diff options
| author | Nicolas Boichat <drinkcat@chromium.org> | 2018-07-05 11:40:25 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-09-20 21:29:57 -0700 |
| commit | e4db954045988241642e0d7d8817a43c79c2163f (patch) | |
| tree | 81b5dacb05b25aab2d2f5e86154ad8f7b387c90d /third_party/boringssl/common | |
| parent | 11ef0269e90eba657bdb3e7c2ce2d9508d6221e1 (diff) | |
| download | chrome-ec-e4db954045988241642e0d7d8817a43c79c2163f.tar.gz | |
aes: Adapt AES code to build for EC
Update header, C code, and tweak the assembly for ARMv7-M.
Rename aes_now_* functions to AES_* to avoid the need for a
separate wrapper.
Also add a test with FIPS-197 test vectors, and speed test.
BRANCH=none
BUG=b:111160949
TEST=make run-aes -j
TEST=make BOARD=nocturne_fp test-aes -j
flash_fp_mcu aes.bin
runtest => pass
(C implementation speed: 11977 us for 1000 iterations)
(ASM implementation speed: 5815 us for 1000 iterations)
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Change-Id: I2048aae73decccb893bc1724b2617b0b902dd992
Reviewed-on: https://chromium-review.googlesource.com/1120340
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Adam Langley <agl@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
Diffstat (limited to 'third_party/boringssl/common')
| -rw-r--r-- | third_party/boringssl/common/aes.c | 87 |
1 files changed, 17 insertions, 70 deletions
diff --git a/third_party/boringssl/common/aes.c b/third_party/boringssl/common/aes.c index f654cb1e73..aa213eb907 100644 --- a/third_party/boringssl/common/aes.c +++ b/third_party/boringssl/common/aes.c @@ -46,18 +46,17 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ -#include <openssl/aes.h> - -#include <assert.h> - -#include <openssl/cpu.h> - -#include "internal.h" -#include "../modes/internal.h" +#include "aes.h" +#include "common.h" +#include "endian.h" +static inline uint32_t GETU32(const void *in) { + return be32toh(*(uint32_t *)in); +} -#if defined(OPENSSL_NO_ASM) || \ - (!defined(OPENSSL_X86) && !defined(OPENSSL_X86_64) && !defined(OPENSSL_ARM)) +static inline void PUTU32(void *out, uint32_t v) { + *(uint32_t *)out = htobe32(v); +} // Te0[x] = S [x].[02, 01, 01, 03]; // Te1[x] = S [x].[03, 02, 01, 01]; @@ -534,8 +533,8 @@ static const uint32_t rcon[] = { // for 128-bit blocks, Rijndael never uses more than 10 rcon values }; -static int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey) { +int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey) { uint32_t *rk; int i = 0; uint32_t temp; @@ -630,8 +629,8 @@ static int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, return 0; } -static int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey) { +int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey) { uint32_t *rk; int i, j, status; uint32_t temp; @@ -679,13 +678,12 @@ static int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, return 0; } -static void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key) { +void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { const uint32_t *rk; uint32_t s0, s1, s2, s3, t0, t1, t2, t3; int r; - assert(in && out && key); rk = key->rd_key; // map byte array block to cipher state @@ -741,13 +739,12 @@ static void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, PUTU32(out + 12, s3); } -static void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, - const AES_KEY *key) { +void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, + const AES_KEY *key) { const uint32_t *rk; uint32_t s0, s1, s2, s3, t0, t1, t2, t3; int r; - assert(in && out && key); rk = key->rd_key; // map byte array block to cipher state @@ -807,53 +804,3 @@ static void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, ((uint32_t)Td4[(t0) & 0xff]) ^ rk[3]; PUTU32(out + 12, s3); } - -#else // NO_ASM || (!X86 && !X86_64 && !ARM) - -// If not implemented in C, these functions will be provided by assembly code. -void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); -void aes_nohw_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key); -int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey); -int aes_nohw_set_decrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey); - -#endif - -// Be aware that on x86(-64), the |aes_nohw_*| functions are incompatible with -// the aes_hw_* functions. The latter set |AES_KEY.rounds| to one less than the -// true value, which breaks the former. Therefore the two functions cannot mix. -// Also, on Aarch64, the plain-C code, above, is incompatible with the -// |aes_hw_*| functions. - -void AES_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { - if (hwaes_capable()) { - aes_hw_encrypt(in, out, key); - } else { - aes_nohw_encrypt(in, out, key); - } -} - -void AES_decrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { - if (hwaes_capable()) { - aes_hw_decrypt(in, out, key); - } else { - aes_nohw_decrypt(in, out, key); - } -} - -int AES_set_encrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) { - if (hwaes_capable()) { - return aes_hw_set_encrypt_key(key, bits, aeskey); - } else { - return aes_nohw_set_encrypt_key(key, bits, aeskey); - } -} - -int AES_set_decrypt_key(const uint8_t *key, unsigned bits, AES_KEY *aeskey) { - if (hwaes_capable()) { - return aes_hw_set_decrypt_key(key, bits, aeskey); - } else { - return aes_nohw_set_decrypt_key(key, bits, aeskey); - } -} |