-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AES: Add accelerator only mode #7384
Changes from 1 commit
0d4f4e5
d767cc4
2f26a59
315fd30
4d030f3
1b3ab36
3fcf2b5
8840a8c
3660623
d76ded0
4dfbb2e
02b1519
9e3e3dd
e77c4d9
6943681
1414029
69dd441
1221a31
17a9d2e
8a599c0
193cbc0
c935aa6
2700ef6
29c91ba
b241db3
fce351d
9c0b7d1
7802f65
5fcdd6a
c4508c0
a7de78d
76a51b9
ba42b07
13696bb
8189f32
240bb11
e62ff09
cc068ae
c628486
b6d39c2
506759f
3ce0398
516cf27
bdd96b9
35b59d7
2319af0
9e62862
1b4c7ed
f258d17
e9c6b53
6c6b9f6
3a0f044
9608447
372f7a0
61fc5ed
0a6272d
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
Signed-off-by: Jerry Yu <[email protected]>
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -71,7 +71,7 @@ | |
|
||
#if !defined(MBEDTLS_AES_ALT) | ||
|
||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) | ||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) && defined(__GNUC__) | ||
static int aes_padlock_ace = -1; | ||
#endif | ||
|
||
|
@@ -578,7 +578,7 @@ static unsigned mbedtls_aes_rk_offset(uint32_t *buf) | |
#if defined(MAY_NEED_TO_ALIGN) | ||
int align_16_bytes = 0; | ||
|
||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) | ||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) && defined(__GNUC__) | ||
if (aes_padlock_ace == -1) { | ||
aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE); | ||
} | ||
|
@@ -1102,7 +1102,7 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, | |
} | ||
#endif | ||
|
||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) | ||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) && defined(__GNUC__) | ||
if (aes_padlock_ace > 0) { | ||
return mbedtls_padlock_xcryptecb(ctx, mode, input, output); | ||
} | ||
|
@@ -1148,7 +1148,7 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, | |
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; | ||
} | ||
|
||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) | ||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) && defined(__GNUC__) | ||
if (aes_padlock_ace > 0) { | ||
if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) { | ||
return 0; | ||
|
@@ -1900,7 +1900,7 @@ int mbedtls_aes_self_test(int verbose) | |
#if defined(MBEDTLS_AES_ALT) | ||
mbedtls_printf(" AES note: alternative implementation.\n"); | ||
#else /* MBEDTLS_AES_ALT */ | ||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) | ||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) && defined(__GNUC__) | ||
if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) { | ||
mbedtls_printf(" AES note: using VIA Padlock.\n"); | ||
} else | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. According to my reading of the code, if padlock is enabled, and AESNI is supported by the configuration and the hardware, we will print "using VIA padlock" (correct), we will not print "AES note: AESNI code present" (incorrect), and we will print "AES note: using AESNI" (incorrect). There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That's base on the CPU feature sets. If AESNI is enabled, it will print There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I have change the order to match order in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think the issues here are:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Now LGTM |
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to auto-enable
MBEDTLS_AES_[EN|DE]CRYPT_ALT
to remove the plain C implementations whenMBEDTLS_AES_USE_HARDWARE_ONLY
is enabled?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No.
MBEDTLS_AES_[EN|DE]CRYPT_ALT
are for user provided functions. If it is provided,MBEDTLS_AES_USE_HARDWARE_ONLY
will not work.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When
MBEDTLS_AES_[EN|DE]CRYPT_ALT
are enabled, user need to provide their own implementations formbedtls_internal_aes_decrypt
andmbedtls_internal_aes_encrypt
, soMBEDTLS_AES_USE_HARDWARE_ONLY
would not be affected.What I want to ask is, do we need to eliminate the plain C implementation when
MBEDTLS_AES_USE_HARDWARE_ONLY
is enabled so that both symbols won't be built into the library.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes.
The first name of
MBEDTLS_AES_USE_HARDWARE_ONLY
isMBEDTL_AES_DISABLE_PLAIN_C
. :) .There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And I think it should just remove plain C . MBEDTLS_AES_[EN|DE]CRYPT_ALT will remove both hardware and software built-in aes