diff options
author | nagendra modadugu <ngm@google.com> | 2017-01-25 22:33:43 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-01-28 21:37:58 -0800 |
commit | 927e01da02ab68c304d95508df5ba0b50f8bb960 (patch) | |
tree | 01856edf85d32d671c98bd78a36bdd62f66b66ed /chip/g/dcrypto/dcrypto.h | |
parent | cf8c12e1391964043eae1a3337361e30b8c39a59 (diff) | |
download | chrome-ec-927e01da02ab68c304d95508df5ba0b50f8bb960.tar.gz |
g: rework DCRYPTO_app_cipher (AES-CTR) for speed
The previous implementation of DCRYPTO_app_cipher
consumed roughly 16ms to cipher a 16kB buffer
(i.e. performance that is far worse than the
hardware is capable of).
This change speeds up the implementation by about
85%, to the tune of roughly 2.2ms for a 16kB buffer.
The gains originate from various sources: loop
unrolling, data-pipelining, eliminating local
variables (to reduce register pressure), eliminating
support for unaligned input/output data, compiling
hot code with -O (rather the default -Os), and
using the hidden key-ladder, which need only be
setup once per reset.
This change also switches from AES-128 to AES-256.
BRANCH=none
BUG=chrome-os-partner:62260
TEST=make buildall succeeds;
cipher command succeeds;
TCG tests pass
Change-Id: I133741be6d9f1353d6ae732d0e863b4b18cc8c9e
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/433359
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'chip/g/dcrypto/dcrypto.h')
-rw-r--r-- | chip/g/dcrypto/dcrypto.h | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h index 5e17dd3c13..542cf96628 100644 --- a/chip/g/dcrypto/dcrypto.h +++ b/chip/g/dcrypto/dcrypto.h @@ -253,19 +253,20 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len, */ int DCRYPTO_equals(const void *a, const void *b, size_t len); -int DCRYPTO_ladder_compute_frk2(size_t major_fw_version, uint8_t *frk2); - /* - * Application key related functions. + * Key-ladder and application key related functions. */ enum dcrypto_appid { - NVMEM = 0 + RESERVED = 0, + NVMEM = 1 + /* This enum value should not exceed 7. */ }; struct APPKEY_CTX { - uint8_t key[SHA256_DIGEST_SIZE]; }; +int DCRYPTO_ladder_compute_frk2(size_t major_fw_version, uint8_t *frk2); + int DCRYPTO_appkey_init(enum dcrypto_appid id, struct APPKEY_CTX *ctx); void DCRYPTO_appkey_finish(struct APPKEY_CTX *ctx); @@ -278,14 +279,17 @@ BUILD_ASSERT(DCRYPTO_CIPHER_SALT_SIZE == CIPHER_SALT_SIZE); * * Encrypt or decrypt the input buffer, and write the correspondingly * ciphered output to out. The number of bytes produced is equal to - * the number of input bytes. + * the number of input bytes. Note that the input and output pointers + * MUST be word-aligned. * - * This API is expected to be applied to a single contiguous region. WARNING: - * Presently calling this function more than once with "in" pointing to - * logically different buffers will result in using the same IV value - * internally and as such reduce encryption efficiency. Upcoming changes are - * expected to make proper use of blob_iv. + * This API is expected to be applied to a single contiguous region. + + * WARNING: A given salt/"in" pair MUST be unique, i.e. re-using a + * salt with a logically different input buffer is catastrophic. An + * example of a suitable salt is one that is derived from "in", e.g. a + * digest of the input data. * + * @param appid the application-id of the calling context. * @param salt pointer to a unique value to be associated with this blob, * used for derivation of the proper IV, the size of the value * is as defined by DCRYPTO_CIPHER_SALT_SIZE above. @@ -294,6 +298,7 @@ BUILD_ASSERT(DCRYPTO_CIPHER_SALT_SIZE == CIPHER_SALT_SIZE); * @param len Number of bytes to read from in / write to out. * @return non-zero on success, and zero otherwise. */ -int DCRYPTO_app_cipher(const void *salt, void *out, const void *in, size_t len); +int DCRYPTO_app_cipher(enum dcrypto_appid appid, const void *salt, + void *out, const void *in, size_t len); #endif /* ! __EC_CHIP_G_DCRYPTO_DCRYPTO_H */ |