wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

AES-XTS-streaming: refactor API to eliminate caller-supplied tweak_block. instead, caller-supplied iv is used as a readwrite buffer.

Browse Source
This commit is contained in:
Daniel Pouzzner
2024-05-13 23:36:22 -05:00
parent 9e06524c6f
commit f874d8753d
3 changed files with 93 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
linuxkm/lkcapi_glue.c
View File

@ -909,7 +909,6 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
} else { } else {
int tail = req->cryptlen % AES_BLOCK_SIZE; int tail = req->cryptlen % AES_BLOCK_SIZE;
struct skcipher_request subreq; struct skcipher_request subreq;
byte tweak_block[AES_BLOCK_SIZE];
if (tail > 0) { if (tail > 0) {
int blocks = DIV_ROUND_UP(req->cryptlen, AES_BLOCK_SIZE) - 2; int blocks = DIV_ROUND_UP(req->cryptlen, AES_BLOCK_SIZE) - 2;
@ -931,8 +930,7 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
tail = 0; tail = 0;
} }
err = wc_AesXtsEncryptStart(ctx->aesXts, walk.iv, walk.ivsize, err = wc_AesXtsEncryptStart(ctx->aesXts, walk.iv, walk.ivsize);
tweak_block);
if (unlikely(err)) { if (unlikely(err)) {
pr_err("%s: wc_AesXtsEncryptStart failed: %d\n", pr_err("%s: wc_AesXtsEncryptStart failed: %d\n",
@ -946,7 +944,7 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
err = wc_AesXtsEncryptUpdate(ctx->aesXts, walk.dst.virt.addr, err = wc_AesXtsEncryptUpdate(ctx->aesXts, walk.dst.virt.addr,
walk.src.virt.addr, nbytes, walk.src.virt.addr, nbytes,
tweak_block); walk.iv);
if (unlikely(err)) { if (unlikely(err)) {
pr_err("%s: wc_AesXtsEncryptUpdate failed: %d\n", pr_err("%s: wc_AesXtsEncryptUpdate failed: %d\n",
@ -980,7 +978,7 @@ static int km_AesXtsEncrypt(struct skcipher_request *req)
err = wc_AesXtsEncryptUpdate(ctx->aesXts, walk.dst.virt.addr, err = wc_AesXtsEncryptUpdate(ctx->aesXts, walk.dst.virt.addr,
walk.src.virt.addr, walk.nbytes, walk.src.virt.addr, walk.nbytes,
tweak_block); walk.iv);
if (unlikely(err)) { if (unlikely(err)) {
pr_err("%s: wc_AesXtsEncryptUpdate failed: %d\n", pr_err("%s: wc_AesXtsEncryptUpdate failed: %d\n",
@ -1034,7 +1032,6 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
} else { } else {
int tail = req->cryptlen % AES_BLOCK_SIZE; int tail = req->cryptlen % AES_BLOCK_SIZE;
struct skcipher_request subreq; struct skcipher_request subreq;
byte tweak_block[AES_BLOCK_SIZE];
if (unlikely(tail > 0)) { if (unlikely(tail > 0)) {
int blocks = DIV_ROUND_UP(req->cryptlen, AES_BLOCK_SIZE) - 2; int blocks = DIV_ROUND_UP(req->cryptlen, AES_BLOCK_SIZE) - 2;
@ -1056,8 +1053,7 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
tail = 0; tail = 0;
} }
err = wc_AesXtsDecryptStart(ctx->aesXts, walk.iv, walk.ivsize, err = wc_AesXtsDecryptStart(ctx->aesXts, walk.iv, walk.ivsize);
tweak_block);
if (unlikely(err)) { if (unlikely(err)) {
pr_err("%s: wc_AesXtsDecryptStart failed: %d\n", pr_err("%s: wc_AesXtsDecryptStart failed: %d\n",
@ -1071,7 +1067,7 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr, err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr,
walk.src.virt.addr, nbytes, walk.src.virt.addr, nbytes,
tweak_block); walk.iv);
if (unlikely(err)) { if (unlikely(err)) {
pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n", pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n",
@ -1105,7 +1101,7 @@ static int km_AesXtsDecrypt(struct skcipher_request *req)
err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr, err = wc_AesXtsDecryptUpdate(ctx->aesXts, walk.dst.virt.addr,
walk.src.virt.addr, walk.nbytes, walk.src.virt.addr, walk.nbytes,
tweak_block); walk.iv);
if (unlikely(err)) { if (unlikely(err)) {
pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n", pr_err("%s: wc_AesXtsDecryptUpdate failed: %d\n",

170
wolfcrypt/src/aes.c
View File

@ -12530,25 +12530,25 @@ void AES_XTS_encrypt_aesni(const unsigned char *in, unsigned char *out, word32 s
const unsigned char* key2, int nr) const unsigned char* key2, int nr)
XASM_LINK("AES_XTS_encrypt_aesni"); XASM_LINK("AES_XTS_encrypt_aesni");
#ifdef WOLFSSL_AESXTS_STREAM #ifdef WOLFSSL_AESXTS_STREAM
void AES_XTS_encrypt_start_aesni(const unsigned char* i, const unsigned char* tweak_key, void AES_XTS_encrypt_start_aesni(unsigned char* i, const unsigned char* tweak_key,
unsigned char *tweak_block, int tweak_nr) int tweak_nr)
XASM_LINK("AES_XTS_encrypt_start_aesni"); XASM_LINK("AES_XTS_encrypt_start_aesni");
void AES_XTS_encrypt_update_aesni(const unsigned char *in, unsigned char *out, word32 sz, void AES_XTS_encrypt_update_aesni(const unsigned char *in, unsigned char *out, word32 sz,
const unsigned char* key, unsigned char *tweak_block, int nr) const unsigned char* key, unsigned char *i, int nr)
XASM_LINK("AES_XTS_encrypt_update_aesni"); XASM_LINK("AES_XTS_encrypt_update_aesni");
#endif #endif
#ifdef HAVE_INTEL_AVX1 #ifdef HAVE_INTEL_AVX1
void AES_XTS_encrypt_avx1(const unsigned char *in, unsigned char *out, void AES_XTS_encrypt_avx1(const unsigned char *in, unsigned char *out,
word32 sz, const unsigned char* i, word32 sz, const unsigned char* i,
const unsigned char* key, const unsigned char* key2, const unsigned char* key, const unsigned char* key2,
int nr) int nr)
XASM_LINK("AES_XTS_encrypt_avx1"); XASM_LINK("AES_XTS_encrypt_avx1");
#ifdef WOLFSSL_AESXTS_STREAM #ifdef WOLFSSL_AESXTS_STREAM
void AES_XTS_encrypt_start_avx1(const unsigned char* i, const unsigned char* tweak_key, void AES_XTS_encrypt_start_avx1(unsigned char* i, const unsigned char* tweak_key,
unsigned char *tweak_block, int tweak_nr) int tweak_nr)
XASM_LINK("AES_XTS_encrypt_start_avx1"); XASM_LINK("AES_XTS_encrypt_start_avx1");
void AES_XTS_encrypt_update_avx1(const unsigned char *in, unsigned char *out, word32 sz, void AES_XTS_encrypt_update_avx1(const unsigned char *in, unsigned char *out, word32 sz,
const unsigned char* key, unsigned char *tweak_block, int nr) const unsigned char* key, unsigned char *i, int nr)
XASM_LINK("AES_XTS_encrypt_update_avx1"); XASM_LINK("AES_XTS_encrypt_update_avx1");
#endif #endif
#endif /* HAVE_INTEL_AVX1 */ #endif /* HAVE_INTEL_AVX1 */
@ -12559,25 +12559,25 @@ void AES_XTS_decrypt_aesni(const unsigned char *in, unsigned char *out, word32 s
const unsigned char* key2, int nr) const unsigned char* key2, int nr)
XASM_LINK("AES_XTS_decrypt_aesni"); XASM_LINK("AES_XTS_decrypt_aesni");
#ifdef WOLFSSL_AESXTS_STREAM #ifdef WOLFSSL_AESXTS_STREAM
void AES_XTS_decrypt_start_aesni(const unsigned char* i, const unsigned char* tweak_key, void AES_XTS_decrypt_start_aesni(unsigned char* i, const unsigned char* tweak_key,
unsigned char *tweak_block, int tweak_nr) int tweak_nr)
XASM_LINK("AES_XTS_decrypt_start_aesni"); XASM_LINK("AES_XTS_decrypt_start_aesni");
void AES_XTS_decrypt_update_aesni(const unsigned char *in, unsigned char *out, word32 sz, void AES_XTS_decrypt_update_aesni(const unsigned char *in, unsigned char *out, word32 sz,
const unsigned char* key, unsigned char *tweak_block, int nr) const unsigned char* key, unsigned char *i, int nr)
XASM_LINK("AES_XTS_decrypt_update_aesni"); XASM_LINK("AES_XTS_decrypt_update_aesni");
#endif #endif
#ifdef HAVE_INTEL_AVX1 #ifdef HAVE_INTEL_AVX1
void AES_XTS_decrypt_avx1(const unsigned char *in, unsigned char *out, void AES_XTS_decrypt_avx1(const unsigned char *in, unsigned char *out,
word32 sz, const unsigned char* i, word32 sz, const unsigned char* i,
const unsigned char* key, const unsigned char* key2, const unsigned char* key, const unsigned char* key2,
int nr) int nr)
XASM_LINK("AES_XTS_decrypt_avx1"); XASM_LINK("AES_XTS_decrypt_avx1");
#ifdef WOLFSSL_AESXTS_STREAM #ifdef WOLFSSL_AESXTS_STREAM
void AES_XTS_decrypt_start_avx1(const unsigned char* i, const unsigned char* tweak_key, void AES_XTS_decrypt_start_avx1(unsigned char* i, const unsigned char* tweak_key,
unsigned char *tweak_block, int tweak_nr) int tweak_nr)
XASM_LINK("AES_XTS_decrypt_start_avx1"); XASM_LINK("AES_XTS_decrypt_start_avx1");
void AES_XTS_decrypt_update_avx1(const unsigned char *in, unsigned char *out, word32 sz, void AES_XTS_decrypt_update_avx1(const unsigned char *in, unsigned char *out, word32 sz,
const unsigned char* key, unsigned char *tweak_block, int nr) const unsigned char* key, unsigned char *i, int nr)
XASM_LINK("AES_XTS_decrypt_update_avx1"); XASM_LINK("AES_XTS_decrypt_update_avx1");
#endif #endif
#endif /* HAVE_INTEL_AVX1 */ #endif /* HAVE_INTEL_AVX1 */
@ -12725,18 +12725,21 @@ static int AesXtsEncrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
#ifdef WOLFSSL_AESXTS_STREAM #ifdef WOLFSSL_AESXTS_STREAM
/* streaming AES-XTS. (XTS) XEX encryption with Tweak and cipher text Stealing. /* Block-streaming AES-XTS tweak setup.
* *
* xaes AES keys to use for block encrypt/decrypt * xaes AES keys to use for block encrypt/decrypt
* i value to use for tweak * i readwrite value to use for tweak
* *
* returns 0 on success * returns 0 on success
*/ */
static int AesXtsEncryptStart_sw(XtsAes* xaes, const byte* i, byte *tweak_block) { static int AesXtsEncryptStart_sw(XtsAes* xaes, byte* i) {
return wc_AesEncryptDirect(&xaes->tweak, tweak_block, i); return wc_AesEncryptDirect(&xaes->tweak, i, i);
} }
/* streaming AES-XTS. (XTS) XEX encryption with Tweak and cipher text Stealing. /* Block-streaming AES-XTS.
*
* Supply block-aligned input data with successive calls. Final call need not
* be block aligned.
* *
* xaes AES keys to use for block encrypt/decrypt * xaes AES keys to use for block encrypt/decrypt
* out output buffer to hold cipher text * out output buffer to hold cipher text
@ -12746,22 +12749,22 @@ static int AesXtsEncryptStart_sw(XtsAes* xaes, const byte* i, byte *tweak_block)
* returns 0 on success * returns 0 on success
*/ */
/* Software AES - XTS Encrypt */ /* Software AES - XTS Encrypt */
static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
byte *tweak_block) word32 sz,
byte *i)
{ {
int ret = 0; int ret = 0;
word32 blocks = (sz / AES_BLOCK_SIZE); word32 blocks = (sz / AES_BLOCK_SIZE);
Aes *aes = &xaes->aes; Aes *aes = &xaes->aes;
#if 0 #if 0 && defined(HAVE_AES_ECB)
#ifdef HAVE_AES_ECB
/* encrypt all of buffer at once when possible */ /* encrypt all of buffer at once when possible */
if (in != out) { /* can not handle inline */ if ((in != out) && ((sz & (AES_BLOCK_SIZE - 1)) == 0)) { /* can not handle inline */
XMEMCPY(out, tweak_block, AES_BLOCK_SIZE); XMEMCPY(out, i, AES_BLOCK_SIZE);
if ((ret = _AesXtsHelper(aes, out, in, sz, AES_ENCRYPTION)) != 0) if ((ret = _AesXtsHelper(aes, out, in, sz, AES_ENCRYPTION)) != 0)
return ret; return ret;
XMEMCPY(i, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
} }
#endif
#endif #endif
while (blocks > 0) { while (blocks > 0) {
@ -12769,29 +12772,29 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, word3
byte carry = 0; byte carry = 0;
#if 0 && defined(HAVE_AES_ECB) #if 0 && defined(HAVE_AES_ECB)
if (in == out) if ((in == out) || ((sz & (AES_BLOCK_SIZE - 1)) != 0))
#endif #endif
{ /* check for if inline */ { /* check for if inline */
byte buf[AES_BLOCK_SIZE]; byte buf[AES_BLOCK_SIZE];
XMEMCPY(buf, in, AES_BLOCK_SIZE); XMEMCPY(buf, in, AES_BLOCK_SIZE);
xorbuf(buf, tweak_block, AES_BLOCK_SIZE); xorbuf(buf, i, AES_BLOCK_SIZE);
ret = wc_AesEncryptDirect(aes, out, buf); ret = wc_AesEncryptDirect(aes, out, buf);
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
xorbuf(out, tweak_block, AES_BLOCK_SIZE); xorbuf(out, i, AES_BLOCK_SIZE);
/* multiply by shift left and propagate carry */ /* multiply by shift left and propagate carry */
for (j = 0; j < AES_BLOCK_SIZE; j++) { for (j = 0; j < AES_BLOCK_SIZE; j++) {
byte tmpC; byte tmpC;
tmpC = (tweak_block[j] >> 7) & 0x01; tmpC = (i[j] >> 7) & 0x01;
tweak_block[j] = (byte)((tweak_block[j] << 1) + carry); i[j] = (byte)((i[j] << 1) + carry);
carry = tmpC; carry = tmpC;
} }
if (carry) { if (carry) {
tweak_block[0] ^= GF_XTS; i[0] ^= GF_XTS;
} }
in += AES_BLOCK_SIZE; in += AES_BLOCK_SIZE;
@ -12820,10 +12823,10 @@ static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, word3
XMEMCPY(out, buf2, sz); XMEMCPY(out, buf2, sz);
} }
xorbuf(buf, tweak_block, AES_BLOCK_SIZE); xorbuf(buf, i, AES_BLOCK_SIZE);
ret = wc_AesEncryptDirect(aes, out - AES_BLOCK_SIZE, buf); ret = wc_AesEncryptDirect(aes, out - AES_BLOCK_SIZE, buf);
if (ret == 0) if (ret == 0)
xorbuf(out - AES_BLOCK_SIZE, tweak_block, AES_BLOCK_SIZE); xorbuf(out - AES_BLOCK_SIZE, i, AES_BLOCK_SIZE);
} }
return ret; return ret;
@ -12913,14 +12916,13 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
#ifdef WOLFSSL_AESXTS_STREAM #ifdef WOLFSSL_AESXTS_STREAM
int wc_AesXtsEncryptStart(XtsAes* xaes, const byte* i, word32 iSz, int wc_AesXtsEncryptStart(XtsAes* xaes, byte* i, word32 iSz)
byte *tweak_block)
{ {
int ret; int ret;
Aes *aes; Aes *aes;
if ((xaes == NULL) || (tweak_block == NULL)) { if ((xaes == NULL) || (i == NULL)) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@ -12947,7 +12949,6 @@ int wc_AesXtsEncryptStart(XtsAes* xaes, const byte* i, word32 iSz,
if (IS_INTEL_AVX1(intel_flags)) { if (IS_INTEL_AVX1(intel_flags)) {
AES_XTS_encrypt_start_avx1(i, AES_XTS_encrypt_start_avx1(i,
(const byte*)xaes->tweak.key, (const byte*)xaes->tweak.key,
tweak_block,
(int)xaes->tweak.rounds); (int)xaes->tweak.rounds);
ret = 0; ret = 0;
} }
@ -12956,7 +12957,6 @@ int wc_AesXtsEncryptStart(XtsAes* xaes, const byte* i, word32 iSz,
{ {
AES_XTS_encrypt_start_aesni(i, AES_XTS_encrypt_start_aesni(i,
(const byte*)xaes->tweak.key, (const byte*)xaes->tweak.key,
tweak_block,
(int)xaes->tweak.rounds); (int)xaes->tweak.rounds);
ret = 0; ret = 0;
} }
@ -12965,7 +12965,7 @@ int wc_AesXtsEncryptStart(XtsAes* xaes, const byte* i, word32 iSz,
else else
#endif /* 0 && defined(WOLFSSL_AESNI) */ #endif /* 0 && defined(WOLFSSL_AESNI) */
{ {
ret = AesXtsEncryptStart_sw(xaes, i, tweak_block); ret = AesXtsEncryptStart_sw(xaes, i);
} }
} }
@ -12985,7 +12985,7 @@ int wc_AesXtsEncryptStart(XtsAes* xaes, const byte* i, word32 iSz,
* returns 0 on success * returns 0 on success
*/ */
int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
byte *tweak_block) byte *i)
{ {
int ret; int ret;
@ -12993,7 +12993,7 @@ int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
Aes *aes; Aes *aes;
#endif #endif
if (xaes == NULL || out == NULL || in == NULL || tweak_block == NULL) { if (xaes == NULL || out == NULL || in == NULL || i == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@ -13014,7 +13014,7 @@ int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
if (IS_INTEL_AVX1(intel_flags)) { if (IS_INTEL_AVX1(intel_flags)) {
AES_XTS_encrypt_update_avx1(in, out, sz, AES_XTS_encrypt_update_avx1(in, out, sz,
(const byte*)aes->key, (const byte*)aes->key,
tweak_block, i,
(int)aes->rounds); (int)aes->rounds);
ret = 0; ret = 0;
} }
@ -13023,7 +13023,7 @@ int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
{ {
AES_XTS_encrypt_update_aesni(in, out, sz, AES_XTS_encrypt_update_aesni(in, out, sz,
(const byte*)aes->key, (const byte*)aes->key,
tweak_block, i,
(int)aes->rounds); (int)aes->rounds);
ret = 0; ret = 0;
} }
@ -13032,7 +13032,7 @@ int wc_AesXtsEncryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
else else
#endif /* 0 && defined(WOLFSSL_AESNI) */ #endif /* 0 && defined(WOLFSSL_AESNI) */
{ {
ret = AesXtsEncryptUpdate_sw(xaes, out, in, sz, tweak_block); ret = AesXtsEncryptUpdate_sw(xaes, out, in, sz, i);
} }
} }
@ -13171,13 +13171,17 @@ static int AesXtsDecrypt_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz,
#ifdef WOLFSSL_AESXTS_STREAM #ifdef WOLFSSL_AESXTS_STREAM
static int AesXtsDecryptStart_sw(XtsAes* xaes, const byte* i, static int AesXtsDecryptStart_sw(XtsAes* xaes, byte* i)
byte *tweak_block)
{ {
return wc_AesEncryptDirect(&xaes->tweak, tweak_block, i); return wc_AesEncryptDirect(&xaes->tweak, i, i);
} }
/* Same process as encryption but use aes_decrypt key. /* Block-streaming AES-XTS.
*
* Same process as encryption but use decrypt key.
*
* Supply block-aligned input data with successive calls. Final call need not
* be block aligned.
* *
* xaes AES keys to use for block encrypt/decrypt * xaes AES keys to use for block encrypt/decrypt
* out output buffer to hold plain text * out output buffer to hold plain text
@ -13189,7 +13193,7 @@ static int AesXtsDecryptStart_sw(XtsAes* xaes, const byte* i,
*/ */
/* Software AES - XTS Decrypt */ /* Software AES - XTS Decrypt */
static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
word32 sz, byte *tweak_block) word32 sz, byte *i)
{ {
int ret = 0; int ret = 0;
word32 blocks = (sz / AES_BLOCK_SIZE); word32 blocks = (sz / AES_BLOCK_SIZE);
@ -13208,42 +13212,41 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
blocks--; blocks--;
} }
#if 0 #if 0 && defined(HAVE_AES_ECB)
#ifdef HAVE_AES_ECB
/* decrypt all of buffer at once when possible */ /* decrypt all of buffer at once when possible */
if (in != out) { /* can not handle inline */ if ((in != out) && ((sz & (AES_BLOCK_SIZE - 1)) == 0)) { /* can not handle inline */
XMEMCPY(out, tweak_block, AES_BLOCK_SIZE); XMEMCPY(out, i, AES_BLOCK_SIZE);
if ((ret = _AesXtsHelper(aes, out, in, sz, AES_DECRYPTION)) != 0) if ((ret = _AesXtsHelper(aes, out, in, sz, AES_DECRYPTION)) != 0)
return ret; return ret;
XMEMCPY(i, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
} }
#endif #endif
#endif /* 0 */
while (blocks > 0) { while (blocks > 0) {
#if 0 && defined(HAVE_AES_ECB) #if 0 && defined(HAVE_AES_ECB)
if (in == out) if ((in == out) || ((sz & (AES_BLOCK_SIZE - 1)) != 0))
#endif #endif
{ /* check for if inline */ { /* check for if inline */
byte buf[AES_BLOCK_SIZE]; byte buf[AES_BLOCK_SIZE];
XMEMCPY(buf, in, AES_BLOCK_SIZE); XMEMCPY(buf, in, AES_BLOCK_SIZE);
xorbuf(buf, tweak_block, AES_BLOCK_SIZE); xorbuf(buf, i, AES_BLOCK_SIZE);
ret = wc_AesDecryptDirect(aes, out, buf); ret = wc_AesDecryptDirect(aes, out, buf);
if (ret != 0) if (ret != 0)
return ret; return ret;
} }
xorbuf(out, tweak_block, AES_BLOCK_SIZE); xorbuf(out, i, AES_BLOCK_SIZE);
/* multiply by shift left and propagate carry */ /* multiply by shift left and propagate carry */
for (j = 0; j < AES_BLOCK_SIZE; j++) { for (j = 0; j < AES_BLOCK_SIZE; j++) {
byte tmpC; byte tmpC;
tmpC = (tweak_block[j] >> 7) & 0x01; tmpC = (i[j] >> 7) & 0x01;
tweak_block[j] = (byte)((tweak_block[j] << 1) + carry); i[j] = (byte)((i[j] << 1) + carry);
carry = tmpC; carry = tmpC;
} }
if (carry) { if (carry) {
tweak_block[0] ^= GF_XTS; i[0] ^= GF_XTS;
} }
carry = 0; carry = 0;
@ -13262,8 +13265,8 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
for (j = 0; j < AES_BLOCK_SIZE; j++) { for (j = 0; j < AES_BLOCK_SIZE; j++) {
byte tmpC; byte tmpC;
tmpC = (tweak_block[j] >> 7) & 0x01; tmpC = (i[j] >> 7) & 0x01;
tmp2[j] = (byte)((tweak_block[j] << 1) + carry); tmp2[j] = (byte)((i[j] << 1) + carry);
carry = tmpC; carry = tmpC;
} }
if (carry) { if (carry) {
@ -13291,11 +13294,11 @@ static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in,
XMEMCPY(buf, in, sz); XMEMCPY(buf, in, sz);
XMEMCPY(out, tmp2, sz); XMEMCPY(out, tmp2, sz);
xorbuf(buf, tweak_block, AES_BLOCK_SIZE); xorbuf(buf, i, AES_BLOCK_SIZE);
ret = wc_AesDecryptDirect(aes, tmp2, buf); ret = wc_AesDecryptDirect(aes, tmp2, buf);
if (ret != 0) if (ret != 0)
return ret; return ret;
xorbuf(tmp2, tweak_block, AES_BLOCK_SIZE); xorbuf(tmp2, i, AES_BLOCK_SIZE);
XMEMCPY(out - AES_BLOCK_SIZE, tmp2, AES_BLOCK_SIZE); XMEMCPY(out - AES_BLOCK_SIZE, tmp2, AES_BLOCK_SIZE);
} }
@ -13392,17 +13395,14 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz,
/* Same process as encryption but Aes key is AES_DECRYPTION type. /* Same process as encryption but Aes key is AES_DECRYPTION type.
* *
* xaes AES keys to use for block encrypt/decrypt * xaes AES keys to use for block encrypt/decrypt
* out output buffer to hold plain text * i readwrite value to use for tweak
* in input cipher text buffer to decrypt
* sz size of both out and in buffers
* i value to use for tweak
* iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input * iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input
* adds a sanity check on how the user calls the function. * adds a sanity check on how the user calls the function.
* tweak_block buffer of size AES_BLOCK_SIZE to use for tweak state
* *
* returns 0 on success * returns 0 on success
*/ */
int wc_AesXtsDecryptStart(XtsAes* xaes, const byte* i, word32 iSz, int wc_AesXtsDecryptStart(XtsAes* xaes, byte* i, word32 iSz)
byte *tweak_block)
{ {
int ret; int ret;
Aes *aes; Aes *aes;
@ -13434,7 +13434,6 @@ int wc_AesXtsDecryptStart(XtsAes* xaes, const byte* i, word32 iSz,
if (IS_INTEL_AVX1(intel_flags)) { if (IS_INTEL_AVX1(intel_flags)) {
AES_XTS_decrypt_start_avx1(i, AES_XTS_decrypt_start_avx1(i,
(const byte*)xaes->tweak.key, (const byte*)xaes->tweak.key,
tweak_block,
(int)xaes->tweak.rounds); (int)xaes->tweak.rounds);
ret = 0; ret = 0;
} }
@ -13443,7 +13442,6 @@ int wc_AesXtsDecryptStart(XtsAes* xaes, const byte* i, word32 iSz,
{ {
AES_XTS_decrypt_start_aesni(i, AES_XTS_decrypt_start_aesni(i,
(const byte*)xaes->tweak.key, (const byte*)xaes->tweak.key,
tweak_block,
(int)xaes->tweak.rounds); (int)xaes->tweak.rounds);
ret = 0; ret = 0;
} }
@ -13452,7 +13450,7 @@ int wc_AesXtsDecryptStart(XtsAes* xaes, const byte* i, word32 iSz,
else else
#endif /* 0 && defined(WOLFSSL_AESNI) */ #endif /* 0 && defined(WOLFSSL_AESNI) */
{ {
ret = AesXtsDecryptStart_sw(xaes, i, tweak_block); ret = AesXtsDecryptStart_sw(xaes, i);
} }
} }
@ -13466,14 +13464,12 @@ int wc_AesXtsDecryptStart(XtsAes* xaes, const byte* i, word32 iSz,
* out output buffer to hold plain text * out output buffer to hold plain text
* in input cipher text buffer to decrypt * in input cipher text buffer to decrypt
* sz size of both out and in buffers * sz size of both out and in buffers
* i value to use for tweak * i tweak buffer of size AES_BLOCK_SIZE.
* iSz size of i buffer, should always be AES_BLOCK_SIZE but having this input
* adds a sanity check on how the user calls the function.
* *
* returns 0 on success * returns 0 on success
*/ */
int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz, int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
byte *tweak_block) byte *i)
{ {
int ret; int ret;
#if 0 && defined(WOLFSSL_AESNI) #if 0 && defined(WOLFSSL_AESNI)
@ -13505,7 +13501,7 @@ int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
if (IS_INTEL_AVX1(intel_flags)) { if (IS_INTEL_AVX1(intel_flags)) {
AES_XTS_decrypt_update_avx1(in, out, sz, AES_XTS_decrypt_update_avx1(in, out, sz,
(const byte*)aes->key, (const byte*)aes->key,
tweak_block, i,
(int)aes->rounds); (int)aes->rounds);
ret = 0; ret = 0;
} }
@ -13514,7 +13510,7 @@ int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
{ {
AES_XTS_decrypt_update_aesni(in, out, sz, AES_XTS_decrypt_update_aesni(in, out, sz,
(const byte*)aes->key, (const byte*)aes->key,
tweak_block, i,
(int)aes->rounds); (int)aes->rounds);
ret = 0; ret = 0;
} }
@ -13523,7 +13519,7 @@ int wc_AesXtsDecryptUpdate(XtsAes* xaes, byte* out, const byte* in, word32 sz,
else else
#endif /* 0 && defined(WOLFSSL_AESNI) */ #endif /* 0 && defined(WOLFSSL_AESNI) */
{ {
ret = AesXtsDecryptUpdate_sw(xaes, out, in, sz, tweak_block); ret = AesXtsDecryptUpdate_sw(xaes, out, in, sz, i);
} }
} }

10
wolfssl/wolfcrypt/aes.h
View File

@ -671,17 +671,15 @@ WOLFSSL_API int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes,
#ifdef WOLFSSL_AESXTS_STREAM #ifdef WOLFSSL_AESXTS_STREAM
WOLFSSL_API int wc_AesXtsEncryptStart(XtsAes* aes, const byte* i, word32 iSz, WOLFSSL_API int wc_AesXtsEncryptStart(XtsAes* aes, byte* i, word32 iSz);
byte *tweak_block);
WOLFSSL_API int wc_AesXtsDecryptStart(XtsAes* aes, const byte* i, word32 iSz, WOLFSSL_API int wc_AesXtsDecryptStart(XtsAes* aes, byte* i, word32 iSz);
byte *tweak_block);
WOLFSSL_API int wc_AesXtsEncryptUpdate(XtsAes* aes, byte* out, WOLFSSL_API int wc_AesXtsEncryptUpdate(XtsAes* aes, byte* out,
const byte* in, word32 sz, byte *tweak_block); const byte* in, word32 sz, byte *i);
WOLFSSL_API int wc_AesXtsDecryptUpdate(XtsAes* aes, byte* out, WOLFSSL_API int wc_AesXtsDecryptUpdate(XtsAes* aes, byte* out,
const byte* in, word32 sz, byte *tweak_block); const byte* in, word32 sz, byte *i);
#endif /* WOLFSSL_AESXTS_STREAM */ #endif /* WOLFSSL_AESXTS_STREAM */