Google Git
Sign in
nest-open-source / nest-cam / 4320010 / weave / refs/heads/master / . / weave / src / lib / support / crypto / AESBlockCipher-AESNI.cpp
blob: af2d6e661fd5cbc4de735a80f7742e071487d1ea [file] [log] [blame]
/*
*
* Copyright (c) 2017 Nest Labs, Inc.
* All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file
* This file implements AES block cipher functions for the Weave layer
* using Intel AES-NI intrinsics.
*
*/
#include <string.h>
#include "WeaveCrypto.h"
#include "AESBlockCipher.h"
#if WEAVE_CONFIG_AES_IMPLEMENTATION_AESNI
namespace nl {
namespace Weave {
namespace Platform {
namespace Security {
#define SWAP(A, B, TMP) do { TMP = A; A = B; B = TMP; } while (0)
#define SWAP_WITH_OP(A, B, OP, TMP) do { TMP = A; A = OP(B); B = OP(TMP); } while (0)
using namespace nl::Weave::Crypto;
AES128BlockCipher::AES128BlockCipher()
{
memset(&mKey, 0, sizeof(mKey));
}
AES128BlockCipher::~AES128BlockCipher()
{
Reset();
}
void AES128BlockCipher::Reset()
{
ClearSecretData((uint8_t *)&mKey, sizeof(mKey));
}
#define ExpandRoundKey128(KEYS, N, RCON, TMP) \
do { \
TMP = _mm_aeskeygenassist_si128(KEYS[N-1], RCON); \
TMP = _mm_shuffle_epi32(TMP, 0xff); \
KEYS[N] = _mm_xor_si128(KEYS[N-1], _mm_slli_si128(KEYS[N-1], 4)); \
KEYS[N] = _mm_xor_si128(KEYS[N], _mm_slli_si128(KEYS[N], 4)); \
KEYS[N] = _mm_xor_si128(KEYS[N], _mm_slli_si128(KEYS[N], 4)); \
KEYS[N] = _mm_xor_si128(KEYS[N], TMP); \
} while (0)
static void ExpandKey128(const uint8_t *key, __m128i *expandedKey)
{
__m128i tmp;
expandedKey[0] = _mm_loadu_si128((__m128i *)key);
ExpandRoundKey128(expandedKey, 1, 0x01, tmp);
ExpandRoundKey128(expandedKey, 2, 0x02, tmp);
ExpandRoundKey128(expandedKey, 3, 0x04, tmp);
ExpandRoundKey128(expandedKey, 4, 0x08, tmp);
ExpandRoundKey128(expandedKey, 5, 0x10, tmp);
ExpandRoundKey128(expandedKey, 6, 0x20, tmp);
ExpandRoundKey128(expandedKey, 7, 0x40, tmp);
ExpandRoundKey128(expandedKey, 8, 0x80, tmp);
ExpandRoundKey128(expandedKey, 9, 0x1b, tmp);
ExpandRoundKey128(expandedKey, 10, 0x36, tmp);
ClearSecretData((uint8_t *)&tmp, sizeof(tmp));
}
void AES128BlockCipherEnc::SetKey(const uint8_t *key)
{
ExpandKey128(key, mKey);
}
void AES128BlockCipherEnc::EncryptBlock(const uint8_t *inBlock, uint8_t *outBlock)
{
__m128i block;
block = _mm_loadu_si128((const __m128i *)inBlock);
block = _mm_xor_si128(block, mKey[0]);
block = _mm_aesenc_si128(block, mKey[1]);
block = _mm_aesenc_si128(block, mKey[2]);
block = _mm_aesenc_si128(block, mKey[3]);
block = _mm_aesenc_si128(block, mKey[4]);
block = _mm_aesenc_si128(block, mKey[5]);
block = _mm_aesenc_si128(block, mKey[6]);
block = _mm_aesenc_si128(block, mKey[7]);
block = _mm_aesenc_si128(block, mKey[8]);
block = _mm_aesenc_si128(block, mKey[9]);
block = _mm_aesenclast_si128(block, mKey[10]);
_mm_storeu_si128((__m128i*)outBlock, block);
ClearSecretData((uint8_t *)&block, sizeof(block));
}
void AES128BlockCipherDec::SetKey(const uint8_t *key)
{
__m128i tmp;
ExpandKey128(key, mKey);
SWAP(mKey[10], mKey[0], tmp);
SWAP_WITH_OP(mKey[9], mKey[1], _mm_aesimc_si128, tmp);
SWAP_WITH_OP(mKey[8], mKey[2], _mm_aesimc_si128, tmp);
SWAP_WITH_OP(mKey[7], mKey[3], _mm_aesimc_si128, tmp);
SWAP_WITH_OP(mKey[6], mKey[4], _mm_aesimc_si128, tmp);
mKey[5] = _mm_aesimc_si128(mKey[5]);
ClearSecretData((uint8_t *)&tmp, sizeof(tmp));
}
void AES128BlockCipherDec::DecryptBlock(const uint8_t *inBlock, uint8_t *outBlock)
{
__m128i block;
block = _mm_loadu_si128((const __m128i *)inBlock);
block = _mm_xor_si128(block, mKey[0]);
block = _mm_aesdec_si128(block, mKey[1]);
block = _mm_aesdec_si128(block, mKey[2]);
block = _mm_aesdec_si128(block, mKey[3]);
block = _mm_aesdec_si128(block, mKey[4]);
block = _mm_aesdec_si128(block, mKey[5]);
block = _mm_aesdec_si128(block, mKey[6]);
block = _mm_aesdec_si128(block, mKey[7]);
block = _mm_aesdec_si128(block, mKey[8]);
block = _mm_aesdec_si128(block, mKey[9]);
block = _mm_aesdeclast_si128(block, mKey[10]);
_mm_storeu_si128((__m128i*)outBlock, block);
ClearSecretData((uint8_t *)&block, sizeof(block));
}
AES256BlockCipher::AES256BlockCipher()
{
memset(&mKey, 0, sizeof(mKey));
}
AES256BlockCipher::~AES256BlockCipher()
{
Reset();
}
void AES256BlockCipher::Reset()
{
ClearSecretData((uint8_t *)&mKey, sizeof(mKey));
}
#define ExpandEvenRoundKey256(KEYS, N, RCON, TMP) \
do { \
TMP = _mm_slli_si128(KEYS[N-2], 0x4); \
KEYS[N] = _mm_xor_si128(KEYS[N-2], TMP); \
TMP = _mm_slli_si128(TMP, 0x4); \
KEYS[N] = _mm_xor_si128(KEYS[N], TMP); \
TMP = _mm_slli_si128(TMP, 0x4); \
KEYS[N] = _mm_xor_si128(KEYS[N], TMP); \
TMP = _mm_aeskeygenassist_si128(KEYS[N-1], RCON); \
TMP = _mm_shuffle_epi32(TMP, 0xff); \
KEYS[N] = _mm_xor_si128(KEYS[N], TMP); \
} while (0)
\
#define ExpandOddRoundKey256(KEYS, N, TMP) \
do { \
TMP = _mm_slli_si128(KEYS[N-2], 0x4); \
KEYS[N] = _mm_xor_si128(KEYS[N-2], TMP); \
TMP = _mm_slli_si128(TMP, 0x4); \
KEYS[N] = _mm_xor_si128(KEYS[N], TMP); \
TMP = _mm_slli_si128(TMP, 0x4); \
KEYS[N] = _mm_xor_si128(KEYS[N], TMP); \
TMP = _mm_aeskeygenassist_si128(KEYS[N-1], 0x0); \
TMP = _mm_shuffle_epi32(TMP, 0xaa); \
KEYS[N] = _mm_xor_si128 (KEYS[N], TMP); \
} while (0)
static void ExpandKey256(const uint8_t *key, __m128i *expandedKey)
{
__m128i tmp;
expandedKey[0] = _mm_loadu_si128((const __m128i *)key);
expandedKey[1] = _mm_loadu_si128((const __m128i *)(key + 16));
ExpandEvenRoundKey256(expandedKey, 2, 0x01, tmp);
ExpandOddRoundKey256(expandedKey, 3, tmp);
ExpandEvenRoundKey256(expandedKey, 4, 0x02, tmp);
ExpandOddRoundKey256(expandedKey, 5, tmp);
ExpandEvenRoundKey256(expandedKey, 6, 0x04, tmp);
ExpandOddRoundKey256(expandedKey, 7, tmp);
ExpandEvenRoundKey256(expandedKey, 8, 0x08, tmp);
ExpandOddRoundKey256(expandedKey, 9, tmp);
ExpandEvenRoundKey256(expandedKey, 10, 0x10, tmp);
ExpandOddRoundKey256(expandedKey, 11, tmp);
ExpandEvenRoundKey256(expandedKey, 12, 0x20, tmp);
ExpandOddRoundKey256(expandedKey, 13, tmp);
ExpandEvenRoundKey256(expandedKey, 14, 0x40, tmp);
ClearSecretData((uint8_t *)&tmp, sizeof(tmp));
}
void AES256BlockCipherEnc::SetKey(const uint8_t *key)
{
ExpandKey256(key, mKey);
}
void AES256BlockCipherEnc::EncryptBlock(const uint8_t *inBlock, uint8_t *outBlock)
{
__m128i block;
block = _mm_loadu_si128((const __m128i *)inBlock);
block = _mm_xor_si128(block, mKey[0]);
block = _mm_aesenc_si128(block, mKey[1]);
block = _mm_aesenc_si128(block, mKey[2]);
block = _mm_aesenc_si128(block, mKey[3]);
block = _mm_aesenc_si128(block, mKey[4]);
block = _mm_aesenc_si128(block, mKey[5]);
block = _mm_aesenc_si128(block, mKey[6]);
block = _mm_aesenc_si128(block, mKey[7]);
block = _mm_aesenc_si128(block, mKey[8]);
block = _mm_aesenc_si128(block, mKey[9]);
block = _mm_aesenc_si128(block, mKey[10]);
block = _mm_aesenc_si128(block, mKey[11]);
block = _mm_aesenc_si128(block, mKey[12]);
block = _mm_aesenc_si128(block, mKey[13]);
block = _mm_aesenclast_si128(block, mKey[14]);
_mm_storeu_si128((__m128i*)outBlock, block);
ClearSecretData((uint8_t *)&block, sizeof(block));
}
void AES256BlockCipherDec::SetKey(const uint8_t *key)
{
__m128i tmp;
ExpandKey256(key, mKey);
SWAP(mKey[14], mKey[0], tmp);
SWAP_WITH_OP(mKey[13], mKey[1], _mm_aesimc_si128, tmp);
SWAP_WITH_OP(mKey[12], mKey[2], _mm_aesimc_si128, tmp);
SWAP_WITH_OP(mKey[11], mKey[3], _mm_aesimc_si128, tmp);
SWAP_WITH_OP(mKey[10], mKey[4], _mm_aesimc_si128, tmp);
SWAP_WITH_OP(mKey[9], mKey[5], _mm_aesimc_si128, tmp);
SWAP_WITH_OP(mKey[8], mKey[6], _mm_aesimc_si128, tmp);
mKey[7] = _mm_aesimc_si128(mKey[7]);
ClearSecretData((uint8_t *)&tmp, sizeof(tmp));
}
void AES256BlockCipherDec::DecryptBlock(const uint8_t *inBlock, uint8_t *outBlock)
{
__m128i block;
block = _mm_loadu_si128((const __m128i *)inBlock);
block = _mm_xor_si128(block, mKey[0]);
block = _mm_aesdec_si128(block, mKey[1]);
block = _mm_aesdec_si128(block, mKey[2]);
block = _mm_aesdec_si128(block, mKey[3]);
block = _mm_aesdec_si128(block, mKey[4]);
block = _mm_aesdec_si128(block, mKey[5]);
block = _mm_aesdec_si128(block, mKey[6]);
block = _mm_aesdec_si128(block, mKey[7]);
block = _mm_aesdec_si128(block, mKey[8]);
block = _mm_aesdec_si128(block, mKey[9]);
block = _mm_aesdec_si128(block, mKey[10]);
block = _mm_aesdec_si128(block, mKey[11]);
block = _mm_aesdec_si128(block, mKey[12]);
block = _mm_aesdec_si128(block, mKey[13]);
block = _mm_aesdeclast_si128(block, mKey[14]);
_mm_storeu_si128((__m128i*)outBlock, block);
ClearSecretData((uint8_t *)&block, sizeof(block));
}
} // namespace Security
} // namespace Platform
} // namespace Weave
} // namespace nl
#endif // WEAVE_CONFIG_AES_IMPLEMENTATION_AESNI