aes: Adapt AES code to build for EC

Update header, C code, and tweak the assembly for ARMv7-M.

Rename aes_now_* functions to AES_* to avoid the need for a
separate wrapper.

Also add a test with FIPS-197 test vectors, and speed test.

BRANCH=none
BUG=b:111160949
TEST=make run-aes -j
TEST=make BOARD=nocturne_fp test-aes -j
     flash_fp_mcu aes.bin
     runtest => pass
     (C implementation speed: 11977 us for 1000 iterations)
     (ASM implementation speed: 5815 us for 1000 iterations)

Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>

Change-Id: I2048aae73decccb893bc1724b2617b0b902dd992
Reviewed-on: https://chromium-review.googlesource.com/1120340
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Adam Langley <agl@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>

11 files changed, 262 insertions, 188 deletions

diff --git a/board/meowth_fp/build.mk b/board/meowth_fp/build.mk
index e69fbd3f2e..2c7a5d3d73 100644
--- a/board/meowth_fp/build.mk
+++ b/board/meowth_fp/build.mk
@@ -10,3 +10,5 @@ CHIP_FAMILY:=stm32h7
 CHIP_VARIANT:=stm32h7x3
 
 board-y=board.o
+
+test-list-y=aes sha256 sha256_unrolled
diff --git a/common/build.mk b/common/build.mk
index 06557c3737..eb03c46683 100644
--- a/common/build.mk
+++ b/common/build.mk
@@ -16,6 +16,9 @@ common-$(CONFIG_ACCELGYRO_LSM6DSM)+=math_util.o
 common-$(CONFIG_ACCEL_LIS2DH)+=math_util.o
 common-$(CONFIG_ACCEL_KXCJ9)+=math_util.o
 common-$(CONFIG_ACCEL_KX022)+=math_util.o
+ifneq ($(CORE),cortex-m)
+common-$(CONFIG_AES)+=aes.o
+endif
 common-$(CONFIG_CMD_ADC)+=adc.o
 common-$(HAS_TASK_ALS)+=als.o
 common-$(CONFIG_AP_HANG_DETECT)+=ap_hang_detect.o
diff --git a/core/cortex-m/build.mk b/core/cortex-m/build.mk
index b07a2914de..e86ba23c59 100644
--- a/core/cortex-m/build.mk
+++ b/core/cortex-m/build.mk
@@ -23,6 +23,7 @@ LDFLAGS_EXTRA+=-flto
 endif
 
 core-y=cpu.o init.o ldivmod.o llsr.o uldivmod.o vecttable.o
+core-$(CONFIG_AES)+=aes.o
 core-$(CONFIG_ARMV7M_CACHE)+=cache.o
 core-$(CONFIG_COMMON_PANIC_OUTPUT)+=panic.o
 core-$(CONFIG_COMMON_RUNTIME)+=switch.o task.o
diff --git a/include/config.h b/include/config.h
index 6a241e81fa..bb666278aa 100644
--- a/include/config.h
+++ b/include/config.h
@@ -159,6 +159,9 @@
 #define CONFIG_ADC_PROFILE_SINGLE
 #undef CONFIG_ADC_PROFILE_FAST_CONTINUOUS
 
+/* Support AES symmetric-key algorithm */
+#undef CONFIG_AES
+
 /*
  * Some ALS modules may be connected to the EC. We need the command, and
  * specific drivers for each module.
diff --git a/test/aes.c b/test/aes.c
new file mode 100644
index 0000000000..18791cf7b7
--- /dev/null
+++ b/test/aes.c
@@ -0,0 +1,144 @@
+/* Copyright 2018 The Chromium OS Authors. All rights reserved.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include "aes.h"
+#include "console.h"
+#include "common.h"
+#include "test_util.h"
+#include "timer.h"
+#include "util.h"
+#include "watchdog.h"
+
+static int test_aes_raw(const uint8_t *key, int key_size,
+			const uint8_t *plaintext, const uint8_t *ciphertext)
+{
+	AES_KEY aes_key;
+	uint8_t block[AES_BLOCK_SIZE];
+
+	TEST_ASSERT(AES_set_encrypt_key(key, 8 * key_size, &aes_key) == 0);
+
+	/* Test encryption. */
+	AES_encrypt(plaintext, block, &aes_key);
+	TEST_ASSERT_ARRAY_EQ(ciphertext, block, sizeof(block));
+
+	/* Test in-place encryption. */
+	memcpy(block, plaintext, AES_BLOCK_SIZE);
+	AES_encrypt(block, block, &aes_key);
+	TEST_ASSERT_ARRAY_EQ(ciphertext, block, sizeof(block));
+
+	TEST_ASSERT(AES_set_decrypt_key(key, 8 * key_size, &aes_key) == 0);
+
+	/* Test decryption. */
+	AES_decrypt(ciphertext, block, &aes_key);
+	TEST_ASSERT_ARRAY_EQ(plaintext, block, sizeof(block));
+
+	/* Test in-place decryption. */
+	memcpy(block, ciphertext, AES_BLOCK_SIZE);
+	AES_decrypt(block, block, &aes_key);
+	TEST_ASSERT_ARRAY_EQ(plaintext, block, sizeof(block));
+
+	return EC_SUCCESS;
+}
+
+static int test_aes(void)
+{
+	/* Test vectors from FIPS-197, Appendix C. */
+	static const uint8_t key1[] = {
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+	};
+	static const uint8_t plain1[] = {
+		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+	};
+	static const uint8_t cipher1[] = {
+		0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
+		0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a,
+	};
+
+	static const uint8_t key2[] = {
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+	};
+	static const uint8_t plain2[] = {
+		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+	};
+	static const uint8_t cipher2[] = {
+		0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0,
+		0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91,
+	};
+
+	static const uint8_t key3[] = {
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+	};
+	static const uint8_t plain3[] = {
+		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+	};
+	static const uint8_t cipher3[] = {
+		0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
+		0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,
+	};
+
+	TEST_ASSERT(!test_aes_raw(key1, sizeof(key1), plain1, cipher1));
+	TEST_ASSERT(!test_aes_raw(key2, sizeof(key2), plain2, cipher2));
+	TEST_ASSERT(!test_aes_raw(key3, sizeof(key3), plain3, cipher3));
+
+	return EC_SUCCESS;
+}
+
+static void test_aes_speed(void)
+{
+	int i;
+	/* Test vectors from FIPS-197, Appendix C. */
+	static const uint8_t key[] = {
+		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+	};
+	const int key_size = sizeof(key);
+	static const uint8_t plaintext[] = {
+		0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+		0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+	};
+
+	AES_KEY aes_key;
+	uint8_t block[AES_BLOCK_SIZE];
+	timestamp_t t0, t1;
+
+	AES_set_encrypt_key(key, 8 * key_size, &aes_key);
+	AES_encrypt(plaintext, block, &aes_key);
+	t0 = get_time();
+	for (i = 0; i < 1000; i++)
+		AES_encrypt(block, block, &aes_key);
+	t1 = get_time();
+	ccprintf("AES duration %ld us\n", t1.val - t0.val);
+}
+
+void run_test(void)
+{
+	watchdog_reload();
+
+	/* do not check result, just as a benchmark */
+	test_aes_speed();
+
+	watchdog_reload();
+	RUN_TEST(test_aes);
+
+	test_print_result();
+}
diff --git a/test/aes.tasklist b/test/aes.tasklist
new file mode 100644
index 0000000000..de4df33e13
--- /dev/null
+++ b/test/aes.tasklist
@@ -0,0 +1,17 @@
+/* Copyright 2018 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/**
+ * List of enabled tasks in the priority order
+ *
+ * The first one has the lowest priority.
+ *
+ * For each task, use the macro TASK_TEST(n, r, d, s) where :
+ * 'n' in the name of the task
+ * 'r' in the main routine of the task
+ * 'd' in an opaque parameter passed to the routine at startup
+ * 's' is the stack size in bytes; must be a multiple of 8
+ */
+#define CONFIG_TEST_TASK_LIST
diff --git a/test/build.mk b/test/build.mk
index f03b614469..b16b15e702 100644
--- a/test/build.mk
+++ b/test/build.mk
@@ -13,7 +13,8 @@ test-list-y ?= pingpong timer_calib timer_dos timer_jump mutex utils utils_str
 ifneq ($(TEST_LIST_HOST),)
 test-list-host=$(TEST_LIST_HOST)
 else
-test-list-host = base32
+test-list-host = aes
+test-list-host += base32
 test-list-host += battery_get_params_smart
 test-list-host += bklight_lid
 test-list-host += bklight_passthru
@@ -66,6 +67,8 @@ test-list-host += vboot
 test-list-host += x25519
 endif
 
+
+aes-y=aes.o
 base32-y=base32.o
 battery_get_params_smart-y=battery_get_params_smart.o
 bklight_lid-y=bklight_lid.o
diff --git a/test/test_config.h b/test/test_config.h
index 5c57de1be1..3833661af6 100644
--- a/test/test_config.h
+++ b/test/test_config.h
@@ -18,6 +18,10 @@
 #undef CONFIG_VBOOT_HASH
 #undef CONFIG_USB_PD_LOGGING
 
+#ifdef TEST_AES
+#define CONFIG_AES
+#endif
+
 #ifdef TEST_BASE32
 #define CONFIG_BASE32
 #endif
diff --git a/third_party/boringssl/common/aes.c b/third_party/boringssl/common/aes.c
index f654cb1e73..aa213eb907 100644
--- a/third_party/boringssl/common/aes.c
+++ b/third_party/boringssl/common/aes.c
@@ -46,18 +46,17 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ==================================================================== */
 
-#include <openssl/aes.h>
-
-#include <assert.h>
-
-#include <openssl/cpu.h>
-
-#include "internal.h"
-#include "../modes/internal.h"
+#include "aes.h"
+#include "common.h"
+#include "endian.h"
 
+static inline uint32_t GETU32(const void *in) {
+  return be32toh(*(uint32_t *)in);
+}
 
-#if defined(OPENSSL_NO_ASM) || \
-    (!defined(OPENSSL_X86) && !defined(OPENSSL_X86_64) && !defined(OPENSSL_ARM))
+static inline void PUTU32(void *out, uint32_t v) {
+  *(uint32_t *)out = htobe32(v);
+}
 
 // Te0[x] = S [x].[02, 01, 01, 03];
 // Te1[x] = S [x].[03, 02, 01, 01];
@@ -534,8 +533,8 @@ static const uint32_t rcon[] = {
     // for 128-bit blocks, Rijndael never uses more than 10 rcon values
 };
 
-static int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits,
-                                    AES_KEY *aeskey) {
+int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits,
+			     AES_KEY *aeskey) {
   uint32_t *rk;
   int i = 0;
   uint32_t temp;
@@ -630,8 +629,8 @@ static int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits,
   return 0;
 }
 
-static int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits,
-                                    AES_KEY *aeskey) {
+int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits,
+			     AES_KEY *aeskey) {
   uint32_t *rk;
   int i, j, status;
   uint32_t temp;
@@ -679,13 +678,12 @@ static int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits,
   return 0;
 }
 
-static void aes_nohw_encrypt(const uint8_t *in, uint8_t *out,
-                             const AES_KEY *key) {
+void aes_nohw_encrypt(const uint8_t *in, uint8_t *out,
+		      const AES_KEY *key) {
   const uint32_t *rk;
   uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
   int r;
 
-  assert(in && out && key);
   rk = key->rd_key;
 
   // map byte array block to cipher state
@@ -741,13 +739,12 @@ static void aes_nohw_encrypt(const uint8_t *in, uint8_t *out,
   PUTU32(out + 12, s3);
 }
 
-static void aes_nohw_decrypt(const uint8_t *in, uint8_t *out,
-                             const AES_KEY *key) {
+void aes_nohw_decrypt(const uint8_t *in, uint8_t *out,
+		      const AES_KEY *key) {
   const uint32_t *rk;
   uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
   int r;
 
-  assert(in && out && key);
   rk = key->rd_key;
 
   // map byte array block to cipher state
@@ -807,53 +804,3 @@ static void aes_nohw_decrypt(const uint8_t *in, uint8_t *out,
        ((uint32_t)Td4[(t0) & 0xff]) ^ rk[3];
   PUTU32(out + 12, s3);
 }
-
-#else  // NO_ASM || (!X86 && !X86_64 && !ARM)
-
-// If not implemented in C, these functions will be provided by assembly code.
-void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
-void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
-int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits,
-                             AES_KEY *aeskey);
-int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits,
-                             AES_KEY *aeskey);
-
-#endif
-
-// Be aware that on x86(-64), the |aes_nohw_*| functions are incompatible with
-// the aes_hw_* functions. The latter set |AES_KEY.rounds| to one less than the
-// true value, which breaks the former. Therefore the two functions cannot mix.
-// Also, on Aarch64, the plain-C code, above, is incompatible with the
-// |aes_hw_*| functions.
-
-void AES_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
-  if (hwaes_capable()) {
-    aes_hw_encrypt(in, out, key);
-  } else {
-    aes_nohw_encrypt(in, out, key);
-  }
-}
-
-void AES_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
-  if (hwaes_capable()) {
-    aes_hw_decrypt(in, out, key);
-  } else {
-    aes_nohw_decrypt(in, out, key);
-  }
-}
-
-int AES_set_encrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
-  if (hwaes_capable()) {
-    return aes_hw_set_encrypt_key(key, bits, aeskey);
-  } else {
-    return aes_nohw_set_encrypt_key(key, bits, aeskey);
-  }
-}
-
-int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
-  if (hwaes_capable()) {
-    return aes_hw_set_decrypt_key(key, bits, aeskey);
-  } else {
-    return aes_nohw_set_decrypt_key(key, bits, aeskey);
-  }
-}
diff --git a/third_party/boringssl/core/cortex-m/aes.S b/third_party/boringssl/core/cortex-m/aes.S
index 434df2e2a1..fe34ef2e46 100644
--- a/third_party/boringssl/core/cortex-m/aes.S
+++ b/third_party/boringssl/core/cortex-m/aes.S
@@ -38,16 +38,7 @@
 @ Profiler-assisted and platform-specific optimization resulted in 16%
 @ improvement on Cortex A8 core and ~21.5 cycles per byte.
 
-#ifndef __KERNEL__
-# include <openssl/arm_arch.h>
-#else
-# define __ARM_ARCH__ __LINUX_ARM_ARCH__
-#endif
-
-@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
-@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 AES
-@ instructions are in aesv8-armx.pl.)
-.arch  armv7-a
+#define __ARM_ARCH__ 7
 
 .text
 #if defined(__thumb2__) && !defined(__APPLE__)
diff --git a/third_party/boringssl/include/aes.h b/third_party/boringssl/include/aes.h
index 115658542f..6418a350eb 100644
--- a/third_party/boringssl/include/aes.h
+++ b/third_party/boringssl/include/aes.h
@@ -46,125 +46,84 @@
  * OF THE POSSIBILITY OF SUCH DAMAGE.
  * ==================================================================== */
 
-#ifndef OPENSSL_HEADER_AES_H
-#define OPENSSL_HEADER_AES_H
-
-#include <openssl/base.h>
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-
-// Raw AES functions.
+#ifndef __CROS_EC_AES_H
+#define __CROS_EC_AES_H
 
+#include <stdint.h>
 
 #define AES_ENCRYPT 1
 #define AES_DECRYPT 0
 
-// AES_MAXNR is the maximum number of AES rounds.
+/* AES_MAXNR is the maximum number of AES rounds. */
 #define AES_MAXNR 14
 
 #define AES_BLOCK_SIZE 16
 
-// aes_key_st should be an opaque type, but EVP requires that the size be
-// known.
+/*
+ * aes_key_st should be an opaque type, but EVP requires that the size be
+ * known.
+ */
 struct aes_key_st {
   uint32_t rd_key[4 * (AES_MAXNR + 1)];
   unsigned rounds;
 };
 typedef struct aes_key_st AES_KEY;
 
-// AES_set_encrypt_key configures |aeskey| to encrypt with the |bits|-bit key,
-// |key|.
-//
-// WARNING: unlike other OpenSSL functions, this returns zero on success and a
-// negative number on error.
-OPENSSL_EXPORT int AES_set_encrypt_key(const uint8_t *key, unsigned bits,
-                                       AES_KEY *aeskey);
-
-// AES_set_decrypt_key configures |aeskey| to decrypt with the |bits|-bit key,
-// |key|.
-//
-// WARNING: unlike other OpenSSL functions, this returns zero on success and a
-// negative number on error.
-OPENSSL_EXPORT int AES_set_decrypt_key(const uint8_t *key, unsigned bits,
-                                       AES_KEY *aeskey);
-
-// AES_encrypt encrypts a single block from |in| to |out| with |key|. The |in|
-// and |out| pointers may overlap.
-OPENSSL_EXPORT void AES_encrypt(const uint8_t *in, uint8_t *out,
-                                const AES_KEY *key);
-
-// AES_decrypt decrypts a single block from |in| to |out| with |key|. The |in|
-// and |out| pointers may overlap.
-OPENSSL_EXPORT void AES_decrypt(const uint8_t *in, uint8_t *out,
-                                const AES_KEY *key);
-
-
-// Block cipher modes.
-
-// AES_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) |len|
-// bytes from |in| to |out|. The |num| parameter must be set to zero on the
-// first call and |ivec| will be incremented.
-OPENSSL_EXPORT void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out,
-                                       size_t len, const AES_KEY *key,
-                                       uint8_t ivec[AES_BLOCK_SIZE],
-                                       uint8_t ecount_buf[AES_BLOCK_SIZE],
-                                       unsigned int *num);
-
-// AES_ecb_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) a single,
-// 16 byte block from |in| to |out|.
-OPENSSL_EXPORT void AES_ecb_encrypt(const uint8_t *in, uint8_t *out,
-                                    const AES_KEY *key, const int enc);
-
-// AES_cbc_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
-// bytes from |in| to |out|. The length must be a multiple of the block size.
-OPENSSL_EXPORT void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
-                                    const AES_KEY *key, uint8_t *ivec,
-                                    const int enc);
-
-// AES_ofb128_encrypt encrypts (or decrypts, it's the same in OFB mode) |len|
-// bytes from |in| to |out|. The |num| parameter must be set to zero on the
-// first call.
-OPENSSL_EXPORT void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out,
-                                       size_t len, const AES_KEY *key,
-                                       uint8_t *ivec, int *num);
-
-// AES_cfb128_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
-// bytes from |in| to |out|. The |num| parameter must be set to zero on the
-// first call.
-OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out,
-                                       size_t len, const AES_KEY *key,
-                                       uint8_t *ivec, int *num, int enc);
-
-
-// AES key wrap.
-//
-// These functions implement AES Key Wrap mode, as defined in RFC 3394. They
-// should never be used except to interoperate with existing systems that use
-// this mode.
-
-// AES_wrap_key performs AES key wrap on |in| which must be a multiple of 8
-// bytes. |iv| must point to an 8 byte value or be NULL to use the default IV.
-// |key| must have been configured for encryption. On success, it writes
-// |in_len| + 8 bytes to |out| and returns |in_len| + 8. Otherwise, it returns
-// -1.
-OPENSSL_EXPORT int AES_wrap_key(const AES_KEY *key, const uint8_t *iv,
-                                uint8_t *out, const uint8_t *in, size_t in_len);
-
-// AES_unwrap_key performs AES key unwrap on |in| which must be a multiple of 8
-// bytes. |iv| must point to an 8 byte value or be NULL to use the default IV.
-// |key| must have been configured for decryption. On success, it writes
-// |in_len| - 8 bytes to |out| and returns |in_len| - 8. Otherwise, it returns
-// -1.
-OPENSSL_EXPORT int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv,
-                                  uint8_t *out, const uint8_t *in,
-                                  size_t in_len);
-
-
-#if defined(__cplusplus)
-}  // extern C
-#endif
-
-#endif  // OPENSSL_HEADER_AES_H
+/*
+ * These functions are provided by either common/aes.c, or assembly code,
+ * and should not be called directly.
+ */
+void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
+void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
+int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits,
+                             AES_KEY *aeskey);
+int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits,
+                             AES_KEY *aeskey);
+
+/**
+ * AES_set_encrypt_key configures |aeskey| to encrypt with the |bits|-bit key,
+ * |key|.
+ *
+ * WARNING: unlike other OpenSSL functions, this returns zero on success and a
+ * negative number on error.
+ */
+static inline int AES_set_encrypt_key(const uint8_t *key, unsigned int bits,
+				      AES_KEY *aeskey)
+{
+	return aes_nohw_set_encrypt_key(key, bits, aeskey);
+}
+
+/**
+ * AES_set_decrypt_key configures |aeskey| to decrypt with the |bits|-bit key,
+ * |key|.
+ *
+ * WARNING: unlike other OpenSSL functions, this returns zero on success and a
+ * negative number on error.
+ */
+static inline int AES_set_decrypt_key(const uint8_t *key, unsigned int bits,
+				      AES_KEY *aeskey)
+{
+	return aes_nohw_set_decrypt_key(key, bits, aeskey);
+}
+
+/**
+ * AES_encrypt encrypts a single block from |in| to |out| with |key|. The |in|
+ * and |out| pointers may overlap.
+ */
+static inline void AES_encrypt(const uint8_t *in, uint8_t *out,
+			       const AES_KEY *key)
+{
+	aes_nohw_encrypt(in, out, key);
+}
+
+/**
+ * AES_decrypt decrypts a single block from |in| to |out| with |key|. The |in|
+ * and |out| pointers may overlap.
+ */
+static inline void AES_decrypt(const uint8_t *in, uint8_t *out,
+			const AES_KEY *key)
+{
+	aes_nohw_decrypt(in, out, key);
+}
+
+#endif  /* __CROS_EC_AES_H */