projects / ceph.git / blame
| Commit | Line | Data |
|---|---|---|
| 7c673cae FG |
1 | /********************************************************************** |
| 2 | Copyright(c) 2011-2016 Intel Corporation All rights reserved. | |
| 3 | ||
| 4 | Redistribution and use in source and binary forms, with or without | |
| 1e59de90 | 5 | modification, are permitted provided that the following conditions |
| 7c673cae FG |
6 | are met: |
| 7 | * Redistributions of source code must retain the above copyright | |
| 8 | notice, this list of conditions and the following disclaimer. | |
| 9 | * Redistributions in binary form must reproduce the above copyright | |
| 10 | notice, this list of conditions and the following disclaimer in | |
| 11 | the documentation and/or other materials provided with the | |
| 12 | distribution. | |
| 13 | * Neither the name of Intel Corporation nor the names of its | |
| 14 | contributors may be used to endorse or promote products derived | |
| 15 | from this software without specific prior written permission. | |
| 16 | ||
| 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
| 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
| 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
| 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 28 | **********************************************************************/ | |
| 29 | ||
| 30 | ||
| 31 | #ifndef _AES_XTS_H | |
| 32 | #define _AES_XTS_H | |
| 33 | ||
| 34 | /** | |
| 35 | * @file aes_xts.h | |
| 36 | * @brief AES XTS encryption function prototypes. | |
| 37 | * | |
| 38 | * This defines the interface to optimized AES XTS functions | |
| 1e59de90 TL |
39 | * |
| 40 | * <b>Pre-expanded keys</b> | |
| 41 | * | |
| 42 | * For key encryption, pre-expanded keys are stored in the order that they will be | |
| 43 | * used. As an example, if Key[0] is the 128-bit initial key used for an AES-128 | |
| 44 | * encryption, the rest of the keys are stored as follows: | |
| 45 | * | |
| 46 | * <ul> | |
| 47 | * <li> Key[0] : Initial encryption key | |
| 48 | * <li> Key[1] : Round 1 encryption key | |
| 49 | * <li> Key[2] : Round 2 encryption key | |
| 50 | * <li> ... | |
| 51 | * <li> Key[10] : Round 10 encryption key | |
| 52 | * </ul> | |
| 53 | * | |
| 54 | * For decryption, the order of keys is reversed. However, we apply the | |
| 55 | * necessary aesimc instructions before storing the expanded keys. For the same key | |
| 56 | * used above, the pre-expanded keys will be stored as follows: | |
| 57 | * | |
| 58 | * <ul> | |
| 59 | * <li> Key[0] : Round 10 encryption key | |
| 60 | * <li> Key[1] : aesimc(Round 9 encryption key) | |
| 61 | * <li> Key[2] : aesimc(Round 8 encryption key) | |
| 62 | * <li> ... | |
| 63 | * <li> Key[9] : aesimc(Round 1 encryption key) | |
| 64 | * <li> Key[10] : Initial encryption key | |
| 65 | * </ul> | |
| 66 | * | |
| 67 | * <b>Note:</b> The expanded key decryption requires a decryption key only for the block | |
| 68 | * decryption step. The tweak step in the expanded key decryption requires the same expanded | |
| 69 | * encryption key that is used in the expanded key encryption. | |
| 70 | * | |
| 71 | * <b>Input and Output Buffers </b> | |
| 72 | * | |
| 73 | * The input and output buffers can be overlapping as long as the output buffer | |
| 74 | * pointer is not less than the input buffer pointer. If the two pointers are the | |
| 75 | * same, then encryption/decryption will occur in-place. | |
| 76 | * | |
| 77 | * <b>Data Length</b> | |
| 78 | * | |
| 79 | * <ul> | |
| 80 | * <li> The functions support data length of any bytes greater than or equal to 16 bytes. | |
| 81 | * <li> Data length is a 64-bit value, which makes the largest possible data length | |
| 82 | * 2^64 - 1 bytes. | |
| 83 | * <li> For data lengths from 0 to 15 bytes, the functions return without any error | |
| 84 | * codes, without reading or writing any data. | |
| 85 | * <li> The functions only support byte lengths, not bits. | |
| 86 | * </ul> | |
| 87 | * | |
| 88 | * <b>Initial Tweak</b> | |
| 89 | * | |
| 90 | * The functions accept a 128-bit initial tweak value. The user is responsible for | |
| 91 | * padding the initial tweak value to this length. | |
| 92 | * | |
| 93 | * <b>Data Alignment</b> | |
| 94 | * | |
| 95 | * The input and output buffers, keys, pre-expanded keys and initial tweak value | |
| 96 | * are not required to be aligned to 16 bytes, any alignment works. | |
| 97 | * | |
| 7c673cae FG |
98 | */ |
| 99 | ||
| 100 | #include <stdint.h> | |
| 101 | ||
| 102 | #ifdef __cplusplus | |
| 103 | extern "C" { | |
| 104 | #endif | |
| 105 | ||
| 106 | /** @brief XTS-AES-128 Encryption | |
| 107 | * @requires AES-NI | |
| 108 | */ | |
| 109 | ||
| 110 | void XTS_AES_128_enc( | |
| 111 | uint8_t *k2, //!< key used for tweaking, 16 bytes | |
| 112 | uint8_t *k1, //!< key used for encryption of tweaked plaintext, 16 bytes | |
| 113 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
| 114 | uint64_t N, //!< sector size, in bytes | |
| 115 | const uint8_t *pt, //!< plaintext sector input data | |
| 116 | uint8_t *ct //!< ciphertext sector output data | |
| 117 | ); | |
| 118 | ||
| 119 | /** @brief XTS-AES-128 Encryption with pre-expanded keys | |
| 120 | * @requires AES-NI | |
| 121 | */ | |
| 122 | ||
| 123 | void XTS_AES_128_enc_expanded_key( | |
| 124 | uint8_t *k2, //!< expanded key used for tweaking, 16*11 bytes | |
| 125 | uint8_t *k1, //!< expanded key used for encryption of tweaked plaintext, 16*11 bytes | |
| 126 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
| 127 | uint64_t N, //!< sector size, in bytes | |
| 128 | const uint8_t *pt, //!< plaintext sector input data | |
| 129 | uint8_t *ct //!< ciphertext sector output data | |
| 130 | ); | |
| 131 | ||
| 132 | /** @brief XTS-AES-128 Decryption | |
| 133 | * @requires AES-NI | |
| 134 | */ | |
| 135 | ||
| 136 | void XTS_AES_128_dec( | |
| 137 | uint8_t *k2, //!< key used for tweaking, 16 bytes | |
| 138 | uint8_t *k1, //!< key used for decryption of tweaked ciphertext, 16 bytes | |
| 139 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
| 140 | uint64_t N, //!< sector size, in bytes | |
| 141 | const uint8_t *ct, //!< ciphertext sector input data | |
| 142 | uint8_t *pt //!< plaintext sector output data | |
| 143 | ); | |
| 144 | ||
| 145 | /** @brief XTS-AES-128 Decryption with pre-expanded keys | |
| 146 | * @requires AES-NI | |
| 147 | */ | |
| 148 | ||
| 149 | void XTS_AES_128_dec_expanded_key( | |
| 150 | uint8_t *k2, //!< expanded key used for tweaking, 16*11 bytes - encryption key is used | |
| 151 | uint8_t *k1, //!< expanded decryption key used for decryption of tweaked ciphertext, 16*11 bytes | |
| 152 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
| 153 | uint64_t N, //!< sector size, in bytes | |
| 154 | const uint8_t *ct, //!< ciphertext sector input data | |
| 155 | uint8_t *pt //!< plaintext sector output data | |
| 156 | ); | |
| 157 | ||
| 158 | /** @brief XTS-AES-256 Encryption | |
| 159 | * @requires AES-NI | |
| 160 | */ | |
| 161 | ||
| 162 | void XTS_AES_256_enc( | |
| 163 | uint8_t *k2, //!< key used for tweaking, 16*2 bytes | |
| 164 | uint8_t *k1, //!< key used for encryption of tweaked plaintext, 16*2 bytes | |
| 165 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
| 166 | uint64_t N, //!< sector size, in bytes | |
| 167 | const uint8_t *pt, //!< plaintext sector input data | |
| 168 | uint8_t *ct //!< ciphertext sector output data | |
| 169 | ); | |
| 170 | ||
| 171 | /** @brief XTS-AES-256 Encryption with pre-expanded keys | |
| 172 | * @requires AES-NI | |
| 173 | */ | |
| 174 | ||
| 175 | void XTS_AES_256_enc_expanded_key( | |
| 176 | uint8_t *k2, //!< expanded key used for tweaking, 16*15 bytes | |
| 177 | uint8_t *k1, //!< expanded key used for encryption of tweaked plaintext, 16*15 bytes | |
| 178 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
| 179 | uint64_t N, //!< sector size, in bytes | |
| 180 | const uint8_t *pt, //!< plaintext sector input data | |
| 181 | uint8_t *ct //!< ciphertext sector output data | |
| 182 | ); | |
| 183 | ||
| 184 | /** @brief XTS-AES-256 Decryption | |
| 185 | * @requires AES-NI | |
| 186 | */ | |
| 187 | ||
| 188 | void XTS_AES_256_dec( | |
| 189 | uint8_t *k2, //!< key used for tweaking, 16*2 bytes | |
| 190 | uint8_t *k1, //!< key used for decryption of tweaked ciphertext, 16*2 bytes | |
| 191 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
| 192 | uint64_t N, //!< sector size, in bytes | |
| 193 | const uint8_t *ct, //!< ciphertext sector input data | |
| 194 | uint8_t *pt //!< plaintext sector output data | |
| 195 | ); | |
| 196 | ||
| 197 | /** @brief XTS-AES-256 Decryption with pre-expanded keys | |
| 198 | * @requires AES-NI | |
| 199 | */ | |
| 200 | ||
| 201 | void XTS_AES_256_dec_expanded_key( | |
| 202 | uint8_t *k2, //!< expanded key used for tweaking, 16*15 bytes - encryption key is used | |
| 203 | uint8_t *k1, //!< expanded decryption key used for decryption of tweaked ciphertext, 16*15 bytes | |
| 204 | uint8_t *TW_initial, //!< initial tweak value, 16 bytes | |
| 205 | uint64_t N, //!< sector size, in bytes | |
| 206 | const uint8_t *ct, //!< ciphertext sector input data | |
| 207 | uint8_t *pt //!< plaintext sector output data | |
| 208 | ); | |
| 209 | ||
| 210 | #ifdef __cplusplus | |
| 211 | } | |
| 212 | #endif | |
| 213 | ||
| 214 | #endif //_AES_XTS_H |