xref: /openbsd/lib/libcrypto/aes/aes_ige.c (revision 3bef86f7) 
1 /* $OpenBSD: aes_ige.c,v 1.9 2022/11/26 16:08:50 tb Exp $ */
2 /* ====================================================================
3  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * 3. All advertising materials mentioning features or use of this
18  *    software must display the following acknowledgment:
19  *    "This product includes software developed by the OpenSSL Project
20  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21  *
22  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23  *    endorse or promote products derived from this software without
24  *    prior written permission. For written permission, please contact
25  *    openssl-core@openssl.org.
26  *
27  * 5. Products derived from this software may not be called "OpenSSL"
28  *    nor may "OpenSSL" appear in their names without prior written
29  *    permission of the OpenSSL Project.
30  *
31  * 6. Redistributions of any form whatsoever must retain the following
32  *    acknowledgment:
33  *    "This product includes software developed by the OpenSSL Project
34  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35  *
36  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
40  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47  * OF THE POSSIBILITY OF SUCH DAMAGE.
48  * ====================================================================
49  *
50  */
51 
52 #include <openssl/aes.h>
53 #include <openssl/crypto.h>
54 
55 #include "aes_local.h"
56 
57 #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
58 typedef struct {
59 	unsigned long data[N_WORDS];
60 } aes_block_t;
61 
62 /* XXX: probably some better way to do this */
63 #if defined(__i386__) || defined(__x86_64__)
64 #define UNALIGNED_MEMOPS_ARE_FAST 1
65 #else
66 #define UNALIGNED_MEMOPS_ARE_FAST 0
67 #endif
68 
69 #if UNALIGNED_MEMOPS_ARE_FAST
70 #define load_block(d, s)        (d) = *(const aes_block_t *)(s)
71 #define store_block(d, s)       *(aes_block_t *)(d) = (s)
72 #else
73 #define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)
74 #define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)
75 #endif
76 
77 /* N.B. The IV for this mode is _twice_ the block size */
78 
79 void
80 AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length,
81     const AES_KEY *key, unsigned char *ivec, const int enc)
82 {
83 	size_t n;
84 	size_t len;
85 
86 	OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
87 
88 	len = length / AES_BLOCK_SIZE;
89 
90 	if (AES_ENCRYPT == enc) {
91 		if (in != out && (UNALIGNED_MEMOPS_ARE_FAST ||
92 		    ((size_t)in|(size_t)out|(size_t)ivec) %
93 		    sizeof(long) == 0)) {
94 			aes_block_t *ivp = (aes_block_t *)ivec;
95 			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
96 
97 			while (len) {
98 				aes_block_t *inp = (aes_block_t *)in;
99 				aes_block_t *outp = (aes_block_t *)out;
100 
101 				for (n = 0; n < N_WORDS; ++n)
102 					outp->data[n] = inp->data[n] ^ ivp->data[n];
103 				AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);
104 				for (n = 0; n < N_WORDS; ++n)
105 					outp->data[n] ^= iv2p->data[n];
106 				ivp = outp;
107 				iv2p = inp;
108 				--len;
109 				in += AES_BLOCK_SIZE;
110 				out += AES_BLOCK_SIZE;
111 			}
112 			memmove(ivec, ivp->data, AES_BLOCK_SIZE);
113 			memmove(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
114 		} else {
115 			aes_block_t tmp, tmp2;
116 			aes_block_t iv;
117 			aes_block_t iv2;
118 
119 			load_block(iv, ivec);
120 			load_block(iv2, ivec + AES_BLOCK_SIZE);
121 
122 			while (len) {
123 				load_block(tmp, in);
124 				for (n = 0; n < N_WORDS; ++n)
125 					tmp2.data[n] = tmp.data[n] ^ iv.data[n];
126 				AES_encrypt((unsigned char *)tmp2.data,
127 				    (unsigned char *)tmp2.data, key);
128 				for (n = 0; n < N_WORDS; ++n)
129 					tmp2.data[n] ^= iv2.data[n];
130 				store_block(out, tmp2);
131 				iv = tmp2;
132 				iv2 = tmp;
133 				--len;
134 				in += AES_BLOCK_SIZE;
135 				out += AES_BLOCK_SIZE;
136 			}
137 			memcpy(ivec, iv.data, AES_BLOCK_SIZE);
138 			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
139 		}
140 	} else {
141 		if (in != out && (UNALIGNED_MEMOPS_ARE_FAST ||
142 		    ((size_t)in|(size_t)out|(size_t)ivec) %
143 		    sizeof(long) == 0)) {
144 			aes_block_t *ivp = (aes_block_t *)ivec;
145 			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
146 
147 			while (len) {
148 				aes_block_t tmp;
149 				aes_block_t *inp = (aes_block_t *)in;
150 				aes_block_t *outp = (aes_block_t *)out;
151 
152 				for (n = 0; n < N_WORDS; ++n)
153 					tmp.data[n] = inp->data[n] ^ iv2p->data[n];
154 				AES_decrypt((unsigned char *)tmp.data,
155 				    (unsigned char *)outp->data, key);
156 				for (n = 0; n < N_WORDS; ++n)
157 					outp->data[n] ^= ivp->data[n];
158 				ivp = inp;
159 				iv2p = outp;
160 				--len;
161 				in += AES_BLOCK_SIZE;
162 				out += AES_BLOCK_SIZE;
163 			}
164 			memmove(ivec, ivp->data, AES_BLOCK_SIZE);
165 			memmove(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
166 		} else {
167 			aes_block_t tmp, tmp2;
168 			aes_block_t iv;
169 			aes_block_t iv2;
170 
171 			load_block(iv, ivec);
172 			load_block(iv2, ivec + AES_BLOCK_SIZE);
173 
174 			while (len) {
175 				load_block(tmp, in);
176 				tmp2 = tmp;
177 				for (n = 0; n < N_WORDS; ++n)
178 					tmp.data[n] ^= iv2.data[n];
179 				AES_decrypt((unsigned char *)tmp.data,
180 				    (unsigned char *)tmp.data, key);
181 				for (n = 0; n < N_WORDS; ++n)
182 					tmp.data[n] ^= iv.data[n];
183 				store_block(out, tmp);
184 				iv = tmp2;
185 				iv2 = tmp;
186 				--len;
187 				in += AES_BLOCK_SIZE;
188 				out += AES_BLOCK_SIZE;
189 			}
190 			memcpy(ivec, iv.data, AES_BLOCK_SIZE);
191 			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
192 		}
193 	}
194 }
195