diff options
author | Nicolas Boichat <drinkcat@chromium.org> | 2018-07-05 11:40:25 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-09-20 21:29:57 -0700 |
commit | e4db954045988241642e0d7d8817a43c79c2163f (patch) | |
tree | 81b5dacb05b25aab2d2f5e86154ad8f7b387c90d | |
parent | 11ef0269e90eba657bdb3e7c2ce2d9508d6221e1 (diff) | |
download | chrome-ec-e4db954045988241642e0d7d8817a43c79c2163f.tar.gz |
aes: Adapt AES code to build for EC
Update header, C code, and tweak the assembly for ARMv7-M.
Rename aes_now_* functions to AES_* to avoid the need for a
separate wrapper.
Also add a test with FIPS-197 test vectors, and speed test.
BRANCH=none
BUG=b:111160949
TEST=make run-aes -j
TEST=make BOARD=nocturne_fp test-aes -j
flash_fp_mcu aes.bin
runtest => pass
(C implementation speed: 11977 us for 1000 iterations)
(ASM implementation speed: 5815 us for 1000 iterations)
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Change-Id: I2048aae73decccb893bc1724b2617b0b902dd992
Reviewed-on: https://chromium-review.googlesource.com/1120340
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Adam Langley <agl@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
-rw-r--r-- | board/meowth_fp/build.mk | 2 | ||||
-rw-r--r-- | common/build.mk | 3 | ||||
-rw-r--r-- | core/cortex-m/build.mk | 1 | ||||
-rw-r--r-- | include/config.h | 3 | ||||
-rw-r--r-- | test/aes.c | 144 | ||||
-rw-r--r-- | test/aes.tasklist | 17 | ||||
-rw-r--r-- | test/build.mk | 5 | ||||
-rw-r--r-- | test/test_config.h | 4 | ||||
-rw-r--r-- | third_party/boringssl/common/aes.c | 87 | ||||
-rw-r--r-- | third_party/boringssl/core/cortex-m/aes.S | 11 | ||||
-rw-r--r-- | third_party/boringssl/include/aes.h | 173 |
11 files changed, 262 insertions, 188 deletions
diff --git a/board/meowth_fp/build.mk b/board/meowth_fp/build.mk index e69fbd3f2e..2c7a5d3d73 100644 --- a/board/meowth_fp/build.mk +++ b/board/meowth_fp/build.mk @@ -10,3 +10,5 @@ CHIP_FAMILY:=stm32h7 CHIP_VARIANT:=stm32h7x3 board-y=board.o + +test-list-y=aes sha256 sha256_unrolled diff --git a/common/build.mk b/common/build.mk index 06557c3737..eb03c46683 100644 --- a/common/build.mk +++ b/common/build.mk @@ -16,6 +16,9 @@ common-$(CONFIG_ACCELGYRO_LSM6DSM)+=math_util.o common-$(CONFIG_ACCEL_LIS2DH)+=math_util.o common-$(CONFIG_ACCEL_KXCJ9)+=math_util.o common-$(CONFIG_ACCEL_KX022)+=math_util.o +ifneq ($(CORE),cortex-m) +common-$(CONFIG_AES)+=aes.o +endif common-$(CONFIG_CMD_ADC)+=adc.o common-$(HAS_TASK_ALS)+=als.o common-$(CONFIG_AP_HANG_DETECT)+=ap_hang_detect.o diff --git a/core/cortex-m/build.mk b/core/cortex-m/build.mk index b07a2914de..e86ba23c59 100644 --- a/core/cortex-m/build.mk +++ b/core/cortex-m/build.mk @@ -23,6 +23,7 @@ LDFLAGS_EXTRA+=-flto endif core-y=cpu.o init.o ldivmod.o llsr.o uldivmod.o vecttable.o +core-$(CONFIG_AES)+=aes.o core-$(CONFIG_ARMV7M_CACHE)+=cache.o core-$(CONFIG_COMMON_PANIC_OUTPUT)+=panic.o core-$(CONFIG_COMMON_RUNTIME)+=switch.o task.o diff --git a/include/config.h b/include/config.h index 6a241e81fa..bb666278aa 100644 --- a/include/config.h +++ b/include/config.h @@ -159,6 +159,9 @@ #define CONFIG_ADC_PROFILE_SINGLE #undef CONFIG_ADC_PROFILE_FAST_CONTINUOUS +/* Support AES symmetric-key algorithm */ +#undef CONFIG_AES + /* * Some ALS modules may be connected to the EC. We need the command, and * specific drivers for each module. diff --git a/test/aes.c b/test/aes.c new file mode 100644 index 0000000000..18791cf7b7 --- /dev/null +++ b/test/aes.c @@ -0,0 +1,144 @@ +/* Copyright 2018 The Chromium OS Authors. All rights reserved. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "aes.h" +#include "console.h" +#include "common.h" +#include "test_util.h" +#include "timer.h" +#include "util.h" +#include "watchdog.h" + +static int test_aes_raw(const uint8_t *key, int key_size, + const uint8_t *plaintext, const uint8_t *ciphertext) +{ + AES_KEY aes_key; + uint8_t block[AES_BLOCK_SIZE]; + + TEST_ASSERT(AES_set_encrypt_key(key, 8 * key_size, &aes_key) == 0); + + /* Test encryption. */ + AES_encrypt(plaintext, block, &aes_key); + TEST_ASSERT_ARRAY_EQ(ciphertext, block, sizeof(block)); + + /* Test in-place encryption. */ + memcpy(block, plaintext, AES_BLOCK_SIZE); + AES_encrypt(block, block, &aes_key); + TEST_ASSERT_ARRAY_EQ(ciphertext, block, sizeof(block)); + + TEST_ASSERT(AES_set_decrypt_key(key, 8 * key_size, &aes_key) == 0); + + /* Test decryption. */ + AES_decrypt(ciphertext, block, &aes_key); + TEST_ASSERT_ARRAY_EQ(plaintext, block, sizeof(block)); + + /* Test in-place decryption. */ + memcpy(block, ciphertext, AES_BLOCK_SIZE); + AES_decrypt(block, block, &aes_key); + TEST_ASSERT_ARRAY_EQ(plaintext, block, sizeof(block)); + + return EC_SUCCESS; +} + +static int test_aes(void) +{ + /* Test vectors from FIPS-197, Appendix C. */ + static const uint8_t key1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }; + static const uint8_t plain1[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, + }; + static const uint8_t cipher1[] = { + 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, + 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a, + }; + + static const uint8_t key2[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + }; + static const uint8_t plain2[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, + }; + static const uint8_t cipher2[] = { + 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0, + 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91, + }; + + static const uint8_t key3[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + }; + static const uint8_t plain3[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, + }; + static const uint8_t cipher3[] = { + 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf, + 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89, + }; + + TEST_ASSERT(!test_aes_raw(key1, sizeof(key1), plain1, cipher1)); + TEST_ASSERT(!test_aes_raw(key2, sizeof(key2), plain2, cipher2)); + TEST_ASSERT(!test_aes_raw(key3, sizeof(key3), plain3, cipher3)); + + return EC_SUCCESS; +} + +static void test_aes_speed(void) +{ + int i; + /* Test vectors from FIPS-197, Appendix C. */ + static const uint8_t key[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + }; + const int key_size = sizeof(key); + static const uint8_t plaintext[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, + }; + + AES_KEY aes_key; + uint8_t block[AES_BLOCK_SIZE]; + timestamp_t t0, t1; + + AES_set_encrypt_key(key, 8 * key_size, &aes_key); + AES_encrypt(plaintext, block, &aes_key); + t0 = get_time(); + for (i = 0; i < 1000; i++) + AES_encrypt(block, block, &aes_key); + t1 = get_time(); + ccprintf("AES duration %ld us\n", t1.val - t0.val); +} + +void run_test(void) +{ + watchdog_reload(); + + /* do not check result, just as a benchmark */ + test_aes_speed(); + + watchdog_reload(); + RUN_TEST(test_aes); + + test_print_result(); +} diff --git a/test/aes.tasklist b/test/aes.tasklist new file mode 100644 index 0000000000..de4df33e13 --- /dev/null +++ b/test/aes.tasklist @@ -0,0 +1,17 @@ +/* Copyright 2018 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/** + * List of enabled tasks in the priority order + * + * The first one has the lowest priority. + * + * For each task, use the macro TASK_TEST(n, r, d, s) where : + * 'n' in the name of the task + * 'r' in the main routine of the task + * 'd' in an opaque parameter passed to the routine at startup + * 's' is the stack size in bytes; must be a multiple of 8 + */ +#define CONFIG_TEST_TASK_LIST diff --git a/test/build.mk b/test/build.mk index f03b614469..b16b15e702 100644 --- a/test/build.mk +++ b/test/build.mk @@ -13,7 +13,8 @@ test-list-y ?= pingpong timer_calib timer_dos timer_jump mutex utils utils_str ifneq ($(TEST_LIST_HOST),) test-list-host=$(TEST_LIST_HOST) else -test-list-host = base32 +test-list-host = aes +test-list-host += base32 test-list-host += battery_get_params_smart test-list-host += bklight_lid test-list-host += bklight_passthru @@ -66,6 +67,8 @@ test-list-host += vboot test-list-host += x25519 endif + +aes-y=aes.o base32-y=base32.o battery_get_params_smart-y=battery_get_params_smart.o bklight_lid-y=bklight_lid.o diff --git a/test/test_config.h b/test/test_config.h index 5c57de1be1..3833661af6 100644 --- a/test/test_config.h +++ b/test/test_config.h @@ -18,6 +18,10 @@ #undef CONFIG_VBOOT_HASH #undef CONFIG_USB_PD_LOGGING +#ifdef TEST_AES +#define CONFIG_AES +#endif + #ifdef TEST_BASE32 #define CONFIG_BASE32 #endif diff --git a/third_party/boringssl/common/aes.c b/third_party/boringssl/common/aes.c index f654cb1e73..aa213eb907 100644 --- a/third_party/boringssl/common/aes.c +++ b/third_party/boringssl/common/aes.c @@ -46,18 +46,17 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ -#include <openssl/aes.h> - -#include <assert.h> - -#include <openssl/cpu.h> - -#include "internal.h" -#include "../modes/internal.h" +#include "aes.h" +#include "common.h" +#include "endian.h" +static inline uint32_t GETU32(const void *in) { + return be32toh(*(uint32_t *)in); +} -#if defined(OPENSSL_NO_ASM) || \ - (!defined(OPENSSL_X86) && !defined(OPENSSL_X86_64) && !defined(OPENSSL_ARM)) +static inline void PUTU32(void *out, uint32_t v) { + *(uint32_t *)out = htobe32(v); +} // Te0[x] = S [x].[02, 01, 01, 03]; // Te1[x] = S [x].[03, 02, 01, 01]; @@ -534,8 +533,8 @@ static const uint32_t rcon[] = { // for 128-bit blocks, Rijndael never uses more than 10 rcon values }; -static int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey) { +int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey) { uint32_t *rk; int i = 0; uint32_t temp; @@ -630,8 +629,8 @@ static int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, return 0; } -static int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey) { +int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey) { uint32_t *rk; int i, j, status; uint32_t temp; @@ -679,13 +678,12 @@ static int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, return 0; } -static void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key) { +void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { const uint32_t *rk; uint32_t s0, s1, s2, s3, t0, t1, t2, t3; int r; - assert(in && out && key); rk = key->rd_key; // map byte array block to cipher state @@ -741,13 +739,12 @@ static void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, PUTU32(out + 12, s3); } -static void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key) { +void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { const uint32_t *rk; uint32_t s0, s1, s2, s3, t0, t1, t2, t3; int r; - assert(in && out && key); rk = key->rd_key; // map byte array block to cipher state @@ -807,53 +804,3 @@ static void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, ((uint32_t)Td4[(t0) & 0xff]) ^ rk[3]; PUTU32(out + 12, s3); } - -#else // NO_ASM || (!X86 && !X86_64 && !ARM) - -// If not implemented in C, these functions will be provided by assembly code. -void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); -void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); -int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey); -int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey); - -#endif - -// Be aware that on x86(-64), the |aes_nohw_*| functions are incompatible with -// the aes_hw_* functions. The latter set |AES_KEY.rounds| to one less than the -// true value, which breaks the former. Therefore the two functions cannot mix. -// Also, on Aarch64, the plain-C code, above, is incompatible with the -// |aes_hw_*| functions. - -void AES_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { - if (hwaes_capable()) { - aes_hw_encrypt(in, out, key); - } else { - aes_nohw_encrypt(in, out, key); - } -} - -void AES_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { - if (hwaes_capable()) { - aes_hw_decrypt(in, out, key); - } else { - aes_nohw_decrypt(in, out, key); - } -} - -int AES_set_encrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) { - if (hwaes_capable()) { - return aes_hw_set_encrypt_key(key, bits, aeskey); - } else { - return aes_nohw_set_encrypt_key(key, bits, aeskey); - } -} - -int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) { - if (hwaes_capable()) { - return aes_hw_set_decrypt_key(key, bits, aeskey); - } else { - return aes_nohw_set_decrypt_key(key, bits, aeskey); - } -} diff --git a/third_party/boringssl/core/cortex-m/aes.S b/third_party/boringssl/core/cortex-m/aes.S index 434df2e2a1..fe34ef2e46 100644 --- a/third_party/boringssl/core/cortex-m/aes.S +++ b/third_party/boringssl/core/cortex-m/aes.S @@ -38,16 +38,7 @@ @ Profiler-assisted and platform-specific optimization resulted in 16% @ improvement on Cortex A8 core and ~21.5 cycles per byte. -#ifndef __KERNEL__ -# include <openssl/arm_arch.h> -#else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ -#endif - -@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both -@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 AES -@ instructions are in aesv8-armx.pl.) -.arch armv7-a +#define __ARM_ARCH__ 7 .text #if defined(__thumb2__) && !defined(__APPLE__) diff --git a/third_party/boringssl/include/aes.h b/third_party/boringssl/include/aes.h index 115658542f..6418a350eb 100644 --- a/third_party/boringssl/include/aes.h +++ b/third_party/boringssl/include/aes.h @@ -46,125 +46,84 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ -#ifndef OPENSSL_HEADER_AES_H -#define OPENSSL_HEADER_AES_H - -#include <openssl/base.h> - -#if defined(__cplusplus) -extern "C" { -#endif - - -// Raw AES functions. +#ifndef __CROS_EC_AES_H +#define __CROS_EC_AES_H +#include <stdint.h> #define AES_ENCRYPT 1 #define AES_DECRYPT 0 -// AES_MAXNR is the maximum number of AES rounds. +/* AES_MAXNR is the maximum number of AES rounds. */ #define AES_MAXNR 14 #define AES_BLOCK_SIZE 16 -// aes_key_st should be an opaque type, but EVP requires that the size be -// known. +/* + * aes_key_st should be an opaque type, but EVP requires that the size be + * known. + */ struct aes_key_st { uint32_t rd_key[4 * (AES_MAXNR + 1)]; unsigned rounds; }; typedef struct aes_key_st AES_KEY; -// AES_set_encrypt_key configures |aeskey| to encrypt with the |bits|-bit key, -// |key|. -// -// WARNING: unlike other OpenSSL functions, this returns zero on success and a -// negative number on error. -OPENSSL_EXPORT int AES_set_encrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey); - -// AES_set_decrypt_key configures |aeskey| to decrypt with the |bits|-bit key, -// |key|. -// -// WARNING: unlike other OpenSSL functions, this returns zero on success and a -// negative number on error. -OPENSSL_EXPORT int AES_set_decrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey); - -// AES_encrypt encrypts a single block from |in| to |out| with |key|. The |in| -// and |out| pointers may overlap. -OPENSSL_EXPORT void AES_encrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key); - -// AES_decrypt decrypts a single block from |in| to |out| with |key|. The |in| -// and |out| pointers may overlap. -OPENSSL_EXPORT void AES_decrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key); - - -// Block cipher modes. - -// AES_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) |len| -// bytes from |in| to |out|. The |num| parameter must be set to zero on the -// first call and |ivec| will be incremented. -OPENSSL_EXPORT void AES_ctr128_encrypt(const uint8_t *in, uint8_t *out, - size_t len, const AES_KEY *key, - uint8_t ivec[AES_BLOCK_SIZE], - uint8_t ecount_buf[AES_BLOCK_SIZE], - unsigned int *num); - -// AES_ecb_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) a single, -// 16 byte block from |in| to |out|. -OPENSSL_EXPORT void AES_ecb_encrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key, const int enc); - -// AES_cbc_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len| -// bytes from |in| to |out|. The length must be a multiple of the block size. -OPENSSL_EXPORT void AES_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t len, - const AES_KEY *key, uint8_t *ivec, - const int enc); - -// AES_ofb128_encrypt encrypts (or decrypts, it's the same in OFB mode) |len| -// bytes from |in| to |out|. The |num| parameter must be set to zero on the -// first call. -OPENSSL_EXPORT void AES_ofb128_encrypt(const uint8_t *in, uint8_t *out, - size_t len, const AES_KEY *key, - uint8_t *ivec, int *num); - -// AES_cfb128_encrypt encrypts (or decrypts, if |enc| == |AES_DECRYPT|) |len| -// bytes from |in| to |out|. The |num| parameter must be set to zero on the -// first call. -OPENSSL_EXPORT void AES_cfb128_encrypt(const uint8_t *in, uint8_t *out, - size_t len, const AES_KEY *key, - uint8_t *ivec, int *num, int enc); - - -// AES key wrap. -// -// These functions implement AES Key Wrap mode, as defined in RFC 3394. They -// should never be used except to interoperate with existing systems that use -// this mode. - -// AES_wrap_key performs AES key wrap on |in| which must be a multiple of 8 -// bytes. |iv| must point to an 8 byte value or be NULL to use the default IV. -// |key| must have been configured for encryption. On success, it writes -// |in_len| + 8 bytes to |out| and returns |in_len| + 8. Otherwise, it returns -// -1. -OPENSSL_EXPORT int AES_wrap_key(const AES_KEY *key, const uint8_t *iv, - uint8_t *out, const uint8_t *in, size_t in_len); - -// AES_unwrap_key performs AES key unwrap on |in| which must be a multiple of 8 -// bytes. |iv| must point to an 8 byte value or be NULL to use the default IV. -// |key| must have been configured for decryption. On success, it writes -// |in_len| - 8 bytes to |out| and returns |in_len| - 8. Otherwise, it returns -// -1. -OPENSSL_EXPORT int AES_unwrap_key(const AES_KEY *key, const uint8_t *iv, - uint8_t *out, const uint8_t *in, - size_t in_len); - - -#if defined(__cplusplus) -} // extern C -#endif - -#endif // OPENSSL_HEADER_AES_H +/* + * These functions are provided by either common/aes.c, or assembly code, + * and should not be called directly. + */ +void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); +void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); +int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey); +int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey); + +/** + * AES_set_encrypt_key configures |aeskey| to encrypt with the |bits|-bit key, + * |key|. + * + * WARNING: unlike other OpenSSL functions, this returns zero on success and a + * negative number on error. + */ +static inline int AES_set_encrypt_key(const uint8_t *key, unsigned int bits, + AES_KEY *aeskey) +{ + return aes_nohw_set_encrypt_key(key, bits, aeskey); +} + +/** + * AES_set_decrypt_key configures |aeskey| to decrypt with the |bits|-bit key, + * |key|. + * + * WARNING: unlike other OpenSSL functions, this returns zero on success and a + * negative number on error. + */ +static inline int AES_set_decrypt_key(const uint8_t *key, unsigned int bits, + AES_KEY *aeskey) +{ + return aes_nohw_set_decrypt_key(key, bits, aeskey); +} + +/** + * AES_encrypt encrypts a single block from |in| to |out| with |key|. The |in| + * and |out| pointers may overlap. + */ +static inline void AES_encrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) +{ + aes_nohw_encrypt(in, out, key); +} + +/** + * AES_decrypt decrypts a single block from |in| to |out| with |key|. The |in| + * and |out| pointers may overlap. + */ +static inline void AES_decrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) +{ + aes_nohw_decrypt(in, out, key); +} + +#endif /* __CROS_EC_AES_H */ |