1 /* This Source Code Form is subject to the terms of the Mozilla Public
2  * License, v. 2.0. If a copy of the MPL was not distributed with this
3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 
5 #ifndef _RIJNDAEL_H_
6 #define _RIJNDAEL_H_ 1
7 
8 #include "blapii.h"
9 #include <stdint.h>
10 
11 #if defined(NSS_X86_OR_X64)
12 /* GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 */
13 #if !defined(__clang__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && \
14     (__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
15 #pragma GCC push_options
16 #pragma GCC target("sse2")
17 #undef NSS_DISABLE_SSE2
18 #define NSS_DISABLE_SSE2 1
19 #endif /* GCC <= 4.8 */
20 
21 #include <emmintrin.h> /* __m128i */
22 
23 #ifdef NSS_DISABLE_SSE2
24 #undef NSS_DISABLE_SSE2
25 #pragma GCC pop_options
26 #endif /* NSS_DISABLE_SSE2 */
27 #endif
28 
29 /* RIJNDAEL_NUM_ROUNDS
30  *
31  * Number of rounds per execution
32  * Nk - number of key bytes
33  * Nb - blocksize (in bytes)
34  */
35 #define RIJNDAEL_NUM_ROUNDS(Nk, Nb) \
36     (PR_MAX(Nk, Nb) + 6)
37 
38 /*
39  * This magic number is (Nb_max * (Nr_max + 1))
40  * where Nb_max is the maximum block size in 32-bit words,
41  *       Nr_max is the maximum number of rounds, which is Nb_max + 6
42  */
43 #define RIJNDAEL_MAX_EXP_KEY_SIZE (4 * 15)
44 
45 /* AESContextStr
46  *
47  * Values which maintain the state for Rijndael encryption/decryption.
48  *
49  * keySchedule - 128-bit registers for the key-schedule
50  * iv          - initialization vector for CBC mode
51  * Nb          - the number of bytes in a block, specified by user
52  * Nr          - the number of rounds, specified by a table
53  * expandedKey - the round keys in 4-byte words, the length is Nr * Nb
54  * worker      - the encryption/decryption function to use with worker_cx
55  * destroy     - if not NULL, the destroy function to use with worker_cx
56  * worker_cx   - the context for worker and destroy
57  * isBlock     - is the mode of operation a block cipher or a stream cipher?
58  */
59 struct AESContextStr {
60     /* NOTE: Offsets to members in this struct are hardcoded in assembly.
61      * Don't change the struct without updating intel-aes.s and intel-gcm.s. */
62     union {
63 #if defined(NSS_X86_OR_X64)
64         __m128i keySchedule[15];
65 #endif
66         PRUint32 expandedKey[RIJNDAEL_MAX_EXP_KEY_SIZE];
67     } k;
68     unsigned int Nb;
69     unsigned int Nr;
70     freeblCipherFunc worker;
71     unsigned char iv[AES_BLOCK_SIZE];
72     freeblAeadFunc worker_aead;
73     freeblDestroyFunc destroy;
74     void *worker_cx;
75     PRBool isBlock;
76     int mode;
77     void *mem; /* Start of the allocated memory to free. */
78 };
79 
80 #endif /* _RIJNDAEL_H_ */
81