Commit graph

174 commits

Author SHA1 Message Date
Dave Rodgman
2e7d57270e
Merge pull request #7624 from daverodgman/aes-perf
AES perf improvements
2023-06-15 12:10:06 +01:00
Dave Rodgman
28a97acb3c code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 20:15:15 +01:00
Dave Rodgman
d05e7f1ab3 Do not use NEON for AES-CBC on aarch64
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 18:58:48 +01:00
Dave Rodgman
906c63cf35 Revert "improve cbc encrypt perf"
This reverts commit f1e396c427.

Performance is slightly better with this reverted, especially
for AES-CBC 192.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 17:55:41 +01:00
Dave Rodgman
360e04f379 Fix AES-XTS perf regression
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-09 17:23:15 +01:00
Dave Rodgman
9d1635e742 Revert not-useful changes to AES-CBC decrypt
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-07 16:38:26 +01:00
Dave Rodgman
f1e396c427 improve cbc encrypt perf
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-07 16:38:26 +01:00
Dave Rodgman
262d8ced79 Fix AES-CBC for in-place operation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-22 23:13:45 +01:00
Dave Rodgman
797c4ff365 Make AES-CBC more efficient
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-22 19:42:22 +01:00
Yanray Wang
59c2dfa48c aes selftest: determine selftest loop limit in runtime
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-11 17:56:21 +08:00
Yanray Wang
62c9991a5b aes selftest: remove non-128-bit data if aes_128bit_only enabled
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-11 11:11:17 +08:00
Arto Kinnunen
0f06618db0 AES: skip 192bit and 256bit key in selftest if 128bit_only enabled
This includes:
 - aes.c
 - cmac.c
 - gcm.c
 - nist_kw.c

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:20:59 +08:00
Arto Kinnunen
732ca3221d AES: add macro of MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
Add configuration option to support 128-bit key length only
in AES calculation.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:20:38 +08:00
Gilles Peskine
9c682e724a AESNI: Overhaul implementation selection
Have clearly separated code to:
* determine whether the assembly-based implementation is available;
* determine whether the intrinsics-based implementation is available;
* select one of the available implementations if any.

Now MBEDTLS_AESNI_HAVE_CODE can be the single interface for aes.c and
aesni.c to determine which AESNI is built.

Change the implementation selection: now, if both implementations are
available, always prefer assembly. Before, the intrinsics were used if
available. This preference is to minimize disruption, and will likely
be revised in a later minor release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:21:33 +01:00
Gilles Peskine
0de8f853f0 Clean up AES context alignment code
Use a single auxiliary function to determine rk_offset, covering both
setkey_enc and setkey_dec, covering both AESNI and PADLOCK. For AESNI, only
build this when using the intrinsics-based implementation, since the
assembly implementation supports unaligned access.

Simplify "do we need to realign?" to "is the desired offset now equal to
the current offset?".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:14:59 +01:00
Gilles Peskine
0f454e4642 Use consistent guards for padlock code
The padlock feature is enabled if
```
defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
```
with the second macro coming from `padlock.h`. The availability of the
macro `MBEDTLS_PADLOCK_ALIGN16` is coincidentally equivalent to
`MBEDTLS_HAVE_X86` but this is not meaningful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:58:46 +01:00
Gilles Peskine
148cad134a Fix unaligned access if the context is moved during operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:08:42 +01:00
Gilles Peskine
d671917d0d AESNI: add implementation with intrinsics
As of this commit, to use the intrinsics for MBEDTLS_AESNI_C:

* With MSVC, this should be the default.
* With Clang, build with `clang -maes -mpclmul` or equivalent.
* With GCC, build with `gcc -mpclmul -msse2` or equivalent.

In particular, for now, with a GCC-like compiler, when building specifically
for a target that supports both the AES and GCM instructions, the old
implementation using assembly is selected.

This method for platform selection will likely be improved in the future.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-15 20:47:59 +01:00
Gilles Peskine
7e67bd516d AES, GCM selftest: indicate which implementation is used
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-15 20:47:59 +01:00
Gilles Peskine
9af58cd7f8 New preprocessor symbol indicating that AESNI support is present
The configuration symbol MBEDTLS_AESNI_C requests AESNI support, but it is
ignored if the platform doesn't have AESNI. This allows keeping
MBEDTLS_AESNI_C enabled (as it is in the default build) when building for
platforms other than x86_64, or when MBEDTLS_HAVE_ASM is disabled.

To facilitate maintenance, always use the symbol MBEDTLS_AESNI_HAVE_CODE to
answer the question "can I call mbedtls_aesni_xxx functions?", rather than
repeating the check `defined(MBEDTLS_AESNI_C) && ...`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-15 19:38:37 +01:00
Jerry Yu
2bb3d8101f Add en(de)crypt routine
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:53 +08:00
Jerry Yu
e096da1af6 Add inverse key function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:52 +08:00
Jerry Yu
3f2fb71072 Add key expansion for encrypt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:52 +08:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Manuel Pégourié-Gonnard
a9ac61203b
Merge pull request #6666 from daverodgman/fast_unaligned
Fast unaligned memory access macros
2022-12-12 12:18:17 +01:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Dave Rodgman
069e7f462a Correct mixed up comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-24 19:37:26 +00:00
Dave Rodgman
a8cf607458 Use mbedtls_xor in AES
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Andrzej Kurek
252283f2aa Fix missing cipher mode dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Gilles Peskine
a7aa80c058 Include platform.h unconditionally: second automatic part
Some source files included platform.h in a nested conditional. The previous
commit "Include platform.h unconditionally: automatic part" only removed
the outer conditional. This commit removes the inner conditional.

This commit once again replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:10 +02:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Tuvshinzaya Erdenekhuu
a8ef1565bb Re-introduce ENUM validation in aes.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
cac11d7797 Remove NULL pointer validation in aes.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-08-31 10:14:57 +01:00
Werner Lewis
7656a373b6 Reformat AES changes for readability
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Paul Elliott
00738bf65e Ensure ctr_drbg is initialised every time
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-10 18:38:53 +00:00
Gilles Peskine
7820a574f1 Catch failures of AES or DES operations
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 16:22:08 +02:00
Joe Subbiani
99edd6c810 Add UINT64 GET and PUT macros
Copy over the GET/PUT_UINT64_LE/BE macros from aes.c and sha512.c
Add the MBEDTLS_ prefix to all 4 macros.
Modify the GET_UINT64 macros to no longer take a target variable
as a parameter, so when the macro function is called it must be
assigned to a variable in the same statement.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
cd84d76e9b Add Character byte reading macros
These cast to an unsigned char rather than a uint8_t
like with MBEDTLS_BYTE_x
These save alot of space and will improve maintence by
replacing the appropriate code with MBEDTLS_CHAR_x

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:41 +01:00
Joe Subbiani
6a50631497 GET macros use a target variable
The GET macros used to write to a macro parameter, but now
they can be used to assign a value to the desired variable
rather than pass it in as an argument and have it modified
in the macro function.

Due to this MBEDTLS_BYTES_TO_U32_LE is the same as
MBEDTLS_GET_UINT32_LE and was there for replaced in the
appropriate files and removed from common.h

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:55 +01:00
Joe Subbiani
5ecac217f0 Prefixed macros with MBEDTLS
As per tests/scripts/check-names.sh, macros in
library/ header files should be prefixed with
MBEDTLS_
The macro functions in common.h where also indented
to comply with the same test

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:54 +01:00
Joe Subbiani
54c6134ff7 Move UINT32_LE macros to common.h
32-bit integer manipulation macros (little edian):
GET_UINT32_LE and PUT_UINT32_LE appear in several
files in library/.
Removes duplicate code and save vertical
space the macro has been moved to common.h.
Improves maintainability.

Also provided brief comment in common.h for
BYTES_TO_U32_LE. comment/documentation will
probably need to be edited further for all
recent additions to library/common.h

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Ronald Cron
f1eb425782
Merge pull request #4469 from xiaoxiang781216/padlock
aes: Check aes_padlock_ace > 0 before calling padlock
2021-05-28 11:06:40 +02:00
Xiang Xiao
12e18369e8 aes: Check aes_padlock_ace > 0 before calling padlock
Sometime user may forget to call mbedtls_aes_setkey_enc or
mbedtls_aes_setkey_dec before mbedtls_aes_crypt_ecb and then
the code normally crash inside the assembly code. With this
patch, the code will stop inside the C source code which is
more convenient to locate the problem.

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
Change-Id: I0e1d6b219f8709f8acaee5f345344335fc82fed3
2021-05-11 03:28:46 -07:00
TRodziewicz
85dfc4de20 Applying current changes
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-30 00:07:04 +02:00
TRodziewicz
18efb73743 Remove deprecated functions and constants.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-29 23:12:19 +02:00
Chris Jones
16dbaeb9eb Move padlock.h to library
`padlock.h` is actually an internal header and is moved accordingly.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
187782f41e Move aesni.h to library
`aesni.h` is an internal header and is moved accordingly.

Also removes some references to internal headers in scripts with
only public headers.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00