Skip to content
GitLab
Find file Normal viewHistoryPermalink
e_padlock.c 31.7 KB
Newer Older
powelld's avatar
OpenSSL implementing mctls version 0.1
powelld committed
1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 
		allocated = (chunk<nbytes?PADLOCK_CHUNK:nbytes);
		out = alloca(0x10 + allocated);
		out = NEAREST_ALIGNED(out);
	}
	else
		out = out_arg;

	cdata = ALIGNED_CIPHER_DATA(ctx);
	padlock_verify_context(cdata);

	switch (EVP_CIPHER_CTX_mode(ctx)) {
	case EVP_CIPH_ECB_MODE:
		do	{
			if (inp_misaligned)
				inp = padlock_memcpy(out, in_arg, chunk);
			else
				inp = in_arg;
			in_arg += chunk;

			padlock_xcrypt_ecb(chunk/AES_BLOCK_SIZE, cdata, out, inp);

			if (out_misaligned)
				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
			else
				out     = out_arg+=chunk;

			nbytes -= chunk;
			chunk   = PADLOCK_CHUNK;
		} while (nbytes);
		break;

	case EVP_CIPH_CBC_MODE:
		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
		goto cbc_shortcut;
		do	{
			if (iv != cdata->iv)
				memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
			chunk = PADLOCK_CHUNK;
		cbc_shortcut: /* optimize for small input */
			if (inp_misaligned)
				inp = padlock_memcpy(out, in_arg, chunk);
			else
				inp = in_arg;
			in_arg += chunk;

			iv = padlock_xcrypt_cbc(chunk/AES_BLOCK_SIZE, cdata, out, inp);

			if (out_misaligned)
				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
			else
				out     = out_arg+=chunk;

		} while (nbytes -= chunk);
		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
		break;

	case EVP_CIPH_CFB_MODE:
		memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
		chunk &= ~(AES_BLOCK_SIZE-1);
		if (chunk)	goto cfb_shortcut;
		else		goto cfb_skiploop;
		do	{
			if (iv != cdata->iv)
				memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
			chunk = PADLOCK_CHUNK;
		cfb_shortcut: /* optimize for small input */
			if (inp_misaligned)
				inp = padlock_memcpy(out, in_arg, chunk);
			else
				inp = in_arg;
			in_arg += chunk;

			iv = padlock_xcrypt_cfb(chunk/AES_BLOCK_SIZE, cdata, out, inp);

			if (out_misaligned)
				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
			else
				out     = out_arg+=chunk;

			nbytes -= chunk;
		} while (nbytes >= AES_BLOCK_SIZE);

		cfb_skiploop:
		if (nbytes) {
			unsigned char *ivp = cdata->iv;

			if (iv != ivp) {
				memcpy(ivp, iv, AES_BLOCK_SIZE);
				iv = ivp;
			}
			ctx->num = nbytes;
			if (cdata->cword.b.encdec) {
				cdata->cword.b.encdec=0;
				padlock_reload_key();
				padlock_xcrypt_ecb(1,cdata,ivp,ivp);
				cdata->cword.b.encdec=1;
				padlock_reload_key();
				while(nbytes) {
					unsigned char c = *(in_arg++);
					*(out_arg++) = c ^ *ivp;
					*(ivp++) = c, nbytes--;
				}
			}
			else {	padlock_reload_key();
				padlock_xcrypt_ecb(1,cdata,ivp,ivp);
				padlock_reload_key();
				while (nbytes) {
					*ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
					ivp++, nbytes--;
				}
			}
		}

		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
		break;

	case EVP_CIPH_OFB_MODE:
		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
		chunk &= ~(AES_BLOCK_SIZE-1);
		if (chunk) do	{
			if (inp_misaligned)
				inp = padlock_memcpy(out, in_arg, chunk);
			else
				inp = in_arg;
			in_arg += chunk;

			padlock_xcrypt_ofb(chunk/AES_BLOCK_SIZE, cdata, out, inp);

			if (out_misaligned)
				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
			else
				out     = out_arg+=chunk;

			nbytes -= chunk;
			chunk   = PADLOCK_CHUNK;
		} while (nbytes >= AES_BLOCK_SIZE);

		if (nbytes) {
			unsigned char *ivp = cdata->iv;

			ctx->num = nbytes;
			padlock_reload_key();	/* empirically found */
			padlock_xcrypt_ecb(1,cdata,ivp,ivp);
			padlock_reload_key();	/* empirically found */
			while (nbytes) {
				*(out_arg++) = *(in_arg++) ^ *ivp;
				ivp++, nbytes--;
			}
		}

		memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
		break;

	default:
		return 0;
	}

	/* Clean the realign buffer if it was used */
	if (out_misaligned) {
		volatile unsigned long *p=(void *)out;
		size_t   n = allocated/sizeof(*p);
		while (n--) *p++=0;
	}

	memset(cdata->iv, 0, AES_BLOCK_SIZE);

	return 1;
}

#endif /* OPENSSL_NO_AES */

/* ===== Random Number Generator ===== */
/*
 * This code is not engaged. The reason is that it does not comply
 * with recommendations for VIA RNG usage for secure applications
 * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
 * provide meaningful error control...
 */
/* Wrapper that provides an interface between the API and 
   the raw PadLock RNG */
static int
padlock_rand_bytes(unsigned char *output, int count)
{
	unsigned int eax, buf;

	while (count >= 8) {
		eax = padlock_xstore(output, 0);
		if (!(eax&(1<<6)))	return 0; /* RNG disabled */
		/* this ---vv--- covers DC bias, Raw Bits and String Filter */
		if (eax&(0x1F<<10))	return 0;
		if ((eax&0x1F)==0)	continue; /* no data, retry... */
		if ((eax&0x1F)!=8)	return 0; /* fatal failure...  */
		output += 8;
		count  -= 8;
	}
	while (count > 0) {
		eax = padlock_xstore(&buf, 3);
		if (!(eax&(1<<6)))	return 0; /* RNG disabled */
		/* this ---vv--- covers DC bias, Raw Bits and String Filter */
		if (eax&(0x1F<<10))	return 0;
		if ((eax&0x1F)==0)	continue; /* no data, retry... */
		if ((eax&0x1F)!=1)	return 0; /* fatal failure...  */
		*output++ = (unsigned char)buf;
		count--;
	}
	*(volatile unsigned int *)&buf=0;

	return 1;
}

/* Dummy but necessary function */
static int
padlock_rand_status(void)
{
	return 1;
}

/* Prepare structure for registration */
static RAND_METHOD padlock_rand = {
	NULL,			/* seed */
	padlock_rand_bytes,	/* bytes */
	NULL,			/* cleanup */
	NULL,			/* add */
	padlock_rand_bytes,	/* pseudorand */
	padlock_rand_status,	/* rand status */
};

#else  /* !COMPILE_HW_PADLOCK */
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
OPENSSL_EXPORT
int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
IMPLEMENT_DYNAMIC_CHECK_FN()
#endif
#endif /* COMPILE_HW_PADLOCK */

#endif /* !OPENSSL_NO_HW_PADLOCK */
#endif /* !OPENSSL_NO_HW */
Show full blame