 44 * where Nb_max is the maximum block size in 32-bit words, 45 * Nr_max is the maximum number of rounds, which is Nb_max + 6 46 */ 47 #define RIJNDAEL_MAX_EXP_KEY_SIZE (4 * 15) 48 49 /* AESContextStr 50 * 51 * Values which maintain the state for Rijndael encryption/decryption. 52 * 53 * keySchedule - 128-bit registers for the key-schedule 54 * iv - initialization vector for CBC mode 55 * Nb - the number of bytes in a block, specified by user 56 * Nr - the number of rounds, specified by a table 57 * expandedKey - the round keys in 4-byte words, the length is Nr * Nb 58 * worker - the encryption/decryption function to use with worker_cx 59 * destroy - if not NULL, the destroy function to use with worker_cx 60 * worker_cx - the context for worker and destroy 61 * isBlock - is the mode of operation a block cipher or a stream cipher? 62 */ 63 struct AESContextStr { 64 /* NOTE: Offsets to members in this struct are hardcoded in assembly. 65 * Don't change the struct without updating intel-aes.s and intel-gcm.s. */ 66 union { 67 #if defined(NSS_X86_OR_X64) 68 __m128i keySchedule[15]; 69 #endif 70 PRUint32 expandedKey[RIJNDAEL_MAX_EXP_KEY_SIZE]; 71 }; 72 unsigned int Nb; 73 unsigned int Nr; 74 freeblCipherFunc worker; 75 unsigned char iv[AES_BLOCK_SIZE]; 76 freeblDestroyFunc destroy; 77 void *worker_cx; 78 PRBool isBlock; 79 int mode; 80 void *mem; /* Start of the allocated memory to free. */ 81 }; 82 83 #endif /* _RIJNDAEL_H_ */ 84