2018-05-04 16:08:28 +02:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
/* Copyright(c) 2013, Intel Corp. */
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
/* Wrapper functions for Intel optimized implementation of AES-GCM */
|
2018-05-04 16:08:28 +02:00
|
|
|
|
|
|
|
|
#ifdef USE_HW_AES
|
|
|
|
|
|
|
|
|
|
#ifdef FREEBL_NO_DEPEND
|
|
|
|
|
#include "stubs.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include "blapii.h"
|
|
|
|
|
#include "blapit.h"
|
|
|
|
|
#include "gcm.h"
|
|
|
|
|
#include "ctr.h"
|
|
|
|
|
#include "secerr.h"
|
|
|
|
|
#include "prtypes.h"
|
|
|
|
|
#include "pkcs11t.h"
|
|
|
|
|
|
|
|
|
|
#include <limits.h>
|
|
|
|
|
|
|
|
|
|
#include "intel-gcm.h"
|
|
|
|
|
#include "rijndael.h"
|
|
|
|
|
|
|
|
|
|
#include <emmintrin.h>
|
|
|
|
|
#include <tmmintrin.h>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
struct intel_AES_GCMContextStr{
|
|
|
|
|
unsigned char Htbl[16*AES_BLOCK_SIZE];
|
|
|
|
|
unsigned char X0[AES_BLOCK_SIZE];
|
|
|
|
|
unsigned char T[AES_BLOCK_SIZE];
|
|
|
|
|
unsigned char CTR[AES_BLOCK_SIZE];
|
|
|
|
|
AESContext *aes_context;
|
|
|
|
|
unsigned long tagBits;
|
|
|
|
|
unsigned long Alen;
|
|
|
|
|
unsigned long Mlen;
|
|
|
|
|
};
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
intel_AES_GCMContext *intel_AES_GCM_CreateContext(void *context,
|
2018-05-04 16:08:28 +02:00
|
|
|
freeblCipherFunc cipher,
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
const unsigned char *params,
|
2018-05-04 16:08:28 +02:00
|
|
|
unsigned int blocksize)
|
|
|
|
|
{
|
|
|
|
|
intel_AES_GCMContext *gcm = NULL;
|
|
|
|
|
AESContext *aes = (AESContext*)context;
|
|
|
|
|
const CK_GCM_PARAMS *gcmParams = (const CK_GCM_PARAMS *)params;
|
|
|
|
|
unsigned char buff[AES_BLOCK_SIZE]; /* aux buffer */
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
|
|
|
|
unsigned long IV_whole_len = gcmParams->ulIvLen & (~0xful);
|
|
|
|
|
unsigned int IV_remainder_len = gcmParams->ulIvLen & 0xful;
|
|
|
|
|
unsigned long AAD_whole_len = gcmParams->ulAADLen & (~0xful);
|
|
|
|
|
unsigned int AAD_remainder_len = gcmParams->ulAADLen & 0xful;
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
__m128i BSWAP_MASK = _mm_setr_epi8(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0);
|
|
|
|
|
__m128i ONE = _mm_set_epi32(0,0,0,1);
|
|
|
|
|
unsigned int j;
|
|
|
|
|
SECStatus rv;
|
|
|
|
|
|
|
|
|
|
if (blocksize != AES_BLOCK_SIZE) {
|
|
|
|
|
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
gcm = PORT_ZNew(intel_AES_GCMContext);
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
if (gcm == NULL) {
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
/* initialize context fields */
|
|
|
|
|
gcm->aes_context = aes;
|
|
|
|
|
gcm->tagBits = gcmParams->ulTagBits;
|
|
|
|
|
gcm->Alen = 0;
|
|
|
|
|
gcm->Mlen = 0;
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
/* first prepare H and its derivatives for ghash */
|
|
|
|
|
intel_aes_gcmINIT(gcm->Htbl, (unsigned char*)aes->expandedKey, aes->Nr);
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
|
|
|
|
/* Initial TAG value is zero */
|
2018-05-04 16:08:28 +02:00
|
|
|
_mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128());
|
|
|
|
|
_mm_storeu_si128((__m128i*)gcm->X0, _mm_setzero_si128());
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
/* Init the counter */
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
if (gcmParams->ulIvLen == 12) {
|
|
|
|
|
_mm_storeu_si128((__m128i*)gcm->CTR,
|
|
|
|
|
_mm_setr_epi32(((unsigned int*)gcmParams->pIv)[0],
|
|
|
|
|
((unsigned int*)gcmParams->pIv)[1],
|
|
|
|
|
((unsigned int*)gcmParams->pIv)[2],
|
|
|
|
|
0x01000000));
|
2018-05-04 16:08:28 +02:00
|
|
|
} else {
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
/* If IV size is not 96 bits, then the initial counter value is GHASH
|
|
|
|
|
* of the IV */
|
2018-05-04 16:08:28 +02:00
|
|
|
intel_aes_gcmAAD(gcm->Htbl, gcmParams->pIv, IV_whole_len, gcm->T);
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
/* Partial block */
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
if (IV_remainder_len) {
|
2018-05-04 16:08:28 +02:00
|
|
|
PORT_Memset(buff, 0, AES_BLOCK_SIZE);
|
|
|
|
|
PORT_Memcpy(buff, gcmParams->pIv + IV_whole_len, IV_remainder_len);
|
|
|
|
|
intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T);
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
intel_aes_gcmTAG(
|
2018-05-04 16:08:28 +02:00
|
|
|
gcm->Htbl,
|
|
|
|
|
gcm->T,
|
|
|
|
|
gcmParams->ulIvLen,
|
|
|
|
|
0,
|
|
|
|
|
gcm->X0,
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
gcm->CTR);
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
/* TAG should be zero again */
|
|
|
|
|
_mm_storeu_si128((__m128i*)gcm->T, _mm_setzero_si128());
|
|
|
|
|
}
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
|
|
|
|
/* Encrypt the initial counter, will be used to encrypt the GHASH value,
|
|
|
|
|
* in the end */
|
|
|
|
|
rv = (*cipher)(context, gcm->X0, &j, AES_BLOCK_SIZE, gcm->CTR,
|
|
|
|
|
AES_BLOCK_SIZE, AES_BLOCK_SIZE);
|
2018-05-04 16:08:28 +02:00
|
|
|
if (rv != SECSuccess) {
|
|
|
|
|
goto loser;
|
|
|
|
|
}
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
/* Promote the counter by 1 */
|
|
|
|
|
_mm_storeu_si128((__m128i*)gcm->CTR, _mm_shuffle_epi8(_mm_add_epi32(ONE, _mm_shuffle_epi8(_mm_loadu_si128((__m128i*)gcm->CTR), BSWAP_MASK)), BSWAP_MASK));
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
/* Now hash AAD - it would actually make sense to seperate the context
|
|
|
|
|
* creation from the AAD, because that would allow to reuse the H, which
|
|
|
|
|
* only changes when the AES key changes, and not every package, like the
|
|
|
|
|
* IV and AAD */
|
2018-05-04 16:08:28 +02:00
|
|
|
intel_aes_gcmAAD(gcm->Htbl, gcmParams->pAAD, AAD_whole_len, gcm->T);
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
if (AAD_remainder_len) {
|
2018-05-04 16:08:28 +02:00
|
|
|
PORT_Memset(buff, 0, AES_BLOCK_SIZE);
|
|
|
|
|
PORT_Memcpy(buff, gcmParams->pAAD + AAD_whole_len, AAD_remainder_len);
|
|
|
|
|
intel_aes_gcmAAD(gcm->Htbl, buff, AES_BLOCK_SIZE, gcm->T);
|
|
|
|
|
}
|
|
|
|
|
gcm->Alen += gcmParams->ulAADLen;
|
|
|
|
|
return gcm;
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
|
|
|
|
loser:
|
2018-05-04 16:08:28 +02:00
|
|
|
if (gcm) {
|
|
|
|
|
PORT_Free(gcm);
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void intel_AES_GCM_DestroyContext(intel_AES_GCMContext *gcm, PRBool freeit)
|
|
|
|
|
{
|
|
|
|
|
if (freeit) {
|
|
|
|
|
PORT_Free(gcm);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
SECStatus intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
|
2018-05-04 16:08:28 +02:00
|
|
|
unsigned char *outbuf,
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
unsigned int *outlen, unsigned int maxout,
|
|
|
|
|
const unsigned char *inbuf, unsigned int inlen,
|
|
|
|
|
unsigned int blocksize)
|
2018-05-04 16:08:28 +02:00
|
|
|
{
|
|
|
|
|
unsigned int tagBytes;
|
|
|
|
|
unsigned char T[AES_BLOCK_SIZE];
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
unsigned int j;
|
2018-05-04 16:08:28 +02:00
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
|
2018-05-04 16:08:28 +02:00
|
|
|
if (UINT_MAX - inlen < tagBytes) {
|
|
|
|
|
PORT_SetError(SEC_ERROR_INPUT_LEN);
|
|
|
|
|
return SECFailure;
|
|
|
|
|
}
|
|
|
|
|
if (maxout < inlen + tagBytes) {
|
|
|
|
|
*outlen = inlen + tagBytes;
|
|
|
|
|
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
|
|
|
|
|
return SECFailure;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
intel_aes_gcmENC(
|
|
|
|
|
inbuf,
|
|
|
|
|
outbuf,
|
|
|
|
|
gcm,
|
|
|
|
|
inlen);
|
|
|
|
|
|
|
|
|
|
gcm->Mlen += inlen;
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
intel_aes_gcmTAG(
|
|
|
|
|
gcm->Htbl,
|
|
|
|
|
gcm->T,
|
|
|
|
|
gcm->Mlen,
|
|
|
|
|
gcm->Alen,
|
|
|
|
|
gcm->X0,
|
|
|
|
|
T);
|
|
|
|
|
|
|
|
|
|
*outlen = inlen + tagBytes;
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
for (j = 0; j < tagBytes; j++) {
|
|
|
|
|
outbuf[inlen + j] = T[j];
|
2018-05-04 16:08:28 +02:00
|
|
|
}
|
|
|
|
|
return SECSuccess;
|
|
|
|
|
}
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm,
|
2018-05-04 16:08:28 +02:00
|
|
|
unsigned char *outbuf,
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
unsigned int *outlen, unsigned int maxout,
|
|
|
|
|
const unsigned char *inbuf, unsigned int inlen,
|
|
|
|
|
unsigned int blocksize)
|
2018-05-04 16:08:28 +02:00
|
|
|
{
|
|
|
|
|
unsigned int tagBytes;
|
|
|
|
|
unsigned char T[AES_BLOCK_SIZE];
|
|
|
|
|
const unsigned char *intag;
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
/* get the authentication block */
|
|
|
|
|
if (inlen < tagBytes) {
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
PORT_SetError(SEC_ERROR_INPUT_LEN);
|
2018-05-04 16:08:28 +02:00
|
|
|
return SECFailure;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
inlen -= tagBytes;
|
|
|
|
|
intag = inbuf + inlen;
|
|
|
|
|
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
if (maxout < inlen) {
|
|
|
|
|
*outlen = inlen;
|
|
|
|
|
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
|
|
|
|
|
return SECFailure;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-04 16:08:28 +02:00
|
|
|
intel_aes_gcmDEC(
|
|
|
|
|
inbuf,
|
|
|
|
|
outbuf,
|
|
|
|
|
gcm,
|
|
|
|
|
inlen);
|
|
|
|
|
|
|
|
|
|
gcm->Mlen += inlen;
|
|
|
|
|
intel_aes_gcmTAG(
|
|
|
|
|
gcm->Htbl,
|
|
|
|
|
gcm->T,
|
|
|
|
|
gcm->Mlen,
|
|
|
|
|
gcm->Alen,
|
|
|
|
|
gcm->X0,
|
|
|
|
|
T);
|
|
|
|
|
|
|
|
|
|
if (NSS_SecureMemcmp(T, intag, tagBytes) != 0) {
|
cherry-picked mozilla NSS upstream changes (to rev f7a4c771997e, which is on par with 3.16.1 but without windows rand() changes):
9934c8faef29, 3c3b381c4865, 5a67f6beee9a, 1b1eb6d77728, a8b668fd72f7, bug962760, bug743700, bug857304, bug972653, bug972450, bug971358, bug903885, bug977073, bug976111, bug949939, bug947653, bug947572, bug903885, bug979106, bug966596, bug979004, bug979752, bug980848, bug938369, bug981170, bug668130, bug974693, bug975056, bug979132, bug370717, bug979070, bug985070, bug900067, bug977673, bug519255, bug989558, bug557299, bug987263, bug369802, a751a5146718, bug992343, bug952572, bug979703, bug994883, bug994869, bug993489, bug984608, bug977869, bug667371, bug672828, bug793347, bug977869
2018-07-10 17:07:31 +02:00
|
|
|
memset(outbuf, 0, inlen);
|
|
|
|
|
*outlen = 0;
|
2018-05-04 16:08:28 +02:00
|
|
|
/* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */
|
|
|
|
|
PORT_SetError(SEC_ERROR_BAD_DATA);
|
|
|
|
|
return SECFailure;
|
|
|
|
|
}
|
|
|
|
|
*outlen = inlen;
|
|
|
|
|
|
|
|
|
|
return SECSuccess;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
