Commit graph

198 commits

Author SHA1 Message Date
Yanray Wang
5adfdbdaed AES: fix mismatch comment in #endif
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-07-06 17:10:44 +08:00
Dave Rodgman
c8d81ad54d
Merge pull request #7784 from daverodgman/aesce-unroll 2023-07-04 18:41:13 +01:00
Tom Cosgrove
9b20c6fcc1
Merge pull request #7840 from yanrayw/7381_aes_gen_table
AES: use uint8_t for array of pow and log to save RAM usage
2023-07-04 08:34:12 +01:00
Dave Rodgman
9cf17dad9d
Merge pull request #7851 from daverodgman/fix-unused-aes
Fix AES dependencies - build TF-M config cleanly
2023-07-03 16:49:00 +01:00
Dave Rodgman
afe85db42b Improve #endif comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-29 12:07:11 +01:00
Dave Rodgman
1be2463d76 Correct #endif comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-29 12:01:24 +01:00
Dave Rodgman
710e3c650f Correct comments on #endif's
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-29 12:00:14 +01:00
Dave Rodgman
2fd8c2c708 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-27 21:03:31 +01:00
Dave Rodgman
160088d769 Fix comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-27 20:41:51 +01:00
Dave Rodgman
ad4e76be57 More dependency fixes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-27 19:23:14 +01:00
Dave Rodgman
34152a48d4 Fix unused variable
Fix when MBEDTLS_AES_SETKEY_ENC_ALT, MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ROM_TABLE set.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-27 19:23:09 +01:00
Dave Rodgman
15cd28a264 Fix unused variable if MBEDTLS_AES_SETKEY_ENC_ALT and MBEDTLS_AES_DECRYPT_ALT set
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-27 19:23:06 +01:00
Dave Rodgman
28a539a549 Fix unused fn when MBEDTLS_AES_SETKEY_DEC_ALT and MBEDTLS_AES_SETKEY_ENC_ALT set
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-27 19:23:01 +01:00
Dave Rodgman
8c753f99cb Fix unused function when MBEDTLS_AES_SETKEY_ENC_ALT set
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-27 19:22:56 +01:00
Yanray Wang
fe944ce2d8 aes.c: use uint8_t for local x, y, z in aes_gen_tables to save RAM
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-06-27 18:18:06 +08:00
Yanray Wang
5c86b1775a aes.c: use uint8_t for array of pow and log to save RAM
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-06-27 18:18:06 +08:00
Dave Rodgman
086e137dc4 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-16 20:21:39 +01:00
Dave Rodgman
96a9e6a9dd Address test review comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-16 20:18:36 +01:00
Dave Rodgman
4ad81ccdae Only force O2 when hw acceleration available
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-16 15:04:04 +01:00
Dave Rodgman
b2814bd089 Only enable gcc -Os fix if we have AES hw support
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-16 14:50:33 +01:00
Dave Rodgman
9bb7e6f4ce Rename MBEDTLS_OPTIMIZE_ALWAYS
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-16 09:41:21 +01:00
Dave Rodgman
2dd15b3ab5 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-15 20:27:53 +01:00
Dave Rodgman
6cfd9b54ae use MBEDTLS_OPTIMIZE_ALWAYS in AES-XTS
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-15 18:46:23 +01:00
Dave Rodgman
a0b166e11e Use mbedtls_xor_no_simd from cmac and cbc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-15 18:44:16 +01:00
Dave Rodgman
2e7d57270e
Merge pull request #7624 from daverodgman/aes-perf
AES perf improvements
2023-06-15 12:10:06 +01:00
Dave Rodgman
28a97acb3c code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 20:15:15 +01:00
Dave Rodgman
d05e7f1ab3 Do not use NEON for AES-CBC on aarch64
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 18:58:48 +01:00
Dave Rodgman
906c63cf35 Revert "improve cbc encrypt perf"
This reverts commit f1e396c427.

Performance is slightly better with this reverted, especially
for AES-CBC 192.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 17:55:41 +01:00
Dave Rodgman
360e04f379 Fix AES-XTS perf regression
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-09 17:23:15 +01:00
Dave Rodgman
9d1635e742 Revert not-useful changes to AES-CBC decrypt
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-07 16:38:26 +01:00
Dave Rodgman
f1e396c427 improve cbc encrypt perf
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-07 16:38:26 +01:00
Dave Rodgman
262d8ced79 Fix AES-CBC for in-place operation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-22 23:13:45 +01:00
Dave Rodgman
797c4ff365 Make AES-CBC more efficient
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-22 19:42:22 +01:00
Yanray Wang
59c2dfa48c aes selftest: determine selftest loop limit in runtime
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-11 17:56:21 +08:00
Yanray Wang
62c9991a5b aes selftest: remove non-128-bit data if aes_128bit_only enabled
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-11 11:11:17 +08:00
Arto Kinnunen
0f06618db0 AES: skip 192bit and 256bit key in selftest if 128bit_only enabled
This includes:
 - aes.c
 - cmac.c
 - gcm.c
 - nist_kw.c

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:20:59 +08:00
Arto Kinnunen
732ca3221d AES: add macro of MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
Add configuration option to support 128-bit key length only
in AES calculation.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:20:38 +08:00
Gilles Peskine
9c682e724a AESNI: Overhaul implementation selection
Have clearly separated code to:
* determine whether the assembly-based implementation is available;
* determine whether the intrinsics-based implementation is available;
* select one of the available implementations if any.

Now MBEDTLS_AESNI_HAVE_CODE can be the single interface for aes.c and
aesni.c to determine which AESNI is built.

Change the implementation selection: now, if both implementations are
available, always prefer assembly. Before, the intrinsics were used if
available. This preference is to minimize disruption, and will likely
be revised in a later minor release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:21:33 +01:00
Gilles Peskine
0de8f853f0 Clean up AES context alignment code
Use a single auxiliary function to determine rk_offset, covering both
setkey_enc and setkey_dec, covering both AESNI and PADLOCK. For AESNI, only
build this when using the intrinsics-based implementation, since the
assembly implementation supports unaligned access.

Simplify "do we need to realign?" to "is the desired offset now equal to
the current offset?".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:14:59 +01:00
Gilles Peskine
0f454e4642 Use consistent guards for padlock code
The padlock feature is enabled if
```
defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
```
with the second macro coming from `padlock.h`. The availability of the
macro `MBEDTLS_PADLOCK_ALIGN16` is coincidentally equivalent to
`MBEDTLS_HAVE_X86` but this is not meaningful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:58:46 +01:00
Gilles Peskine
148cad134a Fix unaligned access if the context is moved during operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:08:42 +01:00
Gilles Peskine
d671917d0d AESNI: add implementation with intrinsics
As of this commit, to use the intrinsics for MBEDTLS_AESNI_C:

* With MSVC, this should be the default.
* With Clang, build with `clang -maes -mpclmul` or equivalent.
* With GCC, build with `gcc -mpclmul -msse2` or equivalent.

In particular, for now, with a GCC-like compiler, when building specifically
for a target that supports both the AES and GCM instructions, the old
implementation using assembly is selected.

This method for platform selection will likely be improved in the future.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-15 20:47:59 +01:00
Gilles Peskine
7e67bd516d AES, GCM selftest: indicate which implementation is used
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-15 20:47:59 +01:00
Gilles Peskine
9af58cd7f8 New preprocessor symbol indicating that AESNI support is present
The configuration symbol MBEDTLS_AESNI_C requests AESNI support, but it is
ignored if the platform doesn't have AESNI. This allows keeping
MBEDTLS_AESNI_C enabled (as it is in the default build) when building for
platforms other than x86_64, or when MBEDTLS_HAVE_ASM is disabled.

To facilitate maintenance, always use the symbol MBEDTLS_AESNI_HAVE_CODE to
answer the question "can I call mbedtls_aesni_xxx functions?", rather than
repeating the check `defined(MBEDTLS_AESNI_C) && ...`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-15 19:38:37 +01:00
Jerry Yu
2bb3d8101f Add en(de)crypt routine
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:53 +08:00
Jerry Yu
e096da1af6 Add inverse key function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:52 +08:00
Jerry Yu
3f2fb71072 Add key expansion for encrypt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:52 +08:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Manuel Pégourié-Gonnard
a9ac61203b
Merge pull request #6666 from daverodgman/fast_unaligned
Fast unaligned memory access macros
2022-12-12 12:18:17 +01:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00