diff options
author | Niels Möller <nisse@lysator.liu.se> | 2021-09-12 17:30:27 +0200 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2021-09-12 17:30:27 +0200 |
commit | dfc8ee82e1f1be274ee62937d350731d40cddcde (patch) | |
tree | 4178b530e8e24df7cba308ca518508b999d16ade | |
parent | d5b0b9cb4f70fb9ae86512d4fbc4ba8536d1f493 (diff) | |
parent | 686fd559d8e8a59730c33c2d9790806a51b81dc2 (diff) | |
download | nettle-dfc8ee82e1f1be274ee62937d350731d40cddcde.tar.gz |
Merge branch 'aes-cbc' into master
-rw-r--r-- | ChangeLog | 39 | ||||
-rw-r--r-- | Makefile.in | 3 | ||||
-rw-r--r-- | cbc-aes128-encrypt.c | 51 | ||||
-rw-r--r-- | cbc-aes192-encrypt.c | 51 | ||||
-rw-r--r-- | cbc-aes256-encrypt.c | 51 | ||||
-rw-r--r-- | cbc.h | 16 | ||||
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | examples/nettle-benchmark.c | 29 | ||||
-rw-r--r-- | fat-setup.h | 10 | ||||
-rw-r--r-- | fat-x86_64.c | 29 | ||||
-rw-r--r-- | nettle-internal.c | 76 | ||||
-rw-r--r-- | nettle-internal.h | 8 | ||||
-rw-r--r-- | testsuite/cbc-test.c | 45 | ||||
-rw-r--r-- | testsuite/testutils.c | 55 | ||||
-rw-r--r-- | x86_64/aesni/cbc-aes128-encrypt.asm | 108 | ||||
-rw-r--r-- | x86_64/aesni/cbc-aes192-encrypt.asm | 114 | ||||
-rw-r--r-- | x86_64/aesni/cbc-aes256-encrypt.asm | 121 | ||||
-rw-r--r-- | x86_64/fat/cbc-aes128-encrypt-2.asm | 36 | ||||
-rw-r--r-- | x86_64/fat/cbc-aes192-encrypt-2.asm | 36 | ||||
-rw-r--r-- | x86_64/fat/cbc-aes256-encrypt-2.asm | 36 |
20 files changed, 882 insertions, 38 deletions
@@ -1,3 +1,42 @@ +2021-09-12 Niels Möller <nisse@lysator.liu.se> + + * Merged CBC-AES changes into master branch. + +2021-09-09 Niels Möller <nisse@lysator.liu.se> + + Implementation of CBC-AES for x86_64 aesni. Roughly 40%-50% + speedup benchmarked on Ryzen 5. + * x86_64/aesni/cbc-aes128-encrypt.asm: New file. + * x86_64/aesni/cbc-aes192-encrypt.asm: New file. + * x86_64/aesni/cbc-aes256-encrypt.asm: New file. + * x86_64/fat/cbc-aes128-encrypt-2.asm: New file. + * x86_64/fat/cbc-aes192-encrypt-2.asm: New file. + * x86_64/fat/cbc-aes256-encrypt-2.asm: New file. + * configure.ac (asm_nettle_optional_list, asm_replace_list): Add + new asm files. + * fat-setup.h (cbc_aes128_encrypt_func, cbc_aes192_encrypt_func) + (cbc_aes256_encrypt_func): New typedefs. + * fat-x86_64.c (fat_init): Use new functions, when aesni is available + +2021-09-08 Niels Möller <nisse@lysator.liu.se> + + * cbc-aes128-encrypt.c (nettle_cbc_aes128_encrypt): New file and + function. + * cbc-aes192-encrypt.c (cbc_aes192_set_encrypt_key): New file. + * cbc-aes256-encrypt.c (cbc_aes256_set_encrypt_key): New file. + * cbc.h (cbc_aes128_ctx, struct cbc_aes192_ctx, cbc_aes256_ctx): + New context structs. Declare new functions. + * Makefile.in (nettle_SOURCES): Add new files. + * nettle-internal.c (nettle_cbc_aes128, nettle_cbc_aes192) + (nettle_cbc_aes256): New algorithm structs, for tests and + benchmarking. + * testsuite/testutils.c (test_aead): Skip tests of decryption and + authentication, if corresponding function pointers are NULL. + * testsuite/cbc-test.c (test_main): Add tests of new cbc + functions. + * examples/nettle-benchmark.c (time_aead): Skip decrypt benchmark, + if corresponding function pointer is NULL. + 2021-09-09 Niels Möller <nisse@lysator.liu.se> * x86_64/fat/cpuid.asm: Fix usage of W64_ENTRY and W64_EXIT, to diff --git a/Makefile.in b/Makefile.in index fe2de5a8..2edafd67 100644 --- a/Makefile.in +++ b/Makefile.in @@ -102,7 +102,8 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \ camellia256-set-encrypt-key.c camellia256-crypt.c \ camellia256-set-decrypt-key.c \ camellia256-meta.c \ - cast128.c cast128-meta.c cbc.c \ + cast128.c cast128-meta.c \ + cbc.c cbc-aes128-encrypt.c cbc-aes192-encrypt.c cbc-aes256-encrypt.c \ ccm.c ccm-aes128.c ccm-aes192.c ccm-aes256.c cfb.c \ siv-cmac.c siv-cmac-aes128.c siv-cmac-aes256.c \ cnd-memcpy.c \ diff --git a/cbc-aes128-encrypt.c b/cbc-aes128-encrypt.c new file mode 100644 index 00000000..358a3d70 --- /dev/null +++ b/cbc-aes128-encrypt.c @@ -0,0 +1,51 @@ +/* cbc-aes128-encrypt.c + + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "cbc.h" + +/* For fat builds */ +#if HAVE_NATIVE_cbc_aes128_encrypt +void +_nettle_cbc_aes128_encrypt_c(struct cbc_aes128_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +# define nettle_cbc_aes128_encrypt _nettle_cbc_aes128_encrypt_c +#endif + +void +cbc_aes128_encrypt(struct cbc_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src) +{ + CBC_ENCRYPT(ctx, aes128_encrypt, length, dst, src); +} diff --git a/cbc-aes192-encrypt.c b/cbc-aes192-encrypt.c new file mode 100644 index 00000000..fa9d10b4 --- /dev/null +++ b/cbc-aes192-encrypt.c @@ -0,0 +1,51 @@ +/* cbc-aes192-encrypt.c + + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "cbc.h" + +/* For fat builds */ +#if HAVE_NATIVE_cbc_aes192_encrypt +void +_nettle_cbc_aes192_encrypt_c(struct cbc_aes192_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +# define nettle_cbc_aes192_encrypt _nettle_cbc_aes192_encrypt_c +#endif + +void +cbc_aes192_encrypt(struct cbc_aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src) +{ + CBC_ENCRYPT(ctx, aes192_encrypt, length, dst, src); +} diff --git a/cbc-aes256-encrypt.c b/cbc-aes256-encrypt.c new file mode 100644 index 00000000..72dd7d83 --- /dev/null +++ b/cbc-aes256-encrypt.c @@ -0,0 +1,51 @@ +/* cbc-aes256-encrypt.c + + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "cbc.h" + +/* For fat builds */ +#if HAVE_NATIVE_cbc_aes256_encrypt +void +_nettle_cbc_aes256_encrypt_c(struct cbc_aes256_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +# define nettle_cbc_aes256_encrypt _nettle_cbc_aes256_encrypt_c +#endif + +void +cbc_aes256_encrypt(struct cbc_aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src) +{ + CBC_ENCRYPT(ctx, aes256_encrypt, length, dst, src); +} @@ -35,6 +35,7 @@ #define NETTLE_CBC_H_INCLUDED #include "nettle-types.h" +#include "aes.h" #ifdef __cplusplus extern "C" { @@ -43,6 +44,9 @@ extern "C" { /* Name mangling */ #define cbc_encrypt nettle_cbc_encrypt #define cbc_decrypt nettle_cbc_decrypt +#define cbc_aes128_encrypt nettle_cbc_aes128_encrypt +#define cbc_aes192_encrypt nettle_cbc_aes192_encrypt +#define cbc_aes256_encrypt nettle_cbc_aes256_encrypt void cbc_encrypt(const void *ctx, nettle_cipher_func *f, @@ -79,6 +83,18 @@ memcpy((ctx)->iv, (data), sizeof((ctx)->iv)) sizeof((self)->iv), (self)->iv, \ (length), (dst), (src))) +struct cbc_aes128_ctx CBC_CTX(struct aes128_ctx, AES_BLOCK_SIZE); +void +cbc_aes128_encrypt(struct cbc_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); + +struct cbc_aes192_ctx CBC_CTX(struct aes192_ctx, AES_BLOCK_SIZE); +void +cbc_aes192_encrypt(struct cbc_aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); + +struct cbc_aes256_ctx CBC_CTX(struct aes256_ctx, AES_BLOCK_SIZE); +void +cbc_aes256_encrypt(struct cbc_aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); + #ifdef __cplusplus } #endif diff --git a/configure.ac b/configure.ac index ebec8759..54df43ec 100644 --- a/configure.ac +++ b/configure.ac @@ -563,6 +563,8 @@ asm_replace_list="aes-encrypt-internal.asm aes-decrypt-internal.asm \ aes192-encrypt.asm aes192-decrypt.asm \ aes256-set-encrypt-key.asm aes256-set-decrypt-key.asm \ aes256-encrypt.asm aes256-decrypt.asm \ + cbc-aes128-encrypt.asm cbc-aes192-encrypt.asm \ + cbc-aes256-encrypt.asm \ arcfour-crypt.asm camellia-crypt-internal.asm \ md5-compress.asm memxor.asm memxor3.asm \ poly1305-internal.asm \ @@ -581,6 +583,7 @@ asm_nettle_optional_list="gcm-hash.asm gcm-hash8.asm cpuid.asm cpu-facility.asm aes192-encrypt-2.asm aes192-decrypt-2.asm \ aes256-set-encrypt-key-2.asm aes256-set-decrypt-key-2.asm \ aes256-encrypt-2.asm aes256-decrypt-2.asm \ + cbc-aes128-encrypt-2.asm cbc-aes192-encrypt-2.asm cbc-aes256-encrypt-2.asm \ chacha-2core.asm chacha-3core.asm chacha-4core.asm chacha-core-internal-2.asm \ salsa20-2core.asm salsa20-core-internal-2.asm \ sha1-compress-2.asm sha256-compress-2.asm \ @@ -705,6 +708,9 @@ AH_VERBATIM([HAVE_NATIVE], #undef HAVE_NATIVE_aes256_invert_key #undef HAVE_NATIVE_aes256_set_decrypt_key #undef HAVE_NATIVE_aes256_set_encrypt_key +#undef HAVE_NATIVE_cbc_aes128_encrypt +#undef HAVE_NATIVE_cbc_aes192_encrypt +#undef HAVE_NATIVE_cbc_aes256_encrypt #undef HAVE_NATIVE_chacha_core #undef HAVE_NATIVE_chacha_2core #undef HAVE_NATIVE_chacha_3core diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c index 9ce3a733..50a5815a 100644 --- a/examples/nettle-benchmark.c +++ b/examples/nettle-benchmark.c @@ -769,21 +769,22 @@ time_aead(const struct nettle_aead *aead) display(aead->name, "encrypt", aead->block_size, time_function(bench_aead_crypt, &info)); } - - { - struct bench_aead_info info; - info.ctx = ctx; - info.crypt = aead->decrypt; - info.data = data; + + if (aead->decrypt) + { + struct bench_aead_info info; + info.ctx = ctx; + info.crypt = aead->decrypt; + info.data = data; - init_key(aead->key_size, key); - aead->set_decrypt_key(ctx, key); - if (aead->set_nonce) - aead->set_nonce (ctx, nonce); + init_key(aead->key_size, key); + aead->set_decrypt_key(ctx, key); + if (aead->set_nonce) + aead->set_nonce (ctx, nonce); - display(aead->name, "decrypt", aead->block_size, - time_function(bench_aead_crypt, &info)); - } + display(aead->name, "decrypt", aead->block_size, + time_function(bench_aead_crypt, &info)); + } if (aead->update) { @@ -933,6 +934,8 @@ main(int argc, char **argv) /* Stream ciphers */ &nettle_arcfour128, &nettle_salsa20, &nettle_salsa20r12, &nettle_chacha, + /* CBC encrypt */ + &nettle_cbc_aes128, &nettle_cbc_aes192, &nettle_cbc_aes256, /* Proper AEAD algorithme. */ &nettle_gcm_aes128, &nettle_gcm_aes192, diff --git a/fat-setup.h b/fat-setup.h index 78a6e396..9ef5c22d 100644 --- a/fat-setup.h +++ b/fat-setup.h @@ -213,3 +213,13 @@ typedef void aes256_set_key_func (struct aes256_ctx *ctx, const uint8_t *key); typedef void aes256_invert_key_func (struct aes256_ctx *dst, const struct aes256_ctx *src); typedef void aes256_crypt_func (const struct aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src); + +struct cbc_aes128_ctx; +typedef void cbc_aes128_encrypt_func (struct cbc_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); +struct cbc_aes192_ctx; +typedef void cbc_aes192_encrypt_func (struct cbc_aes192_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); +struct cbc_aes256_ctx; +typedef void cbc_aes256_encrypt_func (struct cbc_aes256_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src); diff --git a/fat-x86_64.c b/fat-x86_64.c index 80731eef..b5da39a1 100644 --- a/fat-x86_64.c +++ b/fat-x86_64.c @@ -130,6 +130,16 @@ DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, aesni) DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, c) DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, aesni) +DECLARE_FAT_FUNC(nettle_cbc_aes128_encrypt, cbc_aes128_encrypt_func); +DECLARE_FAT_FUNC_VAR(cbc_aes128_encrypt, cbc_aes128_encrypt_func, c); +DECLARE_FAT_FUNC_VAR(cbc_aes128_encrypt, cbc_aes128_encrypt_func, aesni); +DECLARE_FAT_FUNC(nettle_cbc_aes192_encrypt, cbc_aes192_encrypt_func); +DECLARE_FAT_FUNC_VAR(cbc_aes192_encrypt, cbc_aes192_encrypt_func, c); +DECLARE_FAT_FUNC_VAR(cbc_aes192_encrypt, cbc_aes192_encrypt_func, aesni); +DECLARE_FAT_FUNC(nettle_cbc_aes256_encrypt, cbc_aes256_encrypt_func); +DECLARE_FAT_FUNC_VAR(cbc_aes256_encrypt, cbc_aes256_encrypt_func, c); +DECLARE_FAT_FUNC_VAR(cbc_aes256_encrypt, cbc_aes256_encrypt_func, aesni); + DECLARE_FAT_FUNC(nettle_memxor, memxor_func) DECLARE_FAT_FUNC_VAR(memxor, memxor_func, x86_64) DECLARE_FAT_FUNC_VAR(memxor, memxor_func, sse2) @@ -177,6 +187,9 @@ fat_init (void) nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_aesni; nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_aesni; nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_aesni; + nettle_cbc_aes128_encrypt_vec = _nettle_cbc_aes128_encrypt_aesni; + nettle_cbc_aes192_encrypt_vec = _nettle_cbc_aes192_encrypt_aesni; + nettle_cbc_aes256_encrypt_vec = _nettle_cbc_aes256_encrypt_aesni; } else { @@ -188,6 +201,9 @@ fat_init (void) nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_c; nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_c; nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_c; + nettle_cbc_aes128_encrypt_vec = _nettle_cbc_aes128_encrypt_c; + nettle_cbc_aes192_encrypt_vec = _nettle_cbc_aes192_encrypt_c; + nettle_cbc_aes256_encrypt_vec = _nettle_cbc_aes256_encrypt_c; } if (features.have_sha_ni) @@ -245,6 +261,19 @@ DEFINE_FAT_FUNC(nettle_aes256_decrypt, void, uint8_t *dst,const uint8_t *src), (ctx, length, dst, src)) +DEFINE_FAT_FUNC(nettle_cbc_aes128_encrypt, void, + (struct cbc_aes128_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src), + (ctx, length, dst, src)) +DEFINE_FAT_FUNC(nettle_cbc_aes192_encrypt, void, + (struct cbc_aes192_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src), + (ctx, length, dst, src)) +DEFINE_FAT_FUNC(nettle_cbc_aes256_encrypt, void, + (struct cbc_aes256_ctx *ctx, + size_t length, uint8_t *dst, const uint8_t *src), + (ctx, length, dst, src)) + DEFINE_FAT_FUNC(nettle_memxor, void *, (void *dst, const void *src, size_t n), (dst, src, n)) diff --git a/nettle-internal.c b/nettle-internal.c index 2a809472..e2422a5b 100644 --- a/nettle-internal.c +++ b/nettle-internal.c @@ -38,12 +38,14 @@ #include <assert.h> #include <stdlib.h> +#include <string.h> #include "nettle-internal.h" #include "arcfour.h" #include "blowfish.h" -#include "des.h" +#include "cbc.h" #include "chacha.h" +#include "des.h" #include "salsa20.h" /* Wrapper functions discarding the return value. Needed for the @@ -149,3 +151,75 @@ nettle_salsa20r12 = { (nettle_crypt_func *) salsa20r12_crypt, NULL, }; + +static void +cbc_aes128_set_encrypt_key(struct cbc_aes128_ctx *ctx, const uint8_t *key) +{ + aes128_set_encrypt_key(&ctx->ctx, key); +} +static void +cbc_aes128_set_iv(struct cbc_aes128_ctx *ctx, const uint8_t *iv) +{ + CBC_SET_IV(ctx, iv); +} +const struct nettle_aead +nettle_cbc_aes128 = { + "cbc_aes128", sizeof(struct cbc_aes128_ctx), + AES_BLOCK_SIZE, AES128_KEY_SIZE, + AES_BLOCK_SIZE, 0, + (nettle_set_key_func*) cbc_aes128_set_encrypt_key, + NULL, + (nettle_set_key_func*) cbc_aes128_set_iv, + NULL, + (nettle_crypt_func *) cbc_aes128_encrypt, + NULL, + NULL, +}; + +static void +cbc_aes192_set_encrypt_key(struct cbc_aes192_ctx *ctx, const uint8_t *key) +{ + aes192_set_encrypt_key(&ctx->ctx, key); +} +static void +cbc_aes192_set_iv(struct cbc_aes192_ctx *ctx, const uint8_t *iv) +{ + CBC_SET_IV(ctx, iv); +} +const struct nettle_aead +nettle_cbc_aes192 = { + "cbc_aes192", sizeof(struct cbc_aes192_ctx), + AES_BLOCK_SIZE, AES192_KEY_SIZE, + AES_BLOCK_SIZE, 0, + (nettle_set_key_func*) cbc_aes192_set_encrypt_key, + NULL, + (nettle_set_key_func*) cbc_aes192_set_iv, + NULL, + (nettle_crypt_func *) cbc_aes192_encrypt, + NULL, + NULL, +}; + +static void +cbc_aes256_set_encrypt_key(struct cbc_aes256_ctx *ctx, const uint8_t *key) +{ + aes256_set_encrypt_key(&ctx->ctx, key); +} +static void +cbc_aes256_set_iv(struct cbc_aes256_ctx *ctx, const uint8_t *iv) +{ + CBC_SET_IV(ctx, iv); +} +const struct nettle_aead +nettle_cbc_aes256 = { + "cbc_aes256", sizeof(struct cbc_aes256_ctx), + AES_BLOCK_SIZE, AES256_KEY_SIZE, + AES_BLOCK_SIZE, 0, + (nettle_set_key_func*) cbc_aes256_set_encrypt_key, + NULL, + (nettle_set_key_func*) cbc_aes256_set_iv, + NULL, + (nettle_crypt_func *) cbc_aes256_encrypt, + NULL, + NULL, +}; diff --git a/nettle-internal.h b/nettle-internal.h index 9203a232..ddc483de 100644 --- a/nettle-internal.h +++ b/nettle-internal.h @@ -97,10 +97,18 @@ extern const struct nettle_aead nettle_arcfour128; extern const struct nettle_aead nettle_chacha; extern const struct nettle_aead nettle_salsa20; extern const struct nettle_aead nettle_salsa20r12; + +/* All-in-one CBC encrypt fucntinos treated as AEAD with no + authentication and no decrypt method. */ +extern const struct nettle_aead nettle_cbc_aes128; +extern const struct nettle_aead nettle_cbc_aes192; +extern const struct nettle_aead nettle_cbc_aes256; + extern const struct nettle_aead nettle_openssl_gcm_aes128; extern const struct nettle_aead nettle_openssl_gcm_aes192; extern const struct nettle_aead nettle_openssl_gcm_aes256; + /* Glue to openssl, for comparative benchmarking. Code in * examples/nettle-openssl.c. */ extern void nettle_openssl_init(void); diff --git a/testsuite/cbc-test.c b/testsuite/cbc-test.c index 9394f1cb..d83b108b 100644 --- a/testsuite/cbc-test.c +++ b/testsuite/cbc-test.c @@ -2,6 +2,7 @@ #include "aes.h" #include "cbc.h" #include "knuth-lfib.h" +#include "nettle-internal.h" /* Test with more data and inplace decryption, to check that the * cbc_decrypt buffering works. */ @@ -114,6 +115,20 @@ test_main(void) "73bed6b8e3c1743b7116e69e22229516" "3ff1caa1681fac09120eca307586e1a7"), SHEX("000102030405060708090a0b0c0d0e0f")); + + test_aead(&nettle_cbc_aes128, NULL, + SHEX("2b7e151628aed2a6abf7158809cf4f3c"), + NULL, + SHEX("6bc1bee22e409f96e93d7e117393172a" + "ae2d8a571e03ac9c9eb76fac45af8e51" + "30c81c46a35ce411e5fbc1191a0a52ef" + "f69f2445df4f9b17ad2b417be66c3710"), + SHEX("7649abac8119b246cee98e9b12e9197d" + "5086cb9b507219ee95db113a917678b2" + "73bed6b8e3c1743b7116e69e22229516" + "3ff1caa1681fac09120eca307586e1a7"), + SHEX("000102030405060708090a0b0c0d0e0f"), + NULL); /* F.2.3 CBC-AES192.Encrypt */ @@ -137,6 +152,21 @@ test_main(void) "571b242012fb7ae07fa9baac3df102e0" "08b0e27988598881d920a9e64f5615cd"), SHEX("000102030405060708090a0b0c0d0e0f")); + + test_aead(&nettle_cbc_aes192, NULL, + SHEX("8e73b0f7da0e6452c810f32b809079e5" + "62f8ead2522c6b7b"), + NULL, + SHEX("6bc1bee22e409f96e93d7e117393172a" + "ae2d8a571e03ac9c9eb76fac45af8e51" + "30c81c46a35ce411e5fbc1191a0a52ef" + "f69f2445df4f9b17ad2b417be66c3710"), + SHEX("4f021db243bc633d7178183a9fa071e8" + "b4d9ada9ad7dedf4e5e738763f69145a" + "571b242012fb7ae07fa9baac3df102e0" + "08b0e27988598881d920a9e64f5615cd"), + SHEX("000102030405060708090a0b0c0d0e0f"), + NULL); /* F.2.5 CBC-AES256.Encrypt */ @@ -161,6 +191,21 @@ test_main(void) "b2eb05e2c39be9fcda6c19078c6a9d1b"), SHEX("000102030405060708090a0b0c0d0e0f")); + test_aead(&nettle_cbc_aes256, NULL, + SHEX("603deb1015ca71be2b73aef0857d7781" + "1f352c073b6108d72d9810a30914dff4"), + NULL, + SHEX("6bc1bee22e409f96e93d7e117393172a" + "ae2d8a571e03ac9c9eb76fac45af8e51" + "30c81c46a35ce411e5fbc1191a0a52ef" + "f69f2445df4f9b17ad2b417be66c3710"), + SHEX("f58c4c04d6e5f1ba779eabfb5f7bfbd6" + "9cfc4e967edb808d679f777bc6702c7d" + "39f23369a9d9bacfa530e26304231461" + "b2eb05e2c39be9fcda6c19078c6a9d1b"), + SHEX("000102030405060708090a0b0c0d0e0f"), + NULL); + test_cbc_bulk(); } diff --git a/testsuite/testutils.c b/testsuite/testutils.c index 2c6cac40..781907a9 100644 --- a/testsuite/testutils.c +++ b/testsuite/testutils.c @@ -804,7 +804,6 @@ test_aead(const struct nettle_aead *aead, length = cleartext->length; ASSERT (key->length == aead->key_size); - ASSERT (digest->length <= aead->digest_size); data = xalloc(length); @@ -820,41 +819,51 @@ test_aead(const struct nettle_aead *aead, else aead->set_nonce(ctx, nonce->data); - if (authtext->length) + if (aead->update && authtext->length) aead->update(ctx, authtext->length, authtext->data); - + if (length) aead->encrypt(ctx, length, data, cleartext->data); - aead->digest(ctx, digest->length, buffer); + if (digest) + { + ASSERT (digest->length <= aead->digest_size); + aead->digest(ctx, digest->length, buffer); + ASSERT(MEMEQ(digest->length, buffer, digest->data)); + } + else + ASSERT(!aead->digest); ASSERT(MEMEQ(length, data, ciphertext->data)); - ASSERT(MEMEQ(digest->length, buffer, digest->data)); /* decryption */ - memset(buffer, 0, aead->digest_size); - - aead->set_decrypt_key(ctx, key->data); - - if (nonce->length != aead->nonce_size) + if (aead->set_decrypt_key) { - ASSERT (set_nonce); - set_nonce (ctx, nonce->length, nonce->data); - } - else - aead->set_nonce(ctx, nonce->data); + memset(buffer, 0, aead->digest_size); - if (authtext->length) - aead->update(ctx, authtext->length, authtext->data); - - if (length) - aead->decrypt(ctx, length, data, data); + aead->set_decrypt_key(ctx, key->data); - aead->digest(ctx, digest->length, buffer); + if (nonce->length != aead->nonce_size) + { + ASSERT (set_nonce); + set_nonce (ctx, nonce->length, nonce->data); + } + else + aead->set_nonce(ctx, nonce->data); - ASSERT(MEMEQ(length, data, cleartext->data)); - ASSERT(MEMEQ(digest->length, buffer, digest->data)); + if (aead->update && authtext->length) + aead->update(ctx, authtext->length, authtext->data); + + if (length) + aead->decrypt(ctx, length, data, data); + if (digest) + { + aead->digest(ctx, digest->length, buffer); + ASSERT(MEMEQ(digest->length, buffer, digest->data)); + } + ASSERT(MEMEQ(length, data, cleartext->data)); + } free(ctx); free(data); free(buffer); diff --git a/x86_64/aesni/cbc-aes128-encrypt.asm b/x86_64/aesni/cbc-aes128-encrypt.asm new file mode 100644 index 00000000..7375dadd --- /dev/null +++ b/x86_64/aesni/cbc-aes128-encrypt.asm @@ -0,0 +1,108 @@ +C x86_64/aesni/cbc-aes128-encrypt.asm + +ifelse(` + Copyright (C) 2015, 2018, 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C Input argument +define(`CTX', `%rdi') +define(`LENGTH',`%rsi') +define(`DST', `%rdx') +define(`SRC', `%rcx') + +define(`KEY0', `%xmm0') +define(`KEY1', `%xmm1') +define(`KEY2', `%xmm2') +define(`KEY3', `%xmm3') +define(`KEY4', `%xmm4') +define(`KEY5', `%xmm5') +define(`KEY6', `%xmm6') +define(`KEY7', `%xmm7') +define(`KEY8', `%xmm8') +define(`KEY9', `%xmm9') +define(`KEY10', `%xmm10') +define(`X', `%xmm11') +define(`BLOCK', `%xmm12') + + .file "cbc-aes128-encrypt.asm" + + C nettle_cbc_aes128_encrypt(struct cbc_aes128_ctx *ctx, + C size_t length, uint8_t *dst, + C const uint8_t *src); + + .text + ALIGN(16) +PROLOGUE(nettle_cbc_aes128_encrypt) + W64_ENTRY(4, 13) + shr $4, LENGTH + test LENGTH, LENGTH + jz .Lend + + movups (CTX), KEY0 + movups 16(CTX), KEY1 + movups 32(CTX), KEY2 + movups 48(CTX), KEY3 + movups 64(CTX), KEY4 + movups 80(CTX), KEY5 + movups 96(CTX), KEY6 + movups 112(CTX), KEY7 + movups 128(CTX), KEY8 + movups 144(CTX), KEY9 + movups 160(CTX), KEY10 + movups 176(CTX), X C Load IV + +.Lblock_loop: + movups (SRC), BLOCK C Cleartext block + pxor KEY0, X + pxor BLOCK, X + aesenc KEY1, X + aesenc KEY2, X + aesenc KEY3, X + aesenc KEY4, X + aesenc KEY5, X + aesenc KEY6, X + aesenc KEY7, X + aesenc KEY8, X + aesenc KEY9, X + aesenclast KEY10, X + + movups X, (DST) + add $16, SRC + add $16, DST + + dec LENGTH + jnz .Lblock_loop + + C Save IV + movups X, 176(CTX) + +.Lend: + W64_EXIT(4, 13) + ret +EPILOGUE(nettle_cbc_aes128_encrypt) diff --git a/x86_64/aesni/cbc-aes192-encrypt.asm b/x86_64/aesni/cbc-aes192-encrypt.asm new file mode 100644 index 00000000..2438d91f --- /dev/null +++ b/x86_64/aesni/cbc-aes192-encrypt.asm @@ -0,0 +1,114 @@ +C x86_64/aesni/cbc-aes192-encrypt.asm + +ifelse(` + Copyright (C) 2015, 2018, 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C Input argument +define(`CTX', `%rdi') +define(`LENGTH',`%rsi') +define(`DST', `%rdx') +define(`SRC', `%rcx') + +define(`KEY0', `%xmm0') +define(`KEY1', `%xmm1') +define(`KEY2', `%xmm2') +define(`KEY3', `%xmm3') +define(`KEY4', `%xmm4') +define(`KEY5', `%xmm5') +define(`KEY6', `%xmm6') +define(`KEY7', `%xmm7') +define(`KEY8', `%xmm8') +define(`KEY9', `%xmm9') +define(`KEY10', `%xmm10') +define(`KEY11', `%xmm11') +define(`KEY12', `%xmm12') +define(`X', `%xmm13') +define(`BLOCK', `%xmm14') + + .file "cbc-aes192-encrypt.asm" + + C nettle_cbc_aes192_encrypt(struct cbc_aes192_ctx *ctx, + C size_t length, uint8_t *dst, + C const uint8_t *src); + + .text + ALIGN(16) +PROLOGUE(nettle_cbc_aes192_encrypt) + W64_ENTRY(4, 15) + shr $4, LENGTH + test LENGTH, LENGTH + jz .Lend + + movups (CTX), KEY0 + movups 16(CTX), KEY1 + movups 32(CTX), KEY2 + movups 48(CTX), KEY3 + movups 64(CTX), KEY4 + movups 80(CTX), KEY5 + movups 96(CTX), KEY6 + movups 112(CTX), KEY7 + movups 128(CTX), KEY8 + movups 144(CTX), KEY9 + movups 160(CTX), KEY10 + movups 176(CTX), KEY11 + movups 192(CTX), KEY12 + movups 208(CTX), X C Load IV + +.Lblock_loop: + movups (SRC), BLOCK C Cleartext block + pxor KEY0, X + pxor BLOCK, X + aesenc KEY1, X + aesenc KEY2, X + aesenc KEY3, X + aesenc KEY4, X + aesenc KEY5, X + aesenc KEY6, X + aesenc KEY7, X + aesenc KEY8, X + aesenc KEY9, X + aesenc KEY10, X + aesenc KEY11, X + aesenclast KEY12, X + + movups X, (DST) + add $16, SRC + add $16, DST + + dec LENGTH + jnz .Lblock_loop + + C Save IV + movups X, 208(CTX) + +.Lend: + W64_EXIT(4, 15) + ret +EPILOGUE(nettle_cbc_aes192_encrypt) diff --git a/x86_64/aesni/cbc-aes256-encrypt.asm b/x86_64/aesni/cbc-aes256-encrypt.asm new file mode 100644 index 00000000..6b289c70 --- /dev/null +++ b/x86_64/aesni/cbc-aes256-encrypt.asm @@ -0,0 +1,121 @@ +C x86_64/aesni/cbc-aes256-encrypt.asm + +ifelse(` + Copyright (C) 2015, 2018, 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C Input argument +define(`CTX', `%rdi') +define(`LENGTH',`%rsi') +define(`DST', `%rdx') +define(`SRC', `%rcx') + +define(`KEY0_7', `%xmm0') +define(`KEY1', `%xmm1') +define(`KEY2', `%xmm2') +define(`KEY3', `%xmm3') +define(`KEY4', `%xmm4') +define(`KEY5', `%xmm5') +define(`KEY6', `%xmm6') +define(`KEY8', `%xmm7') +define(`KEY9', `%xmm8') +define(`KEY10', `%xmm9') +define(`KEY11', `%xmm10') +define(`KEY12', `%xmm11') +define(`KEY13', `%xmm12') +define(`KEY14', `%xmm13') + +define(`X', `%xmm14') +define(`BLOCK', `%xmm15') + + .file "cbc-aes256-encrypt.asm" + + C nettle_cbc_aes256_encrypt(struct cbc_aes256_ctx *ctx, + C size_t length, uint8_t *dst, + C const uint8_t *src); + + .text + ALIGN(16) +PROLOGUE(nettle_cbc_aes256_encrypt) + W64_ENTRY(4, 16) + shr $4, LENGTH + test LENGTH, LENGTH + jz .Lend + + movups (CTX), KEY0_7 + movups 16(CTX), KEY1 + movups 32(CTX), KEY2 + movups 48(CTX), KEY3 + movups 64(CTX), KEY4 + movups 80(CTX), KEY5 + movups 96(CTX), KEY6 + movups 128(CTX), KEY8 + movups 144(CTX), KEY9 + movups 160(CTX), KEY10 + movups 176(CTX), KEY11 + movups 192(CTX), KEY12 + movups 208(CTX), KEY13 + movups 224(CTX), KEY14 + movups 240(CTX), X C Load IV + +.Lblock_loop: + movups (SRC), BLOCK C Cleartext block + pxor KEY0_7, X + movups 112(CTX), KEY0_7 + pxor BLOCK, X + aesenc KEY1, X + aesenc KEY2, X + aesenc KEY3, X + aesenc KEY4, X + aesenc KEY5, X + aesenc KEY6, X + aesenc KEY0_7, X + movups (CTX), KEY0_7 + aesenc KEY8, X + aesenc KEY9, X + aesenc KEY10, X + aesenc KEY11, X + aesenc KEY12, X + aesenc KEY13, X + aesenclast KEY14, X + + movups X, (DST) + add $16, SRC + add $16, DST + + dec LENGTH + jnz .Lblock_loop + + C Save IV + movups X, 240(CTX) + +.Lend: + W64_EXIT(4, 16) + ret +EPILOGUE(nettle_cbc_aes256_encrypt) diff --git a/x86_64/fat/cbc-aes128-encrypt-2.asm b/x86_64/fat/cbc-aes128-encrypt-2.asm new file mode 100644 index 00000000..9782cd94 --- /dev/null +++ b/x86_64/fat/cbc-aes128-encrypt-2.asm @@ -0,0 +1,36 @@ +C x86_64/fat/cbc-aes128-encrypt.asm + +ifelse(` + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_cbc_aes128_encrypt) picked up by configure + +define(`fat_transform', `_$1_aesni') +include_src(`x86_64/aesni/cbc-aes128-encrypt.asm') diff --git a/x86_64/fat/cbc-aes192-encrypt-2.asm b/x86_64/fat/cbc-aes192-encrypt-2.asm new file mode 100644 index 00000000..81322418 --- /dev/null +++ b/x86_64/fat/cbc-aes192-encrypt-2.asm @@ -0,0 +1,36 @@ +C x86_64/fat/cbc_aes192-encrypt.asm + +ifelse(` + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_cbc_aes192_encrypt) picked up by configure + +define(`fat_transform', `_$1_aesni') +include_src(`x86_64/aesni/cbc-aes192-encrypt.asm') diff --git a/x86_64/fat/cbc-aes256-encrypt-2.asm b/x86_64/fat/cbc-aes256-encrypt-2.asm new file mode 100644 index 00000000..abd1fcf3 --- /dev/null +++ b/x86_64/fat/cbc-aes256-encrypt-2.asm @@ -0,0 +1,36 @@ +C x86_64/fat/cbc_aes256-encrypt.asm + +ifelse(` + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_cbc_aes256_encrypt) picked up by configure + +define(`fat_transform', `_$1_aesni') +include_src(`x86_64/aesni/cbc-aes256-encrypt.asm') |