Change CBC-AES interface

* cbc.h (cbc_aes128_encrypt, cbc_aes192_encrypt) (cbc_aes256_encrypt): Change interface, take cipher context pointer and iv as separate arguments. Update C and x86_64 implementations and corresponding glue code.
author: Niels Möller <nisse@lysator.liu.se> 2021-09-14 14:40:35 +0200
committer: Niels Möller <nisse@lysator.liu.se> 2021-09-14 14:40:35 +0200
commit: 55584f4e7ce91f3e1c3b68f900a88d2ad680ae8d (patch)
tree: d63d2052df3d9adad9923d3378a293facce99c1d
parent: 7a966ac3869b7b8d94fb92740415ad71bbbdeee7 (diff)
download: nettle-55584f4e7ce91f3e1c3b68f900a88d2ad680ae8d.tar.gz
11 files changed, 87 insertions, 54 deletions
diff --git a/ChangeLog b/ChangeLog
index fbe076ad..08adcf28 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2021-09-14  Niels Möller  <nisse@lysator.liu.se>
 
+	* cbc.h (cbc_aes128_encrypt, cbc_aes192_encrypt)
+	(cbc_aes256_encrypt): Change interface, take cipher context
+	pointer and iv as separate arguments. Update C and x86_64
+	implementations and corresponding glue code.
+
 	* testsuite/testutils.c (test_aead): Test encrypt/decrypt with
 	message split into pieces.
 
diff --git a/cbc-aes128-encrypt.c b/cbc-aes128-encrypt.c
index 358a3d70..b13c744c 100644
--- a/cbc-aes128-encrypt.c
+++ b/cbc-aes128-encrypt.c
@@ -38,14 +38,16 @@
 /* For fat builds */
 #if HAVE_NATIVE_cbc_aes128_encrypt
 void
-_nettle_cbc_aes128_encrypt_c(struct cbc_aes128_ctx *ctx,
+_nettle_cbc_aes128_encrypt_c(const struct aes128_ctx *ctx, uint8_t *iv,
 			     size_t length, uint8_t *dst,
 			     const uint8_t *src);
 # define nettle_cbc_aes128_encrypt _nettle_cbc_aes128_encrypt_c
 #endif
 
 void
-cbc_aes128_encrypt(struct cbc_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src)
+cbc_aes128_encrypt(const struct aes128_ctx *ctx, uint8_t *iv,
+		   size_t length, uint8_t *dst, const uint8_t *src)
 {
-  CBC_ENCRYPT(ctx, aes128_encrypt, length, dst, src);
+  cbc_encrypt(ctx, (nettle_cipher_func *) aes128_encrypt,
+	      AES_BLOCK_SIZE, iv, length, dst, src);
 }
diff --git a/cbc-aes192-encrypt.c b/cbc-aes192-encrypt.c
index fa9d10b4..c23192d2 100644
--- a/cbc-aes192-encrypt.c
+++ b/cbc-aes192-encrypt.c
@@ -38,14 +38,16 @@
 /* For fat builds */
 #if HAVE_NATIVE_cbc_aes192_encrypt
 void
-_nettle_cbc_aes192_encrypt_c(struct cbc_aes192_ctx *ctx,
+_nettle_cbc_aes192_encrypt_c(const struct aes192_ctx *ctx, uint8_t *iv,
 			     size_t length, uint8_t *dst,
 			     const uint8_t *src);
 # define nettle_cbc_aes192_encrypt _nettle_cbc_aes192_encrypt_c
 #endif
 
 void
-cbc_aes192_encrypt(struct cbc_aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src)
+cbc_aes192_encrypt(const struct aes192_ctx *ctx, uint8_t *iv,
+		   size_t length, uint8_t *dst, const uint8_t *src)
 {
-  CBC_ENCRYPT(ctx, aes192_encrypt, length, dst, src);
+  cbc_encrypt(ctx, (nettle_cipher_func *) aes192_encrypt,
+	      AES_BLOCK_SIZE, iv,  length, dst, src);
 }
diff --git a/cbc-aes256-encrypt.c b/cbc-aes256-encrypt.c
index 72dd7d83..14c6d9f0 100644
--- a/cbc-aes256-encrypt.c
+++ b/cbc-aes256-encrypt.c
@@ -38,14 +38,16 @@
 /* For fat builds */
 #if HAVE_NATIVE_cbc_aes256_encrypt
 void
-_nettle_cbc_aes256_encrypt_c(struct cbc_aes256_ctx *ctx,
+_nettle_cbc_aes256_encrypt_c(const struct aes256_ctx *ctx, uint8_t *iv,
 			     size_t length, uint8_t *dst,
 			     const uint8_t *src);
 # define nettle_cbc_aes256_encrypt _nettle_cbc_aes256_encrypt_c
 #endif
 
 void
-cbc_aes256_encrypt(struct cbc_aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src)
+cbc_aes256_encrypt(const struct aes256_ctx *ctx, uint8_t *iv,
+		   size_t length, uint8_t *dst, const uint8_t *src)
 {
-  CBC_ENCRYPT(ctx, aes256_encrypt, length, dst, src);
+  cbc_encrypt(ctx, (nettle_cipher_func *) aes256_encrypt,
+	      AES_BLOCK_SIZE, iv, length, dst, src);
 }
diff --git a/cbc.h b/cbc.h
index 5fa670f3..cf62e028 100644
--- a/cbc.h
+++ b/cbc.h
@@ -83,17 +83,17 @@ memcpy((ctx)->iv, (data), sizeof((ctx)->iv))
 		 sizeof((self)->iv), (self)->iv,	\
 		 (length), (dst), (src)))
 
-struct cbc_aes128_ctx CBC_CTX(struct aes128_ctx, AES_BLOCK_SIZE);
 void
-cbc_aes128_encrypt(struct cbc_aes128_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src);
+cbc_aes128_encrypt(const struct aes128_ctx *ctx, uint8_t *iv,
+		   size_t length, uint8_t *dst, const uint8_t *src);
 
-struct cbc_aes192_ctx CBC_CTX(struct aes192_ctx, AES_BLOCK_SIZE);
 void
-cbc_aes192_encrypt(struct cbc_aes192_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src);
+cbc_aes192_encrypt(const struct aes192_ctx *ctx, uint8_t *iv,
+		   size_t length, uint8_t *dst, const uint8_t *src);
 
-struct cbc_aes256_ctx CBC_CTX(struct aes256_ctx, AES_BLOCK_SIZE);
 void
-cbc_aes256_encrypt(struct cbc_aes256_ctx *ctx, size_t length, uint8_t *dst, const uint8_t *src);
+cbc_aes256_encrypt(const struct aes256_ctx *ctx, uint8_t *iv,
+		   size_t length, uint8_t *dst, const uint8_t *src);
 
 #ifdef __cplusplus
 }
diff --git a/fat-setup.h b/fat-setup.h
index 9ef5c22d..64b27244 100644
--- a/fat-setup.h
+++ b/fat-setup.h
@@ -214,12 +214,9 @@ typedef void aes256_invert_key_func (struct aes256_ctx *dst, const struct aes256
 typedef void aes256_crypt_func (const struct aes256_ctx *ctx, size_t length, uint8_t *dst,
 	       const uint8_t *src);
 
-struct cbc_aes128_ctx;
-typedef void cbc_aes128_encrypt_func (struct cbc_aes128_ctx *ctx,
+typedef void cbc_aes128_encrypt_func (const struct aes128_ctx *ctx, uint8_t *iv,
 				      size_t length, uint8_t *dst, const uint8_t *src);
-struct cbc_aes192_ctx;
-typedef void cbc_aes192_encrypt_func (struct cbc_aes192_ctx *ctx,
+typedef void cbc_aes192_encrypt_func (const struct aes192_ctx *ctx, uint8_t *iv,
 				      size_t length, uint8_t *dst, const uint8_t *src);
-struct cbc_aes256_ctx;
-typedef void cbc_aes256_encrypt_func (struct cbc_aes256_ctx *ctx,
+typedef void cbc_aes256_encrypt_func (const struct aes256_ctx *ctx, uint8_t *iv,
 				      size_t length, uint8_t *dst, const uint8_t *src);
diff --git a/fat-x86_64.c b/fat-x86_64.c
index b5da39a1..30551cb2 100644
--- a/fat-x86_64.c
+++ b/fat-x86_64.c
@@ -262,17 +262,17 @@ DEFINE_FAT_FUNC(nettle_aes256_decrypt, void,
  (ctx, length, dst, src))
 
 DEFINE_FAT_FUNC(nettle_cbc_aes128_encrypt, void,
- (struct cbc_aes128_ctx *ctx,
+ (const struct aes128_ctx *ctx, uint8_t *iv,
   size_t length, uint8_t *dst, const uint8_t *src),
- (ctx, length, dst, src))
+ (ctx, iv, length, dst, src))
 DEFINE_FAT_FUNC(nettle_cbc_aes192_encrypt, void,
- (struct cbc_aes192_ctx *ctx,
+ (const struct aes192_ctx *ctx, uint8_t *iv,
   size_t length, uint8_t *dst, const uint8_t *src),
- (ctx, length, dst, src))
+ (ctx, iv, length, dst, src))
 DEFINE_FAT_FUNC(nettle_cbc_aes256_encrypt, void,
- (struct cbc_aes256_ctx *ctx,
+ (const struct aes256_ctx *ctx, uint8_t *iv,
   size_t length, uint8_t *dst, const uint8_t *src),
- (ctx, length, dst, src))
+ (ctx, iv, length, dst, src))
 
 DEFINE_FAT_FUNC(nettle_memxor, void *,
 		(void *dst, const void *src, size_t n),
diff --git a/nettle-internal.c b/nettle-internal.c
index e2422a5b..dd293227 100644
--- a/nettle-internal.c
+++ b/nettle-internal.c
@@ -152,6 +152,7 @@ nettle_salsa20r12 = {
   NULL,
 };
 
+struct cbc_aes128_ctx CBC_CTX(struct aes128_ctx, AES_BLOCK_SIZE);
 static void
 cbc_aes128_set_encrypt_key(struct cbc_aes128_ctx *ctx, const uint8_t *key)
 {
@@ -162,6 +163,14 @@ cbc_aes128_set_iv(struct cbc_aes128_ctx *ctx, const uint8_t *iv)
 {
   CBC_SET_IV(ctx, iv);
 }
+static void
+cbc_aes128_encrypt_wrapper(struct cbc_aes128_ctx *ctx,
+			   size_t length, uint8_t *dst,
+			   const uint8_t *src)
+{
+  cbc_aes128_encrypt(&ctx->ctx, ctx->iv, length, dst, src);
+}
+
 const struct nettle_aead
 nettle_cbc_aes128 = {
   "cbc_aes128", sizeof(struct cbc_aes128_ctx),
@@ -171,11 +180,12 @@ nettle_cbc_aes128 = {
   NULL,
   (nettle_set_key_func*) cbc_aes128_set_iv,
   NULL,
-  (nettle_crypt_func *) cbc_aes128_encrypt,
+  (nettle_crypt_func *) cbc_aes128_encrypt_wrapper,
   NULL,
   NULL,
 };
 
+struct cbc_aes192_ctx CBC_CTX(struct aes192_ctx, AES_BLOCK_SIZE);
 static void
 cbc_aes192_set_encrypt_key(struct cbc_aes192_ctx *ctx, const uint8_t *key)
 {
@@ -186,6 +196,13 @@ cbc_aes192_set_iv(struct cbc_aes192_ctx *ctx, const uint8_t *iv)
 {
   CBC_SET_IV(ctx, iv);
 }
+static void
+cbc_aes192_encrypt_wrapper(struct cbc_aes192_ctx *ctx,
+			   size_t length, uint8_t *dst,
+			   const uint8_t *src)
+{
+  cbc_aes192_encrypt(&ctx->ctx, ctx->iv, length, dst, src);
+}
 const struct nettle_aead
 nettle_cbc_aes192 = {
   "cbc_aes192", sizeof(struct cbc_aes192_ctx),
@@ -195,11 +212,12 @@ nettle_cbc_aes192 = {
   NULL,
   (nettle_set_key_func*) cbc_aes192_set_iv,
   NULL,
-  (nettle_crypt_func *) cbc_aes192_encrypt,
+  (nettle_crypt_func *) cbc_aes192_encrypt_wrapper,
   NULL,
   NULL,
 };
 
+struct cbc_aes256_ctx CBC_CTX(struct aes256_ctx, AES_BLOCK_SIZE);
 static void
 cbc_aes256_set_encrypt_key(struct cbc_aes256_ctx *ctx, const uint8_t *key)
 {
@@ -210,6 +228,13 @@ cbc_aes256_set_iv(struct cbc_aes256_ctx *ctx, const uint8_t *iv)
 {
   CBC_SET_IV(ctx, iv);
 }
+static void
+cbc_aes256_encrypt_wrapper(struct cbc_aes256_ctx *ctx,
+			   size_t length, uint8_t *dst,
+			   const uint8_t *src)
+{
+  cbc_aes256_encrypt(&ctx->ctx, ctx->iv, length, dst, src);
+}
 const struct nettle_aead
 nettle_cbc_aes256 = {
   "cbc_aes256", sizeof(struct cbc_aes256_ctx),
@@ -219,7 +244,7 @@ nettle_cbc_aes256 = {
   NULL,
   (nettle_set_key_func*) cbc_aes256_set_iv,
   NULL,
-  (nettle_crypt_func *) cbc_aes256_encrypt,
+  (nettle_crypt_func *) cbc_aes256_encrypt_wrapper,
   NULL,
   NULL,
 };
diff --git a/x86_64/aesni/cbc-aes128-encrypt.asm b/x86_64/aesni/cbc-aes128-encrypt.asm
index 7375dadd..c780b35e 100644
--- a/x86_64/aesni/cbc-aes128-encrypt.asm
+++ b/x86_64/aesni/cbc-aes128-encrypt.asm
@@ -32,9 +32,10 @@ ifelse(`
 
 C Input argument
 define(`CTX',	`%rdi')
-define(`LENGTH',`%rsi')
-define(`DST',	`%rdx')
-define(`SRC',	`%rcx')
+define(`IV',	`%rsi')
+define(`LENGTH',`%rdx')
+define(`DST',	`%rcx')
+define(`SRC',	`%r8')
 
 define(`KEY0', `%xmm0')
 define(`KEY1', `%xmm1')
@@ -59,7 +60,7 @@ define(`BLOCK', `%xmm12')
 	.text
 	ALIGN(16)
 PROLOGUE(nettle_cbc_aes128_encrypt)
-	W64_ENTRY(4, 13)
+	W64_ENTRY(5, 13)
 	shr	$4, LENGTH
 	test	LENGTH, LENGTH
 	jz	.Lend
@@ -75,7 +76,7 @@ PROLOGUE(nettle_cbc_aes128_encrypt)
 	movups	128(CTX), KEY8
 	movups	144(CTX), KEY9
 	movups	160(CTX), KEY10
-	movups	176(CTX), X	C Load IV
+	movups	(IV), X
 
 .Lblock_loop:
 	movups	(SRC), BLOCK	C Cleartext block
@@ -99,10 +100,9 @@ PROLOGUE(nettle_cbc_aes128_encrypt)
 	dec	LENGTH
 	jnz	.Lblock_loop
 
-	C Save IV
-	movups	X, 176(CTX)
+	movups	X, (IV)
 
 .Lend:
-	W64_EXIT(4, 13)
+	W64_EXIT(5, 13)
 	ret
 EPILOGUE(nettle_cbc_aes128_encrypt)
diff --git a/x86_64/aesni/cbc-aes192-encrypt.asm b/x86_64/aesni/cbc-aes192-encrypt.asm
index 2438d91f..13825162 100644
--- a/x86_64/aesni/cbc-aes192-encrypt.asm
+++ b/x86_64/aesni/cbc-aes192-encrypt.asm
@@ -32,9 +32,10 @@ ifelse(`
 
 C Input argument
 define(`CTX',	`%rdi')
-define(`LENGTH',`%rsi')
-define(`DST',	`%rdx')
-define(`SRC',	`%rcx')
+define(`IV',	`%rsi')
+define(`LENGTH',`%rdx')
+define(`DST',	`%rcx')
+define(`SRC',	`%r8')
 
 define(`KEY0', `%xmm0')
 define(`KEY1', `%xmm1')
@@ -61,7 +62,7 @@ define(`BLOCK', `%xmm14')
 	.text
 	ALIGN(16)
 PROLOGUE(nettle_cbc_aes192_encrypt)
-	W64_ENTRY(4, 15)
+	W64_ENTRY(5, 15)
 	shr	$4, LENGTH
 	test	LENGTH, LENGTH
 	jz	.Lend
@@ -79,7 +80,7 @@ PROLOGUE(nettle_cbc_aes192_encrypt)
 	movups	160(CTX), KEY10
 	movups	176(CTX), KEY11
 	movups	192(CTX), KEY12
-	movups	208(CTX), X	C Load IV
+	movups	(IV), X
 
 .Lblock_loop:
 	movups	(SRC), BLOCK	C Cleartext block
@@ -105,10 +106,9 @@ PROLOGUE(nettle_cbc_aes192_encrypt)
 	dec	LENGTH
 	jnz	.Lblock_loop
 
-	C Save IV
-	movups	X, 208(CTX)
+	movups	X, (IV)
 
 .Lend:
-	W64_EXIT(4, 15)
+	W64_EXIT(5, 15)
 	ret
 EPILOGUE(nettle_cbc_aes192_encrypt)
diff --git a/x86_64/aesni/cbc-aes256-encrypt.asm b/x86_64/aesni/cbc-aes256-encrypt.asm
index 6b289c70..17428f19 100644
--- a/x86_64/aesni/cbc-aes256-encrypt.asm
+++ b/x86_64/aesni/cbc-aes256-encrypt.asm
@@ -32,9 +32,10 @@ ifelse(`
 
 C Input argument
 define(`CTX',	`%rdi')
-define(`LENGTH',`%rsi')
-define(`DST',	`%rdx')
-define(`SRC',	`%rcx')
+define(`IV',	`%rsi')
+define(`LENGTH',`%rdx')
+define(`DST',	`%rcx')
+define(`SRC',	`%r8')
 
 define(`KEY0_7', `%xmm0')
 define(`KEY1', `%xmm1')
@@ -63,7 +64,7 @@ define(`BLOCK', `%xmm15')
 	.text
 	ALIGN(16)
 PROLOGUE(nettle_cbc_aes256_encrypt)
-	W64_ENTRY(4, 16)
+	W64_ENTRY(5, 16)
 	shr	$4, LENGTH
 	test	LENGTH, LENGTH
 	jz	.Lend
@@ -82,7 +83,7 @@ PROLOGUE(nettle_cbc_aes256_encrypt)
 	movups	192(CTX), KEY12
 	movups	208(CTX), KEY13
 	movups	224(CTX), KEY14
-	movups	240(CTX), X	C Load IV
+	movups	(IV), X
 
 .Lblock_loop:
 	movups	(SRC), BLOCK	C Cleartext block
@@ -112,10 +113,9 @@ PROLOGUE(nettle_cbc_aes256_encrypt)
 	dec	LENGTH
 	jnz	.Lblock_loop
 
-	C Save IV
-	movups	X, 240(CTX)
+	movups	X, (IV)
 
 .Lend:
-	W64_EXIT(4, 16)
+	W64_EXIT(5, 16)
 	ret
 EPILOGUE(nettle_cbc_aes256_encrypt)
author	Niels Möller <nisse@lysator.liu.se>	2021-09-14 14:40:35 +0200
committer	Niels Möller <nisse@lysator.liu.se>	2021-09-14 14:40:35 +0200
commit	55584f4e7ce91f3e1c3b68f900a88d2ad680ae8d (patch)
tree	d63d2052df3d9adad9923d3378a293facce99c1d
parent	7a966ac3869b7b8d94fb92740415ad71bbbdeee7 (diff)
download	nettle-55584f4e7ce91f3e1c3b68f900a88d2ad680ae8d.tar.gz