xref: /src/crypto/openssl/include/crypto/aes_platform.h (revision f25b8c9fb4f58cf61adb47d7570abe7caa6d385d) 
1 /*
2  * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #ifndef OSSL_AES_PLATFORM_H
11 #define OSSL_AES_PLATFORM_H
12 #pragma once
13 
14 #include <openssl/aes.h>
15 
16 #ifdef VPAES_ASM
17 int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
18     AES_KEY *key);
19 int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
20     AES_KEY *key);
21 void vpaes_encrypt(const unsigned char *in, unsigned char *out,
22     const AES_KEY *key);
23 void vpaes_decrypt(const unsigned char *in, unsigned char *out,
24     const AES_KEY *key);
25 void vpaes_cbc_encrypt(const unsigned char *in,
26     unsigned char *out,
27     size_t length,
28     const AES_KEY *key, unsigned char *ivec, int enc);
29 #endif /* VPAES_ASM */
30 
31 #ifdef BSAES_ASM
32 void ossl_bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
33     size_t length, const AES_KEY *key,
34     unsigned char ivec[16], int enc);
35 void ossl_bsaes_ctr32_encrypt_blocks(const unsigned char *in,
36     unsigned char *out, size_t len,
37     const AES_KEY *key,
38     const unsigned char ivec[16]);
39 void ossl_bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
40     size_t len, const AES_KEY *key1,
41     const AES_KEY *key2, const unsigned char iv[16]);
42 void ossl_bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
43     size_t len, const AES_KEY *key1,
44     const AES_KEY *key2, const unsigned char iv[16]);
45 #endif /* BSAES_ASM */
46 
47 #ifdef AES_CTR_ASM
48 void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
49     size_t blocks, const AES_KEY *key,
50     const unsigned char ivec[AES_BLOCK_SIZE]);
51 #endif /*  AES_CTR_ASM */
52 
53 #ifdef AES_XTS_ASM
54 void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
55     const AES_KEY *key1, const AES_KEY *key2,
56     const unsigned char iv[16]);
57 void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
58     const AES_KEY *key1, const AES_KEY *key2,
59     const unsigned char iv[16]);
60 #endif /* AES_XTS_ASM */
61 
62 #if defined(OPENSSL_CPUID_OBJ)
63 #if (defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC))
64 #include "crypto/ppc_arch.h"
65 #ifdef VPAES_ASM
66 #define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
67 #endif
68 #if !defined(OPENSSL_SYS_MACOSX)
69 #define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207)
70 #define HWAES_set_encrypt_key aes_p8_set_encrypt_key
71 #define HWAES_set_decrypt_key aes_p8_set_decrypt_key
72 #define HWAES_encrypt aes_p8_encrypt
73 #define HWAES_decrypt aes_p8_decrypt
74 #define HWAES_cbc_encrypt aes_p8_cbc_encrypt
75 #define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
76 #define HWAES_xts_encrypt aes_p8_xts_encrypt
77 #define HWAES_xts_decrypt aes_p8_xts_decrypt
78 #endif /* OPENSSL_SYS_MACOSX */
79 #if !defined(OPENSSL_SYS_AIX) && !defined(OPENSSL_SYS_MACOSX)
80 #define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300)
81 #define AES_GCM_ENC_BYTES 128
82 #define AES_GCM_DEC_BYTES 128
83 size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
84     size_t len, const void *key, unsigned char ivec[16],
85     u64 *Xi);
86 size_t ppc_aes_gcm_decrypt(const unsigned char *in, unsigned char *out,
87     size_t len, const void *key, unsigned char ivec[16],
88     u64 *Xi);
89 #define AES_GCM_ASM_PPC(gctx) ((gctx)->ctr == aes_p8_ctr32_encrypt_blocks && (gctx)->gcm.funcs.ghash == gcm_ghash_p8)
90 void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len);
91 #endif /* OPENSSL_SYS_AIX || OPENSSL_SYS_MACOSX */
92 #endif /* PPC */
93 
94 #if (defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(_M_ARM64))
95 #include "arm_arch.h"
96 #if __ARM_MAX_ARCH__ >= 7
97 #if defined(BSAES_ASM)
98 #define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
99 #endif
100 #if defined(VPAES_ASM)
101 #define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
102 #endif
103 #define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
104 #define HWAES_set_encrypt_key aes_v8_set_encrypt_key
105 #define HWAES_set_decrypt_key aes_v8_set_decrypt_key
106 #define HWAES_encrypt aes_v8_encrypt
107 #define HWAES_decrypt aes_v8_decrypt
108 #define HWAES_cbc_encrypt aes_v8_cbc_encrypt
109 #define HWAES_ecb_encrypt aes_v8_ecb_encrypt
110 #if __ARM_MAX_ARCH__ >= 8 && (defined(__aarch64__) || defined(_M_ARM64))
111 #define ARMv8_HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
112 #define HWAES_xts_encrypt aes_v8_xts_encrypt
113 #define HWAES_xts_decrypt aes_v8_xts_decrypt
114 #endif
115 #define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
116 #define HWAES_ctr32_encrypt_blocks_unroll12_eor3 aes_v8_ctr32_encrypt_blocks_unroll12_eor3
117 #define AES_PMULL_CAPABLE ((OPENSSL_armcap_P & ARMV8_PMULL) && (OPENSSL_armcap_P & ARMV8_AES))
118 #define AES_UNROLL12_EOR3_CAPABLE (OPENSSL_armcap_P & ARMV8_UNROLL12_EOR3)
119 #define AES_GCM_ENC_BYTES 512
120 #define AES_GCM_DEC_BYTES 512
121 #if __ARM_MAX_ARCH__ >= 8 && (defined(__aarch64__) || defined(_M_ARM64))
122 #define AES_gcm_encrypt armv8_aes_gcm_encrypt
123 #define AES_gcm_decrypt armv8_aes_gcm_decrypt
124 #define AES_GCM_ASM(gctx) (((gctx)->ctr == aes_v8_ctr32_encrypt_blocks_unroll12_eor3 || (gctx)->ctr == aes_v8_ctr32_encrypt_blocks) && (gctx)->gcm.funcs.ghash == gcm_ghash_v8)
125 /* The [unroll8_eor3_]aes_gcm_(enc|dec)_(128|192|256)_kernel() functions
126  * take input length in BITS and return number of BYTES processed */
127 size_t aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
128     uint64_t *Xi, unsigned char ivec[16], const void *key);
129 size_t aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
130     uint64_t *Xi, unsigned char ivec[16], const void *key);
131 size_t aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
132     uint64_t *Xi, unsigned char ivec[16], const void *key);
133 size_t aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
134     uint64_t *Xi, unsigned char ivec[16], const void *key);
135 size_t aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
136     uint64_t *Xi, unsigned char ivec[16], const void *key);
137 size_t aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
138     uint64_t *Xi, unsigned char ivec[16], const void *key);
139 size_t unroll8_eor3_aes_gcm_enc_128_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
140     uint64_t *Xi, unsigned char ivec[16], const void *key);
141 size_t unroll8_eor3_aes_gcm_enc_192_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
142     uint64_t *Xi, unsigned char ivec[16], const void *key);
143 size_t unroll8_eor3_aes_gcm_enc_256_kernel(const uint8_t *plaintext, uint64_t plaintext_length, uint8_t *ciphertext,
144     uint64_t *Xi, unsigned char ivec[16], const void *key);
145 size_t unroll8_eor3_aes_gcm_dec_128_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
146     uint64_t *Xi, unsigned char ivec[16], const void *key);
147 size_t unroll8_eor3_aes_gcm_dec_192_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
148     uint64_t *Xi, unsigned char ivec[16], const void *key);
149 size_t unroll8_eor3_aes_gcm_dec_256_kernel(const uint8_t *ciphertext, uint64_t plaintext_length, uint8_t *plaintext,
150     uint64_t *Xi, unsigned char ivec[16], const void *key);
151 size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key,
152     unsigned char ivec[16], u64 *Xi);
153 size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len, const void *key,
154     unsigned char ivec[16], u64 *Xi);
155 void gcm_ghash_v8(u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len);
156 #endif
157 #endif
158 #endif
159 #endif /* OPENSSL_CPUID_OBJ */
160 
161 #if defined(AES_ASM) && (defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64))
162 #define AES_CBC_HMAC_SHA_CAPABLE 1
163 #define AESNI_CBC_HMAC_SHA_CAPABLE (OPENSSL_ia32cap_P[1] & (1 << (57 - 32)))
164 #endif
165 
166 #if defined(__loongarch__) || defined(__loongarch64)
167 #include "loongarch_arch.h"
168 #if defined(VPAES_ASM)
169 #define VPAES_CAPABLE (OPENSSL_loongarch_hwcap_P & LOONGARCH_HWCAP_LSX)
170 #endif
171 #endif
172 
173 #if defined(AES_ASM) && !defined(I386_ONLY) && (((defined(__i386) || defined(__i386__) || defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2)) || defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64))
174 
175 /* AES-NI section */
176 
177 #define AESNI_CAPABLE (OPENSSL_ia32cap_P[1] & (1 << (57 - 32)))
178 #ifdef VPAES_ASM
179 #define VPAES_CAPABLE (OPENSSL_ia32cap_P[1] & (1 << (41 - 32)))
180 #endif
181 #ifdef BSAES_ASM
182 #define BSAES_CAPABLE (OPENSSL_ia32cap_P[1] & (1 << (41 - 32)))
183 #endif
184 
185 #define AES_GCM_ENC_BYTES 32
186 #define AES_GCM_DEC_BYTES 16
187 
188 int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
189     AES_KEY *key);
190 int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
191     AES_KEY *key);
192 
193 void aesni_encrypt(const unsigned char *in, unsigned char *out,
194     const AES_KEY *key);
195 void aesni_decrypt(const unsigned char *in, unsigned char *out,
196     const AES_KEY *key);
197 
198 void aesni_ecb_encrypt(const unsigned char *in,
199     unsigned char *out,
200     size_t length, const AES_KEY *key, int enc);
201 void aesni_cbc_encrypt(const unsigned char *in,
202     unsigned char *out,
203     size_t length,
204     const AES_KEY *key, unsigned char *ivec, int enc);
205 #ifndef OPENSSL_NO_OCB
206 void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
207     size_t blocks, const void *key,
208     size_t start_block_num,
209     unsigned char offset_i[16],
210     const unsigned char L_[][16],
211     unsigned char checksum[16]);
212 void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
213     size_t blocks, const void *key,
214     size_t start_block_num,
215     unsigned char offset_i[16],
216     const unsigned char L_[][16],
217     unsigned char checksum[16]);
218 #endif /* OPENSSL_NO_OCB */
219 
220 void aesni_ctr32_encrypt_blocks(const unsigned char *in,
221     unsigned char *out,
222     size_t blocks,
223     const void *key, const unsigned char *ivec);
224 
225 void aesni_xts_encrypt(const unsigned char *in,
226     unsigned char *out,
227     size_t length,
228     const AES_KEY *key1, const AES_KEY *key2,
229     const unsigned char iv[16]);
230 
231 void aesni_xts_decrypt(const unsigned char *in,
232     unsigned char *out,
233     size_t length,
234     const AES_KEY *key1, const AES_KEY *key2,
235     const unsigned char iv[16]);
236 
237 int aesni_xts_avx512_eligible(void);
238 
239 void aesni_xts_128_encrypt_avx512(const unsigned char *inp, unsigned char *out,
240     size_t len, const AES_KEY *key1,
241     const AES_KEY *key2,
242     const unsigned char iv[16]);
243 void aesni_xts_128_decrypt_avx512(const unsigned char *inp, unsigned char *out,
244     size_t len, const AES_KEY *key1,
245     const AES_KEY *key2,
246     const unsigned char iv[16]);
247 
248 void aesni_xts_256_encrypt_avx512(const unsigned char *inp, unsigned char *out,
249     size_t len, const AES_KEY *key1,
250     const AES_KEY *key2,
251     const unsigned char iv[16]);
252 void aesni_xts_256_decrypt_avx512(const unsigned char *inp, unsigned char *out,
253     size_t len, const AES_KEY *key1,
254     const AES_KEY *key2,
255     const unsigned char iv[16]);
256 
257 void aesni_ccm64_encrypt_blocks(const unsigned char *in,
258     unsigned char *out,
259     size_t blocks,
260     const void *key,
261     const unsigned char ivec[16],
262     unsigned char cmac[16]);
263 
264 void aesni_ccm64_decrypt_blocks(const unsigned char *in,
265     unsigned char *out,
266     size_t blocks,
267     const void *key,
268     const unsigned char ivec[16],
269     unsigned char cmac[16]);
270 
271 #if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
272 size_t aesni_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
273     const void *key, unsigned char ivec[16], u64 *Xi);
274 size_t aesni_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
275     const void *key, unsigned char ivec[16], u64 *Xi);
276 void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, size_t len);
277 
278 #define AES_gcm_encrypt aesni_gcm_encrypt
279 #define AES_gcm_decrypt aesni_gcm_decrypt
280 #define AES_GCM_ASM(ctx) (ctx->ctr == aesni_ctr32_encrypt_blocks && ctx->gcm.funcs.ghash == gcm_ghash_avx)
281 #endif
282 
283 #elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
284 
285 /* Fujitsu SPARC64 X support */
286 #include "crypto/sparc_arch.h"
287 
288 #define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES)
289 #define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
290 #define HWAES_set_encrypt_key aes_fx_set_encrypt_key
291 #define HWAES_set_decrypt_key aes_fx_set_decrypt_key
292 #define HWAES_encrypt aes_fx_encrypt
293 #define HWAES_decrypt aes_fx_decrypt
294 #define HWAES_cbc_encrypt aes_fx_cbc_encrypt
295 #define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
296 
297 void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
298 void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
299 void aes_t4_encrypt(const unsigned char *in, unsigned char *out,
300     const AES_KEY *key);
301 void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
302     const AES_KEY *key);
303 /*
304  * Key-length specific subroutines were chosen for following reason.
305  * Each SPARC T4 core can execute up to 8 threads which share core's
306  * resources. Loading as much key material to registers allows to
307  * minimize references to shared memory interface, as well as amount
308  * of instructions in inner loops [much needed on T4]. But then having
309  * non-key-length specific routines would require conditional branches
310  * either in inner loops or on subroutines' entries. Former is hardly
311  * acceptable, while latter means code size increase to size occupied
312  * by multiple key-length specific subroutines, so why fight?
313  */
314 void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
315     size_t len, const AES_KEY *key,
316     unsigned char *ivec, int /*unused*/);
317 void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
318     size_t len, const AES_KEY *key,
319     unsigned char *ivec, int /*unused*/);
320 void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
321     size_t len, const AES_KEY *key,
322     unsigned char *ivec, int /*unused*/);
323 void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
324     size_t len, const AES_KEY *key,
325     unsigned char *ivec, int /*unused*/);
326 void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
327     size_t len, const AES_KEY *key,
328     unsigned char *ivec, int /*unused*/);
329 void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
330     size_t len, const AES_KEY *key,
331     unsigned char *ivec, int /*unused*/);
332 void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
333     size_t blocks, const AES_KEY *key,
334     unsigned char *ivec);
335 void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
336     size_t blocks, const AES_KEY *key,
337     unsigned char *ivec);
338 void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
339     size_t blocks, const AES_KEY *key,
340     unsigned char *ivec);
341 void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
342     size_t blocks, const AES_KEY *key1,
343     const AES_KEY *key2, const unsigned char *ivec);
344 void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
345     size_t blocks, const AES_KEY *key1,
346     const AES_KEY *key2, const unsigned char *ivec);
347 void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
348     size_t blocks, const AES_KEY *key1,
349     const AES_KEY *key2, const unsigned char *ivec);
350 void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
351     size_t blocks, const AES_KEY *key1,
352     const AES_KEY *key2, const unsigned char *ivec);
353 
354 #elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
355 /* IBM S390X support */
356 #include "s390x_arch.h"
357 
358 /* Convert key size to function code: [16,24,32] -> [18,19,20]. */
359 #define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
360 
361 /* Most modes of operation need km for partial block processing. */
362 #define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] & S390X_CAPBIT(S390X_AES_128))
363 #define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] & S390X_CAPBIT(S390X_AES_192))
364 #define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] & S390X_CAPBIT(S390X_AES_256))
365 
366 #define S390X_aes_128_cbc_CAPABLE 1 /* checked by callee */
367 #define S390X_aes_192_cbc_CAPABLE 1
368 #define S390X_aes_256_cbc_CAPABLE 1
369 
370 #define S390X_aes_128_ecb_CAPABLE S390X_aes_128_CAPABLE
371 #define S390X_aes_192_ecb_CAPABLE S390X_aes_192_CAPABLE
372 #define S390X_aes_256_ecb_CAPABLE S390X_aes_256_CAPABLE
373 
374 #define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE && (OPENSSL_s390xcap_P.kmo[0] & S390X_CAPBIT(S390X_AES_128)))
375 #define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE && (OPENSSL_s390xcap_P.kmo[0] & S390X_CAPBIT(S390X_AES_192)))
376 #define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE && (OPENSSL_s390xcap_P.kmo[0] & S390X_CAPBIT(S390X_AES_256)))
377 
378 #define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE && (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_128)))
379 #define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE && (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_192)))
380 #define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE && (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_256)))
381 #define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_128))
382 #define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_192))
383 #define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] & S390X_CAPBIT(S390X_AES_256))
384 #define S390X_aes_128_cfb1_CAPABLE 0
385 #define S390X_aes_192_cfb1_CAPABLE 0
386 #define S390X_aes_256_cfb1_CAPABLE 0
387 
388 #define S390X_aes_128_ctr_CAPABLE 1 /* checked by callee */
389 #define S390X_aes_192_ctr_CAPABLE 1
390 #define S390X_aes_256_ctr_CAPABLE 1
391 
392 #define S390X_aes_128_xts_CAPABLE 1 /* checked by callee */
393 #define S390X_aes_256_xts_CAPABLE 1
394 
395 #define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE && (OPENSSL_s390xcap_P.kma[0] & S390X_CAPBIT(S390X_AES_128)))
396 #define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE && (OPENSSL_s390xcap_P.kma[0] & S390X_CAPBIT(S390X_AES_192)))
397 #define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE && (OPENSSL_s390xcap_P.kma[0] & S390X_CAPBIT(S390X_AES_256)))
398 
399 #define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE && (OPENSSL_s390xcap_P.kmac[0] & S390X_CAPBIT(S390X_AES_128)))
400 #define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE && (OPENSSL_s390xcap_P.kmac[0] & S390X_CAPBIT(S390X_AES_192)))
401 #define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE && (OPENSSL_s390xcap_P.kmac[0] & S390X_CAPBIT(S390X_AES_256)))
402 #define S390X_CCM_AAD_FLAG 0x40
403 
404 #ifndef OPENSSL_NO_OCB
405 #define S390X_aes_128_ocb_CAPABLE 0
406 #define S390X_aes_192_ocb_CAPABLE 0
407 #define S390X_aes_256_ocb_CAPABLE 0
408 #endif /* OPENSSL_NO_OCB */
409 
410 #ifndef OPENSSL_NO_SIV
411 #define S390X_aes_128_siv_CAPABLE 0
412 #define S390X_aes_192_siv_CAPABLE 0
413 #define S390X_aes_256_siv_CAPABLE 0
414 #endif /* OPENSSL_NO_SIV */
415 
416 /* Convert key size to function code: [16,24,32] -> [18,19,20]. */
417 #define S390X_AES_FC(keylen) (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
418 #elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 64
419 /* RISC-V 64 support */
420 #include "riscv_arch.h"
421 
422 /* Zkne and Zknd extensions (scalar crypto AES). */
423 int rv64i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits,
424     AES_KEY *key);
425 int rv64i_zknd_set_decrypt_key(const unsigned char *userKey, const int bits,
426     AES_KEY *key);
427 void rv64i_zkne_encrypt(const unsigned char *in, unsigned char *out,
428     const AES_KEY *key);
429 void rv64i_zknd_decrypt(const unsigned char *in, unsigned char *out,
430     const AES_KEY *key);
431 /* Zvkned extension (vector crypto AES). */
432 int rv64i_zvkned_set_encrypt_key(const unsigned char *userKey, const int bits,
433     AES_KEY *key);
434 int rv64i_zvkned_set_decrypt_key(const unsigned char *userKey, const int bits,
435     AES_KEY *key);
436 void rv64i_zvkned_encrypt(const unsigned char *in, unsigned char *out,
437     const AES_KEY *key);
438 void rv64i_zvkned_decrypt(const unsigned char *in, unsigned char *out,
439     const AES_KEY *key);
440 
441 void rv64i_zvkned_cbc_encrypt(const unsigned char *in, unsigned char *out,
442     size_t length, const AES_KEY *key,
443     unsigned char *ivec, const int enc);
444 
445 void rv64i_zvkned_cbc_decrypt(const unsigned char *in, unsigned char *out,
446     size_t length, const AES_KEY *key,
447     unsigned char *ivec, const int enc);
448 
449 void rv64i_zvkned_ecb_encrypt(const unsigned char *in, unsigned char *out,
450     size_t length, const AES_KEY *key,
451     const int enc);
452 
453 void rv64i_zvkned_ecb_decrypt(const unsigned char *in, unsigned char *out,
454     size_t length, const AES_KEY *key,
455     const int enc);
456 
457 void rv64i_zvkb_zvkned_ctr32_encrypt_blocks(const unsigned char *in,
458     unsigned char *out, size_t blocks,
459     const void *key,
460     const unsigned char ivec[16]);
461 
462 size_t rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt(const unsigned char *in,
463     unsigned char *out, size_t len,
464     const void *key,
465     unsigned char ivec[16], u64 *Xi);
466 
467 size_t rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt(const unsigned char *in,
468     unsigned char *out, size_t len,
469     const void *key,
470     unsigned char ivec[16], u64 *Xi);
471 
472 void rv64i_zvbb_zvkg_zvkned_aes_xts_encrypt(const unsigned char *in,
473     unsigned char *out, size_t length,
474     const AES_KEY *key1,
475     const AES_KEY *key2,
476     const unsigned char iv[16]);
477 
478 void rv64i_zvbb_zvkg_zvkned_aes_xts_decrypt(const unsigned char *in,
479     unsigned char *out, size_t length,
480     const AES_KEY *key1,
481     const AES_KEY *key2,
482     const unsigned char iv[16]);
483 
484 void gcm_ghash_rv64i_zvkg(u64 Xi[2], const u128 Htable[16], const u8 *inp,
485     size_t len);
486 
487 #define AES_GCM_ENC_BYTES 64
488 #define AES_GCM_DEC_BYTES 64
489 #define AES_gcm_encrypt rv64i_zvkb_zvkg_zvkned_aes_gcm_encrypt
490 #define AES_gcm_decrypt rv64i_zvkb_zvkg_zvkned_aes_gcm_decrypt
491 #define AES_GCM_ASM(ctx) \
492     (ctx->ctr == rv64i_zvkb_zvkned_ctr32_encrypt_blocks && ctx->gcm.funcs.ghash == gcm_ghash_rv64i_zvkg)
493 
494 #elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
495 /* RISC-V 32 support */
496 #include "riscv_arch.h"
497 
498 int rv32i_zkne_set_encrypt_key(const unsigned char *userKey, const int bits,
499     AES_KEY *key);
500 /* set_decrypt_key needs both zknd and zkne */
501 int rv32i_zknd_zkne_set_decrypt_key(const unsigned char *userKey, const int bits,
502     AES_KEY *key);
503 int rv32i_zbkb_zkne_set_encrypt_key(const unsigned char *userKey, const int bits,
504     AES_KEY *key);
505 int rv32i_zbkb_zknd_zkne_set_decrypt_key(const unsigned char *userKey, const int bits,
506     AES_KEY *key);
507 void rv32i_zkne_encrypt(const unsigned char *in, unsigned char *out,
508     const AES_KEY *key);
509 void rv32i_zknd_decrypt(const unsigned char *in, unsigned char *out,
510     const AES_KEY *key);
511 #endif
512 
513 #if defined(HWAES_CAPABLE)
514 int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
515     AES_KEY *key);
516 int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
517     AES_KEY *key);
518 void HWAES_encrypt(const unsigned char *in, unsigned char *out,
519     const AES_KEY *key);
520 void HWAES_decrypt(const unsigned char *in, unsigned char *out,
521     const AES_KEY *key);
522 void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
523     size_t length, const AES_KEY *key,
524     unsigned char *ivec, const int enc);
525 void HWAES_ecb_encrypt(const unsigned char *in, unsigned char *out,
526     size_t length, const AES_KEY *key,
527     const int enc);
528 void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
529     size_t len, const void *key,
530     const unsigned char ivec[16]);
531 #if defined(AES_UNROLL12_EOR3_CAPABLE)
532 void HWAES_ctr32_encrypt_blocks_unroll12_eor3(const unsigned char *in, unsigned char *out,
533     size_t len, const void *key,
534     const unsigned char ivec[16]);
535 #endif
536 void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
537     size_t len, const AES_KEY *key1,
538     const AES_KEY *key2, const unsigned char iv[16]);
539 void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
540     size_t len, const AES_KEY *key1,
541     const AES_KEY *key2, const unsigned char iv[16]);
542 #ifndef OPENSSL_NO_OCB
543 #ifdef HWAES_ocb_encrypt
544 void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
545     size_t blocks, const void *key,
546     size_t start_block_num,
547     unsigned char offset_i[16],
548     const unsigned char L_[][16],
549     unsigned char checksum[16]);
550 #else
551 #define HWAES_ocb_encrypt ((ocb128_f)NULL)
552 #endif
553 #ifdef HWAES_ocb_decrypt
554 void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
555     size_t blocks, const void *key,
556     size_t start_block_num,
557     unsigned char offset_i[16],
558     const unsigned char L_[][16],
559     unsigned char checksum[16]);
560 #else
561 #define HWAES_ocb_decrypt ((ocb128_f)NULL)
562 #endif
563 #endif /* OPENSSL_NO_OCB */
564 
565 #endif /* HWAES_CAPABLE */
566 
567 #endif /* OSSL_AES_PLATFORM_H */
568