Add GCM, CTR, and CTS modes to AES.

nss/mozilla/security/nss/lib/freebl/rijndael.c

 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
@@ skipping 29 matching lines @@
 #endif
 
 #include "prinit.h"
 #include "prerr.h"
 #include "secerr.h"
 
 #include "prtypes.h"
 #include "blapi.h"
 #include "rijndael.h"
 
+#include "cts.h"
+#include "ctr.h"
+#include "gcm.h"
+
 #if USE_HW_AES
 #include "intel-aes.h"
 #include "mpi.h"
 #endif
 
 /*
  * There are currently five ways to build this code, varying in performance
  * and code size.
  *
  * RIJNDAEL_INCLUDE_TABLES         Include all tables from rijndael32.tab
@@ skipping 921 matching lines @@
  * BLAPI for the AES cipher, Rijndael.
  *
  ***********************************************************************/
 
 AESContext * AES_AllocateContext(void)
 {
     return PORT_ZNew(AESContext);
 }
 
 
-SECStatus   
-AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, 
+/*
+** Initialize a new AES context suitable for AES encryption/decryption in
+** the ECB or CBC mode.
+**      "mode" the mode of operation, which must be NSS_AES or NSS_AES_CBC
+*/
+static SECStatus   
+aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, 
                 const unsigned char *iv, int mode, unsigned int encrypt,
                 unsigned int blocksize)
 {
 #if USE_HW_AES
     static int has_intel_aes;
     PRBool use_hw_aes = PR_FALSE;
 #endif
     unsigned int Nk;
     /* According to Rijndael AES Proposal, section 12.1, block and key
      * lengths between 128 and 256 bits are supported, as long as the
@@ skipping 40 matching lines @@
     cx->Nb = blocksize / 4;
     /* Nk = (key size in bits) / 32 */
     Nk = keysize / 4;
     /* Obtain number of rounds from "table" */
     cx->Nr = RIJNDAEL_NUM_ROUNDS(Nk, cx->Nb);
     /* copy in the iv, if neccessary */
     if (mode == NSS_AES_CBC) {
         memcpy(cx->iv, iv, blocksize);
 #if USE_HW_AES
         if (use_hw_aes) {
-            cx->worker = intel_aes_cbc_worker(encrypt, keysize);
+            cx->worker = (freeblCipherFunc)
+                                intel_aes_cbc_worker(encrypt, keysize);
         } else
 #endif
-            cx->worker = (encrypt
+            cx->worker = (freeblCipherFunc) (encrypt
                           ? &rijndael_encryptCBC : &rijndael_decryptCBC);
     } else {
 #if  USE_HW_AES
         if (use_hw_aes) {
-            cx->worker = intel_aes_ecb_worker(encrypt, keysize);
+            cx->worker = (freeblCipherFunc) 
+                                intel_aes_ecb_worker(encrypt, keysize);
         } else
 #endif
-            cx->worker = (encrypt
+            cx->worker = (freeblCipherFunc) (encrypt
                           ? &rijndael_encryptECB : &rijndael_decryptECB);
     }
     PORT_Assert((cx->Nb * (cx->Nr + 1)) <= RIJNDAEL_MAX_EXP_KEY_SIZE);
     if ((cx->Nb * (cx->Nr + 1)) > RIJNDAEL_MAX_EXP_KEY_SIZE) {
         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
         goto cleanup;
     }
 #ifdef USE_HW_AES
     if (use_hw_aes) {
         intel_aes_init(encrypt, keysize);
@@ skipping 12 matching lines @@
 #endif
         /* Generate expanded key */
         if (encrypt) {
             if (rijndael_key_expansion(cx, key, Nk) != SECSuccess)
                 goto cleanup;
         } else {
             if (rijndael_invkey_expansion(cx, key, Nk) != SECSuccess)
                 goto cleanup;
         }
     }
+    cx->worker_cx = cx;
+    cx->destroy = NULL;
+    cx->isBlock = PR_TRUE;
     return SECSuccess;
 cleanup:
     return SECFailure;
 }
 
+SECStatus   
+AES_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize, 
+                const unsigned char *iv, int mode, unsigned int encrypt,
+                unsigned int blocksize)
+{
+    int basemode = mode;
+    PRBool baseencrypt = encrypt;
+    SECStatus rv;
+
+    switch (mode) {
+    case NSS_AES_CTS:
+        basemode = NSS_AES_CBC;
+        break;
+    case NSS_AES_GCM:
+    case NSS_AES_CTR:
+        basemode = NSS_AES;
+        baseencrypt = PR_TRUE;
+        break;
+    }
+    rv = aes_InitContext(cx, key, keysize, iv, basemode, 
+                                        baseencrypt, blocksize);
+    if (rv != SECSuccess) {
+        AES_DestroyContext(cx, PR_TRUE);
+        return rv;
+    }
+
+    /* finally, set up any mode specific contexts */
+    switch (mode) {
+    case NSS_AES_CTS:
+        cx->worker_cx = CTS_CreateContext(cx, cx->worker, iv, blocksize);
+        cx->worker = (freeblCipherFunc) 
+                        (encrypt ?  CTS_EncryptUpdate : CTS_DecryptUpdate);
+        cx->destroy = (freeblDestroyFunc) CTS_DestroyContext;
+        cx->isBlock = PR_FALSE;
+        break;
+    case NSS_AES_GCM:
+        cx->worker_cx = GCM_CreateContext(cx, cx->worker, iv, blocksize);
+        cx->worker = (freeblCipherFunc)
+                        (encrypt ? GCM_EncryptUpdate : GCM_DecryptUpdate);
+        cx->destroy = (freeblDestroyFunc) GCM_DestroyContext;
+        cx->isBlock = PR_FALSE;
+        break;
+    case NSS_AES_CTR:
+        cx->worker_cx = CTR_CreateContext(cx, cx->worker, iv, blocksize);
+        cx->worker = (freeblCipherFunc) CTR_Update ;
+        cx->destroy = (freeblDestroyFunc) CTR_DestroyContext;
+        cx->isBlock = PR_FALSE;
+        break;
+    default:
+        /* everything has already been set up by aes_InitContext, just
+         * return */
+        return SECSuccess;
+    }
+    /* check to see if we succeeded in getting the worker context */
+    if (cx->worker_cx == NULL) {
+        /* no, just destroy the existing context */
+        cx->destroy = NULL; /* paranoia, though you can see a dozen lines */
+                            /* below that this isn't necessary */
+        AES_DestroyContext(cx, PR_TRUE);
+        return SECFailure;
+    }
+    return SECSuccess;
+}
 
 /* AES_CreateContext
  *
  * create a new context for Rijndael operations
  */
 AESContext *
 AES_CreateContext(const unsigned char *key, const unsigned char *iv, 
                   int mode, int encrypt,
                   unsigned int keysize, unsigned int blocksize)
 {
@@ skipping 12 matching lines @@
 /*
  * AES_DestroyContext
  * 
  * Zero an AES cipher context.  If freeit is true, also free the pointer
  * to the context.
  */
 void 
 AES_DestroyContext(AESContext *cx, PRBool freeit)
 {
 /*  memset(cx, 0, sizeof *cx); */
+    if (cx->worker_cx && cx->destroy) {
+        (*cx->destroy)(cx->worker_cx, PR_TRUE);
+    }
     if (freeit)
         PORT_Free(cx);
 }
 
 /*
  * AES_Encrypt
  *
  * Encrypt an arbitrary-length buffer.  The output buffer must already be
  * allocated to at least inputLen.
  */
 SECStatus 
 AES_Encrypt(AESContext *cx, unsigned char *output,
             unsigned int *outputLen, unsigned int maxOutputLen,
             const unsigned char *input, unsigned int inputLen)
 {
     int blocksize;
     /* Check args */
     if (cx == NULL || output == NULL || input == NULL) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
     blocksize = 4 * cx->Nb;
-    if (inputLen % blocksize != 0) {
+    if (cx->isBlock && (inputLen % blocksize != 0)) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
     if (maxOutputLen < inputLen) {
         PORT_SetError(SEC_ERROR_OUTPUT_LEN);
         return SECFailure;
     }
     *outputLen = inputLen;
-    return (*cx->worker)(cx, output, outputLen, maxOutputLen,   
+    return (*cx->worker)(cx->worker_cx, output, outputLen, maxOutputLen,        
                              input, inputLen, blocksize);
 }
 
 /*
  * AES_Decrypt
  *
  * Decrypt and arbitrary-length buffer.  The output buffer must already be
  * allocated to at least inputLen.
  */
 SECStatus 
 AES_Decrypt(AESContext *cx, unsigned char *output,
             unsigned int *outputLen, unsigned int maxOutputLen,
             const unsigned char *input, unsigned int inputLen)
 {
     int blocksize;
     /* Check args */
     if (cx == NULL || output == NULL || input == NULL) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
     blocksize = 4 * cx->Nb;
-    if (inputLen % blocksize != 0) {
+    if (cx->isBlock && (inputLen % blocksize != 0)) {
         PORT_SetError(SEC_ERROR_INPUT_LEN);
         return SECFailure;
     }
     if (maxOutputLen < inputLen) {
         PORT_SetError(SEC_ERROR_OUTPUT_LEN);
         return SECFailure;
     }
     *outputLen = inputLen;
-    return (*cx->worker)(cx, output, outputLen, maxOutputLen,   
+    return (*cx->worker)(cx->worker_cx, output, outputLen, maxOutputLen,        
                              input, inputLen, blocksize);
 }