summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolas Boichat <drinkcat@chromium.org>2018-07-05 11:40:25 +0800
committerchrome-bot <chrome-bot@chromium.org>2018-09-20 21:29:57 -0700
commite4db954045988241642e0d7d8817a43c79c2163f (patch)
tree81b5dacb05b25aab2d2f5e86154ad8f7b387c90d
parent11ef0269e90eba657bdb3e7c2ce2d9508d6221e1 (diff)
downloadchrome-ec-e4db954045988241642e0d7d8817a43c79c2163f.tar.gz
aes: Adapt AES code to build for EC
Update header, C code, and tweak the assembly for ARMv7-M. Rename aes_now_* functions to AES_* to avoid the need for a separate wrapper. Also add a test with FIPS-197 test vectors, and speed test. BRANCH=none BUG=b:111160949 TEST=make run-aes -j TEST=make BOARD=nocturne_fp test-aes -j flash_fp_mcu aes.bin runtest => pass (C implementation speed: 11977 us for 1000 iterations) (ASM implementation speed: 5815 us for 1000 iterations) Signed-off-by: Vincent Palatin <vpalatin@chromium.org> Signed-off-by: Nicolas Boichat <drinkcat@chromium.org> Change-Id: I2048aae73decccb893bc1724b2617b0b902dd992 Reviewed-on: https://chromium-review.googlesource.com/1120340 Commit-Ready: Nicolas Boichat <drinkcat@chromium.org> Tested-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-by: Adam Langley <agl@chromium.org> Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
-rw-r--r--board/meowth_fp/build.mk2
-rw-r--r--common/build.mk3
-rw-r--r--core/cortex-m/build.mk1
-rw-r--r--include/config.h3
-rw-r--r--test/aes.c144
-rw-r--r--test/aes.tasklist17
-rw-r--r--test/build.mk5
-rw-r--r--test/test_config.h4
-rw-r--r--third_party/boringssl/common/aes.c87
-rw-r--r--third_party/boringssl/core/cortex-m/aes.S11
-rw-r--r--third_party/boringssl/include/aes.h173
11 files changed, 262 insertions, 188 deletions
diff --git a/board/meowth_fp/build.mk b/board/meowth_fp/build.mk
index e69fbd3f2e..2c7a5d3d73 100644
--- a/board/meowth_fp/build.mk
+++ b/board/meowth_fp/build.mk
@@ -10,3 +10,5 @@ CHIP_FAMILY:=stm32h7
CHIP_VARIANT:=stm32h7x3
board-y=board.o
+
+test-list-y=aes sha256 sha256_unrolled
diff --git a/common/build.mk b/common/build.mk
index 06557c3737..eb03c46683 100644
--- a/common/build.mk
+++ b/common/build.mk
@@ -16,6 +16,9 @@ common-$(CONFIG_ACCELGYRO_LSM6DSM)+=math_util.o
common-$(CONFIG_ACCEL_LIS2DH)+=math_util.o
common-$(CONFIG_ACCEL_KXCJ9)+=math_util.o
common-$(CONFIG_ACCEL_KX022)+=math_util.o
+ifneq ($(CORE),cortex-m)
+common-$(CONFIG_AES)+=aes.o
+endif
common-$(CONFIG_CMD_ADC)+=adc.o
common-$(HAS_TASK_ALS)+=als.o
common-$(CONFIG_AP_HANG_DETECT)+=ap_hang_detect.o
diff --git a/core/cortex-m/build.mk b/core/cortex-m/build.mk
index b07a2914de..e86ba23c59 100644
--- a/core/cortex-m/build.mk
+++ b/core/cortex-m/build.mk
@@ -23,6 +23,7 @@ LDFLAGS_EXTRA+=-flto
endif
core-y=cpu.o init.o ldivmod.o llsr.o uldivmod.o vecttable.o
+core-$(CONFIG_AES)+=aes.o
core-$(CONFIG_ARMV7M_CACHE)+=cache.o
core-$(CONFIG_COMMON_PANIC_OUTPUT)+=panic.o
core-$(CONFIG_COMMON_RUNTIME)+=switch.o task.o
diff --git a/include/config.h b/include/config.h
index 6a241e81fa..bb666278aa 100644
--- a/include/config.h
+++ b/include/config.h
@@ -159,6 +159,9 @@
#define CONFIG_ADC_PROFILE_SINGLE
#undef CONFIG_ADC_PROFILE_FAST_CONTINUOUS
+/* Support AES symmetric-key algorithm */
+#undef CONFIG_AES
+
/*
* Some ALS modules may be connected to the EC. We need the command, and
* specific drivers for each module.
diff --git a/test/aes.c b/test/aes.c
new file mode 100644
index 0000000000..18791cf7b7
--- /dev/null
+++ b/test/aes.c
@@ -0,0 +1,144 @@
+/* Copyright 2018 The Chromium OS Authors. All rights reserved.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include "aes.h"
+#include "console.h"
+#include "common.h"
+#include "test_util.h"
+#include "timer.h"
+#include "util.h"
+#include "watchdog.h"
+
+static int test_aes_raw(const uint8_t *key, int key_size,
+ const uint8_t *plaintext, const uint8_t *ciphertext)
+{
+ AES_KEY aes_key;
+ uint8_t block[AES_BLOCK_SIZE];
+
+ TEST_ASSERT(AES_set_encrypt_key(key, 8 * key_size, &aes_key) == 0);
+
+ /* Test encryption. */
+ AES_encrypt(plaintext, block, &aes_key);
+ TEST_ASSERT_ARRAY_EQ(ciphertext, block, sizeof(block));
+
+ /* Test in-place encryption. */
+ memcpy(block, plaintext, AES_BLOCK_SIZE);
+ AES_encrypt(block, block, &aes_key);
+ TEST_ASSERT_ARRAY_EQ(ciphertext, block, sizeof(block));
+
+ TEST_ASSERT(AES_set_decrypt_key(key, 8 * key_size, &aes_key) == 0);
+
+ /* Test decryption. */
+ AES_decrypt(ciphertext, block, &aes_key);
+ TEST_ASSERT_ARRAY_EQ(plaintext, block, sizeof(block));
+
+ /* Test in-place decryption. */
+ memcpy(block, ciphertext, AES_BLOCK_SIZE);
+ AES_decrypt(block, block, &aes_key);
+ TEST_ASSERT_ARRAY_EQ(plaintext, block, sizeof(block));
+
+ return EC_SUCCESS;
+}
+
+static int test_aes(void)
+{
+ /* Test vectors from FIPS-197, Appendix C. */
+ static const uint8_t key1[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ };
+ static const uint8_t plain1[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+ };
+ static const uint8_t cipher1[] = {
+ 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
+ 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a,
+ };
+
+ static const uint8_t key2[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ };
+ static const uint8_t plain2[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+ };
+ static const uint8_t cipher2[] = {
+ 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0,
+ 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91,
+ };
+
+ static const uint8_t key3[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ };
+ static const uint8_t plain3[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+ };
+ static const uint8_t cipher3[] = {
+ 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
+ 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89,
+ };
+
+ TEST_ASSERT(!test_aes_raw(key1, sizeof(key1), plain1, cipher1));
+ TEST_ASSERT(!test_aes_raw(key2, sizeof(key2), plain2, cipher2));
+ TEST_ASSERT(!test_aes_raw(key3, sizeof(key3), plain3, cipher3));
+
+ return EC_SUCCESS;
+}
+
+static void test_aes_speed(void)
+{
+ int i;
+ /* Test vectors from FIPS-197, Appendix C. */
+ static const uint8_t key[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ };
+ const int key_size = sizeof(key);
+ static const uint8_t plaintext[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+ };
+
+ AES_KEY aes_key;
+ uint8_t block[AES_BLOCK_SIZE];
+ timestamp_t t0, t1;
+
+ AES_set_encrypt_key(key, 8 * key_size, &aes_key);
+ AES_encrypt(plaintext, block, &aes_key);
+ t0 = get_time();
+ for (i = 0; i < 1000; i++)
+ AES_encrypt(block, block, &aes_key);
+ t1 = get_time();
+ ccprintf("AES duration %ld us\n", t1.val - t0.val);
+}
+
+void run_test(void)
+{
+ watchdog_reload();
+
+ /* do not check result, just as a benchmark */
+ test_aes_speed();
+
+ watchdog_reload();
+ RUN_TEST(test_aes);
+
+ test_print_result();
+}
diff --git a/test/aes.tasklist b/test/aes.tasklist
new file mode 100644
index 0000000000..de4df33e13
--- /dev/null
+++ b/test/aes.tasklist
@@ -0,0 +1,17 @@
+/* Copyright 2018 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/**
+ * List of enabled tasks in the priority order
+ *
+ * The first one has the lowest priority.
+ *
+ * For each task, use the macro TASK_TEST(n, r, d, s) where :
+ * 'n' in the name of the task
+ * 'r' in the main routine of the task
+ * 'd' in an opaque parameter passed to the routine at startup
+ * 's' is the stack size in bytes; must be a multiple of 8
+ */
+#define CONFIG_TEST_TASK_LIST
diff --git a/test/build.mk b/test/build.mk
index f03b614469..b16b15e702 100644
--- a/test/build.mk
+++ b/test/build.mk
@@ -13,7 +13,8 @@ test-list-y ?= pingpong timer_calib timer_dos timer_jump mutex utils utils_str
ifneq ($(TEST_LIST_HOST),)
test-list-host=$(TEST_LIST_HOST)
else
-test-list-host = base32
+test-list-host = aes
+test-list-host += base32
test-list-host += battery_get_params_smart
test-list-host += bklight_lid
test-list-host += bklight_passthru
@@ -66,6 +67,8 @@ test-list-host += vboot
test-list-host += x25519
endif
+
+aes-y=aes.o
base32-y=base32.o
battery_get_params_smart-y=battery_get_params_smart.o
bklight_lid-y=bklight_lid.o
diff --git a/test/test_config.h b/test/test_config.h
index 5c57de1be1..3833661af6 100644
--- a/test/test_config.h
+++ b/test/test_config.h
@@ -18,6 +18,10 @@
#undef CONFIG_VBOOT_HASH
#undef CONFIG_USB_PD_LOGGING
+#ifdef TEST_AES
+#define CONFIG_AES
+#endif
+
#ifdef TEST_BASE32
#define CONFIG_BASE32
#endif
diff --git a/third_party/boringssl/common/aes.c b/third_party/boringssl/common/aes.c
index f654cb1e73..aa213eb907 100644
--- a/third_party/boringssl/common/aes.c
+++ b/third_party/boringssl/common/aes.c
@@ -46,18 +46,17 @@
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ==================================================================== */
-#include <openssl/aes.h>
-
-#include <assert.h>
-
-#include <openssl/cpu.h>
-
-#include "internal.h"
-#include "../modes/internal.h"
+#include "aes.h"
+#include "common.h"
+#include "endian.h"
+static inline uint32_t GETU32(const void *in) {
+ return be32toh(*(uint32_t *)in);
+}
-#if defined(OPENSSL_NO_ASM) || \
- (!defined(OPENSSL_X86) && !defined(OPENSSL_X86_64) && !defined(OPENSSL_ARM))
+static inline void PUTU32(void *out, uint32_t v) {
+ *(uint32_t *)out = htobe32(v);
+}
// Te0[x] = S [x].[02, 01, 01, 03];
// Te1[x] = S [x].[03, 02, 01, 01];
@@ -534,8 +533,8 @@ static const uint32_t rcon[] = {
// for 128-bit blocks, Rijndael never uses more than 10 rcon values
};
-static int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits,
- AES_KEY *aeskey) {
+int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits,
+ AES_KEY *aeskey) {
uint32_t *rk;
int i = 0;
uint32_t temp;
@@ -630,8 +629,8 @@ static int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits,
return 0;
}
-static int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits,
- AES_KEY *aeskey) {
+int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits,
+ AES_KEY *aeskey) {
uint32_t *rk;
int i, j, status;
uint32_t temp;
@@ -679,13 +678,12 @@ static int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits,
return 0;
}
-static void aes_nohw_encrypt(const uint8_t *in, uint8_t *out,
- const AES_KEY *key) {
+void aes_nohw_encrypt(const uint8_t *in, uint8_t *out,
+ const AES_KEY *key) {
const uint32_t *rk;
uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
int r;
- assert(in && out && key);
rk = key->rd_key;
// map byte array block to cipher state
@@ -741,13 +739,12 @@ static void aes_nohw_encrypt(const uint8_t *in, uint8_t *out,
PUTU32(out + 12, s3);
}
-static void aes_nohw_decrypt(const uint8_t *in, uint8_t *out,
- const AES_KEY *key) {
+void aes_nohw_decrypt(const uint8_t *in, uint8_t *out,
+ const AES_KEY *key) {
const uint32_t *rk;
uint32_t s0, s1, s2, s3, t0, t1, t2, t3;
int r;
- assert(in && out && key);
rk = key->rd_key;
// map byte array block to cipher state
@@ -807,53 +804,3 @@ static void aes_nohw_decrypt(const uint8_t *in, uint8_t *out,
((uint32_t)Td4[(t0) & 0xff]) ^ rk[3];
PUTU32(out + 12, s3);
}
-
-#else // NO_ASM || (!X86 && !X86_64 && !ARM)
-
-// If not implemented in C, these functions will be provided by assembly code.
-void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
-void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
-int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits,
- AES_KEY *aeskey);
-int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits,
- AES_KEY *aeskey);
-
-#endif
-
-// Be aware that on x86(-64), the |aes_nohw_*| functions are incompatible with
-// the aes_hw_* functions. The latter set |AES_KEY.rounds| to one less than the
-// true value, which breaks the former. Therefore the two functions cannot mix.
-// Also, on Aarch64, the plain-C code, above, is incompatible with the
-// |aes_hw_*| functions.
-
-void AES_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
- if (hwaes_capable()) {
- aes_hw_encrypt(in, out, key);
- } else {
- aes_nohw_encrypt(in, out, key);
- }
-}
-
-void AES_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) {
- if (hwaes_capable()) {
- aes_hw_decrypt(in, out, key);
- } else {
- aes_nohw_decrypt(in, out, key);
- }
-}
-
-int AES_set_encrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
- if (hwaes_capable()) {
- return aes_hw_set_encrypt_key(key, bits, aeskey);
- } else {
- return aes_nohw_set_encrypt_key(key, bits, aeskey);
- }
-}
-
-int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) {
- if (hwaes_capable()) {
- return aes_hw_set_decrypt_key(key, bits, aeskey);
- } else {
- return aes_nohw_set_decrypt_key(key, bits, aeskey);
- }
-}
diff --git a/third_party/boringssl/core/cortex-m/aes.S b/third_party/boringssl/core/cortex-m/aes.S
index 434df2e2a1..fe34ef2e46 100644
--- a/third_party/boringssl/core/cortex-m/aes.S
+++ b/third_party/boringssl/core/cortex-m/aes.S
@@ -38,16 +38,7 @@
@ Profiler-assisted and platform-specific optimization resulted in 16%
@ improvement on Cortex A8 core and ~21.5 cycles per byte.
-#ifndef __KERNEL__
-# include <openssl/arm_arch.h>
-#else
-# define __ARM_ARCH__ __LINUX_ARM_ARCH__
-#endif
-
-@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both
-@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 AES
-@ instructions are in aesv8-armx.pl.)
-.arch armv7-a
+#define __ARM_ARCH__ 7
.text
#if defined(__thumb2__) && !defined(__APPLE__)
diff --git a/third_party/boringssl/include/aes.h b/third_party/boringssl/include/aes.h
index 115658542f..6418a350eb 100644
--- a/third_party/boringssl/include/aes.h
+++ b/third_party/boringssl/include/aes.h
@@ -46,125 +46,84 @@
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ==================================================================== */
-#ifndef OPENSSL_HEADER_AES_H
-#define OPENSSL_HEADER_AES_H
-
-#include <openssl/base.h>
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-
-// Raw AES functions.
+#ifndef __CROS_EC_AES_H
+#define __CROS_EC_AES_H
+#include <stdint.h>
#define AES_ENCRYPT 1
#define AES_DECRYPT 0
-// AES_MAXNR is the maximum number of AES rounds.
+/* AES_MAXNR is the maximum number of AES rounds. */
#define AES_MAXNR 14
#define AES_BLOCK_SIZE 16
-// aes_key_st should be an opaque type, but EVP requires that the size be
-// known.
+/*
+ * aes_key_st should be an opaque type, but EVP requires that the size be
+ * known.
+ */
struct aes_key_st {
uint32_t rd_key[4 * (AES_MAXNR + 1)];
unsigned rounds;
};
typedef struct aes_key_st AES_KEY;
-// AES_set_encrypt_key configures |aeskey| to encrypt with the |bits|-bit key,
-// |key|.
-//
-// WARNING: unlike other OpenSSL functions, this returns zero on success and a
-// negative number on error.
-OPENSSL_EXPORT int AES_set_encrypt_key(const uint8_t *key, unsigned bits,
- AES_KEY *aeskey);
-
-// AES_set_decrypt_key configures |aeskey| to decrypt with the |bits|-bit key,
-// |key|.
-//
-// WARNING: unlike other OpenSSL functions, this returns zero on success and a
-// negative number on error.
-OPENSSL_EXPORT int AES_set_decrypt_key(const uint8_t *key, unsigned bits,
- AES_KEY *aeskey);
-
-// AES_encrypt encrypts a single block from |in| to |out| with |key|. The |in|
-// and |out| pointers may overlap.
-OPENSSL_EXPORT void AES_encrypt(const uint8_t *in, uint8_t *out,
- const AES_KEY *key);
-
-// AES_decrypt decrypts a single block from |in| to |out| with |key|. The |in|
-// and |out| pointers may overlap.
-OPENSSL_EXPORT void AES_decrypt(const uint8_t *in, uint8_t *out,
- const AES_KEY *key);
-
-
-// Block cipher modes.
-
-// AES_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) |len|
-// bytes from |in| to |out|. The |num| parameter must be set to zero on the
-// first call and |ivec| will be incremented.
-OPENSSL_EXPORT void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out,
- size_t len, const AES_KEY *key,
- uint8_t ivec[AES_BLOCK_SIZE],
- uint8_t ecount_buf[AES_BLOCK_SIZE],
- unsigned int *num);
-
-// AES_ecb_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) a single,
-// 16 byte block from |in| to |out|.
-OPENSSL_EXPORT void AES_ecb_encrypt(const uint8_t *in, uint8_t *out,
- const AES_KEY *key, const int enc);
-
-// AES_cbc_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
-// bytes from |in| to |out|. The length must be a multiple of the block size.
-OPENSSL_EXPORT void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len,
- const AES_KEY *key, uint8_t *ivec,
- const int enc);
-
-// AES_ofb128_encrypt encrypts (or decrypts, it's the same in OFB mode) |len|
-// bytes from |in| to |out|. The |num| parameter must be set to zero on the
-// first call.
-OPENSSL_EXPORT void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out,
- size_t len, const AES_KEY *key,
- uint8_t *ivec, int *num);
-
-// AES_cfb128_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len|
-// bytes from |in| to |out|. The |num| parameter must be set to zero on the
-// first call.
-OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out,
- size_t len, const AES_KEY *key,
- uint8_t *ivec, int *num, int enc);
-
-
-// AES key wrap.
-//
-// These functions implement AES Key Wrap mode, as defined in RFC 3394. They
-// should never be used except to interoperate with existing systems that use
-// this mode.
-
-// AES_wrap_key performs AES key wrap on |in| which must be a multiple of 8
-// bytes. |iv| must point to an 8 byte value or be NULL to use the default IV.
-// |key| must have been configured for encryption. On success, it writes
-// |in_len| + 8 bytes to |out| and returns |in_len| + 8. Otherwise, it returns
-// -1.
-OPENSSL_EXPORT int AES_wrap_key(const AES_KEY *key, const uint8_t *iv,
- uint8_t *out, const uint8_t *in, size_t in_len);
-
-// AES_unwrap_key performs AES key unwrap on |in| which must be a multiple of 8
-// bytes. |iv| must point to an 8 byte value or be NULL to use the default IV.
-// |key| must have been configured for decryption. On success, it writes
-// |in_len| - 8 bytes to |out| and returns |in_len| - 8. Otherwise, it returns
-// -1.
-OPENSSL_EXPORT int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv,
- uint8_t *out, const uint8_t *in,
- size_t in_len);
-
-
-#if defined(__cplusplus)
-} // extern C
-#endif
-
-#endif // OPENSSL_HEADER_AES_H
+/*
+ * These functions are provided by either common/aes.c, or assembly code,
+ * and should not be called directly.
+ */
+void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
+void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key);
+int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits,
+ AES_KEY *aeskey);
+int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits,
+ AES_KEY *aeskey);
+
+/**
+ * AES_set_encrypt_key configures |aeskey| to encrypt with the |bits|-bit key,
+ * |key|.
+ *
+ * WARNING: unlike other OpenSSL functions, this returns zero on success and a
+ * negative number on error.
+ */
+static inline int AES_set_encrypt_key(const uint8_t *key, unsigned int bits,
+ AES_KEY *aeskey)
+{
+ return aes_nohw_set_encrypt_key(key, bits, aeskey);
+}
+
+/**
+ * AES_set_decrypt_key configures |aeskey| to decrypt with the |bits|-bit key,
+ * |key|.
+ *
+ * WARNING: unlike other OpenSSL functions, this returns zero on success and a
+ * negative number on error.
+ */
+static inline int AES_set_decrypt_key(const uint8_t *key, unsigned int bits,
+ AES_KEY *aeskey)
+{
+ return aes_nohw_set_decrypt_key(key, bits, aeskey);
+}
+
+/**
+ * AES_encrypt encrypts a single block from |in| to |out| with |key|. The |in|
+ * and |out| pointers may overlap.
+ */
+static inline void AES_encrypt(const uint8_t *in, uint8_t *out,
+ const AES_KEY *key)
+{
+ aes_nohw_encrypt(in, out, key);
+}
+
+/**
+ * AES_decrypt decrypts a single block from |in| to |out| with |key|. The |in|
+ * and |out| pointers may overlap.
+ */
+static inline void AES_decrypt(const uint8_t *in, uint8_t *out,
+ const AES_KEY *key)
+{
+ aes_nohw_decrypt(in, out, key);
+}
+
+#endif /* __CROS_EC_AES_H */