diff options
author | Nicolas Boichat <drinkcat@chromium.org> | 2018-07-05 16:54:46 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-09-21 00:50:59 -0700 |
commit | 15dd79c1a2ab3355a7d7a0197fcacff973a001a2 (patch) | |
tree | 29da6e71d014137ea52c9ff728b1ba1061119700 /third_party/boringssl/include | |
parent | 4a237232c27c18d5367403d743d523509570e5cd (diff) | |
download | chrome-ec-15dd79c1a2ab3355a7d7a0197fcacff973a001a2.tar.gz |
aes-gcm: Adapt AES-GCM to build for EC
Update header, C code, trim unnecessary bits.
Also add a test with vectors taken from BoringSSL tests.
BRANCH=none
BUG=b:111160949
TEST=make run-aes -j
TEST=make BOARD=nocturne_fp test-aes -j
flash_fp_mcu aes.bin
runtest => pass
(C implementation speed: 909555 us for 1000 iterations)
(ASM implementation speed: 596690 us for 1000 iterations)
Change-Id: Ief54a8441d26ba44de4c3ac81e203cab7472269f
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1141446
Commit-Ready: Nicolas Norvez <norvez@chromium.org>
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Diffstat (limited to 'third_party/boringssl/include')
-rw-r--r-- | third_party/boringssl/include/aes-gcm.h | 96 |
1 files changed, 13 insertions, 83 deletions
diff --git a/third_party/boringssl/include/aes-gcm.h b/third_party/boringssl/include/aes-gcm.h index b2941fb317..e3ef457224 100644 --- a/third_party/boringssl/include/aes-gcm.h +++ b/third_party/boringssl/include/aes-gcm.h @@ -46,46 +46,12 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== */ -#ifndef OPENSSL_HEADER_MODES_INTERNAL_H -#define OPENSSL_HEADER_MODES_INTERNAL_H +#ifndef __CROS_EC_AES_GCM_H +#define __CROS_EC_AES_GCM_H -#include <openssl/base.h> - -#include <string.h> - -#include "../../internal.h" - -#if defined(__cplusplus) -extern "C" { -#endif - - -#define STRICT_ALIGNMENT 1 -#if defined(OPENSSL_X86_64) || defined(OPENSSL_X86) || defined(OPENSSL_AARCH64) -#undef STRICT_ALIGNMENT -#define STRICT_ALIGNMENT 0 -#endif - -static inline uint32_t GETU32(const void *in) { - uint32_t v; - OPENSSL_memcpy(&v, in, sizeof(v)); - return CRYPTO_bswap4(v); -} - -static inline void PUTU32(void *out, uint32_t v) { - v = CRYPTO_bswap4(v); - OPENSSL_memcpy(out, &v, sizeof(v)); -} - -static inline size_t load_word_le(const void *in) { - size_t v; - OPENSSL_memcpy(&v, in, sizeof(v)); - return v; -} - -static inline void store_word_le(void *out, size_t v) { - OPENSSL_memcpy(out, &v, sizeof(v)); -} +#include "common.h" +#include "endian.h" +#include "util.h" // block128_f is the type of a 128-bit, block cipher. typedef void (*block128_f)(const uint8_t in[16], uint8_t out[16], @@ -125,10 +91,6 @@ struct gcm128_context { unsigned int mres, ares; block128_f block; - - // use_aesni_gcm_crypt is true if this context should use the assembly - // functions |aesni_gcm_encrypt| and |aesni_gcm_decrypt| to process data. - unsigned use_aesni_gcm_crypt:1; }; @@ -141,77 +103,45 @@ struct gcm128_context { typedef struct gcm128_context GCM128_CONTEXT; -// CRYPTO_ghash_init writes a precomputed table of powers of |gcm_key| to -// |out_table| and sets |*out_mult| and |*out_hash| to (potentially hardware -// accelerated) functions for performing operations in the GHASH field. If the -// AVX implementation was used |*out_is_avx| will be true. -void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash, - u128 *out_key, u128 out_table[16], int *out_is_avx, - const uint8_t *gcm_key); - // CRYPTO_gcm128_init initialises |ctx| to use |block| (typically AES) with // the given key. |block_is_hwaes| is one if |block| is |aes_hw_encrypt|. -OPENSSL_EXPORT void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key, +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *key, block128_f block, int block_is_hwaes); // CRYPTO_gcm128_setiv sets the IV (nonce) for |ctx|. The |key| must be the // same key that was passed to |CRYPTO_gcm128_init|. -OPENSSL_EXPORT void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const void *key, +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const void *key, const uint8_t *iv, size_t iv_len); // CRYPTO_gcm128_aad sets the authenticated data for an instance of GCM. // This must be called before and data is encrypted. It returns one on success // and zero otherwise. -OPENSSL_EXPORT int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const uint8_t *aad, size_t len); // CRYPTO_gcm128_encrypt encrypts |len| bytes from |in| to |out|. The |key| // must be the same key that was passed to |CRYPTO_gcm128_init|. It returns one // on success and zero otherwise. -OPENSSL_EXPORT int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const void *key, +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const void *key, const uint8_t *in, uint8_t *out, size_t len); // CRYPTO_gcm128_decrypt decrypts |len| bytes from |in| to |out|. The |key| // must be the same key that was passed to |CRYPTO_gcm128_init|. It returns one // on success and zero otherwise. -OPENSSL_EXPORT int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const void *key, +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const void *key, const uint8_t *in, uint8_t *out, size_t len); -// CRYPTO_gcm128_encrypt_ctr32 encrypts |len| bytes from |in| to |out| using -// a CTR function that only handles the bottom 32 bits of the nonce, like -// |CRYPTO_ctr128_encrypt_ctr32|. The |key| must be the same key that was -// passed to |CRYPTO_gcm128_init|. It returns one on success and zero -// otherwise. -OPENSSL_EXPORT int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, - const void *key, - const uint8_t *in, uint8_t *out, - size_t len, ctr128_f stream); - -// CRYPTO_gcm128_decrypt_ctr32 decrypts |len| bytes from |in| to |out| using -// a CTR function that only handles the bottom 32 bits of the nonce, like -// |CRYPTO_ctr128_encrypt_ctr32|. The |key| must be the same key that was -// passed to |CRYPTO_gcm128_init|. It returns one on success and zero -// otherwise. -OPENSSL_EXPORT int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, - const void *key, - const uint8_t *in, uint8_t *out, - size_t len, ctr128_f stream); - // CRYPTO_gcm128_finish calculates the authenticator and compares it against // |len| bytes of |tag|. It returns one on success and zero otherwise. -OPENSSL_EXPORT int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag, +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const uint8_t *tag, size_t len); // CRYPTO_gcm128_tag calculates the authenticator and copies it into |tag|. // The minimum of |len| and 16 bytes are copied into |tag|. -OPENSSL_EXPORT void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, uint8_t *tag, +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, uint8_t *tag, size_t len); -#if defined(__cplusplus) -} // extern C -#endif - -#endif // OPENSSL_HEADER_MODES_INTERNAL_H +#endif // __CROS_EC_AES_GCM_H |