aes: Use encrypt_iv_xor_block in encrypt_block sometimes.

Author: briansmith

build.rs

@@ -868,7 +868,6 @@ fn prefix_all_symbols(pp: char, prefix_prefix: &str, prefix: &str) -> String {
         "OPENSSL_cpuid_setup",
         "OPENSSL_ia32cap_P",
         "aes_hw_ctr32_encrypt_blocks",
-        "aes_hw_encrypt",
         "aes_hw_set_encrypt_key",
         "aes_nohw_ctr32_encrypt_blocks",
         "aes_nohw_encrypt",

crypto/fipsmodule/aes/asm/aesni-x86.pl

@@ -192,26 +192,6 @@ sub aesni_generate1	# fully unrolled loop
     &function_end_B("_aesni_${p}rypt1");
 }
 
-# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key);
-&aesni_generate1("enc") if (!$inline);
-&function_begin_B("${PREFIX}_encrypt");
-	&record_function_hit(1);
-
-	&mov	("eax",&wparam(0));
-	&mov	($key,&wparam(2));
-	&movups	($inout0,&QWP(0,"eax"));
-	&mov	($rounds,&DWP(240,$key));
-	&mov	("eax",&wparam(1));
-	if ($inline)
-	{   &aesni_inline_generate1("enc");	}
-	else
-	{   &call	("_aesni_encrypt1");	}
-	&pxor	($rndkey0,$rndkey0);		# clear register bank
-	&pxor	($rndkey1,$rndkey1);
-	&movups	(&QWP(0,"eax"),$inout0);
-	&pxor	($inout0,$inout0);
-	&ret	();
-&function_end_B("${PREFIX}_encrypt");
 
 # _aesni_[en|de]cryptN are private interfaces, N denotes interleave
 # factor. Why 3x subroutine were originally used in loops? Even though

crypto/fipsmodule/aes/asm/aesni-x86_64.pl

@@ -260,35 +260,6 @@ sub aesni_generate1 {
 	aes${p}last	$rndkey1,$inout
 ___
 }}
-# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key);
-#
-{ my ($inp,$out,$key) = @_4args;
-
-$code.=<<___;
-.globl	${PREFIX}_encrypt
-.type	${PREFIX}_encrypt,\@abi-omnipotent
-.align	16
-${PREFIX}_encrypt:
-.cfi_startproc
-	_CET_ENDBR
-#ifdef BORINGSSL_DISPATCH_TEST
-.extern	BORINGSSL_function_hit
-	movb \$1,BORINGSSL_function_hit+1(%rip)
-#endif
-	movups	($inp),$inout0		# load input
-	mov	240($key),$rounds	# key->rounds
-___
-	&aesni_generate1("enc",$key,$rounds);
-$code.=<<___;
-	 pxor	$rndkey0,$rndkey0	# clear register bank
-	 pxor	$rndkey1,$rndkey1
-	movups	$inout0,($out)		# output
-	 pxor	$inout0,$inout0
-	ret
-.cfi_endproc
-.size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
-___
-}
 
 # _aesni_[en|de]cryptN are private interfaces, N denotes interleave
 # factor. Why 3x subroutine were originally used in loops? Even though

crypto/fipsmodule/aes/asm/aesv8-armx.pl

@@ -239,51 +239,6 @@
 ___
 }}}
 {{{
-sub gen_block () {
-my $dir = shift;
-my ($e,$mc) = $dir eq "en" ? ("e","mc") : ("d","imc");
-my ($inp,$out,$key)=map("x$_",(0..2));
-my $rounds="w3";
-my ($rndkey0,$rndkey1,$inout)=map("q$_",(0..3));
-
-$code.=<<___;
-.globl	${prefix}_${dir}crypt
-.type	${prefix}_${dir}crypt,%function
-.align	5
-${prefix}_${dir}crypt:
-	AARCH64_VALID_CALL_TARGET
-	ldr	$rounds,[$key,#240]
-	vld1.32	{$rndkey0},[$key],#16
-	vld1.8	{$inout},[$inp]
-	sub	$rounds,$rounds,#2
-	vld1.32	{$rndkey1},[$key],#16
-
-.Loop_${dir}c:
-	aes$e	$inout,$rndkey0
-	aes$mc	$inout,$inout
-	vld1.32	{$rndkey0},[$key],#16
-	subs	$rounds,$rounds,#2
-	aes$e	$inout,$rndkey1
-	aes$mc	$inout,$inout
-	vld1.32	{$rndkey1},[$key],#16
-	b.gt	.Loop_${dir}c
-
-	aes$e	$inout,$rndkey0
-	aes$mc	$inout,$inout
-	vld1.32	{$rndkey0},[$key]
-	aes$e	$inout,$rndkey1
-	veor	$inout,$inout,$rndkey0
-
-	vst1.8	{$inout},[$out]
-	ret
-.size	${prefix}_${dir}crypt,.-${prefix}_${dir}crypt
-___
-}
-&gen_block("en");
-# Decryption removed in *ring*.
-# &gen_block("de");
-}}}
-{{{
 my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4));
 my ($rounds,$cnt,$key_)=("w5","w6","x7");
 my ($ctr,$tctr0,$tctr1,$tctr2)=map("w$_",(8..10,12));

crypto/fipsmodule/aes/asm/vpaes-armv7.pl

@@ -310,25 +310,6 @@
 	vtbl.8	q0#hi, {q2}, q1#hi
 	bx	lr
 .size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
-
-.globl	vpaes_encrypt
-.type	vpaes_encrypt,%function
-.align	4
-vpaes_encrypt:
-	@ _vpaes_encrypt_core uses r8-r11. Round up to r7-r11 to maintain stack
-	@ alignment.
-	stmdb	sp!, {r7-r11,lr}
-	@ _vpaes_encrypt_core uses q4-q5 (d8-d11), which are callee-saved.
-	vstmdb	sp!, {d8-d11}
-
-	vld1.64	{q0}, [$inp]
-	bl	_vpaes_preheat
-	bl	_vpaes_encrypt_core
-	vst1.64	{q0}, [$out]
-
-	vldmia	sp!, {d8-d11}
-	ldmia	sp!, {r7-r11, pc}	@ return
-.size	vpaes_encrypt,.-vpaes_encrypt
 ___
 }
 {

crypto/fipsmodule/aes/asm/vpaes-armv8.pl

@@ -235,24 +235,6 @@
 	ret
 .size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
 
-.globl	vpaes_encrypt
-.type	vpaes_encrypt,%function
-.align	4
-vpaes_encrypt:
-	AARCH64_SIGN_LINK_REGISTER
-	stp	x29,x30,[sp,#-16]!
-	add	x29,sp,#0
-
-	ld1	{v7.16b}, [$inp]
-	bl	_vpaes_encrypt_preheat
-	bl	_vpaes_encrypt_core
-	st1	{v0.16b}, [$out]
-
-	ldp	x29,x30,[sp],#16
-	AARCH64_VALIDATE_LINK_REGISTER
-	ret
-.size	vpaes_encrypt,.-vpaes_encrypt
-
 .type	_vpaes_encrypt_2x,%function
 .align 4
 _vpaes_encrypt_2x:

crypto/fipsmodule/aes/asm/vpaes-x86_64.pl

@@ -691,56 +691,6 @@
 	ret
 .cfi_endproc
 .size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
-
-.globl	${PREFIX}_encrypt
-.type	${PREFIX}_encrypt,\@function,3
-.align	16
-${PREFIX}_encrypt:
-.cfi_startproc
-	_CET_ENDBR
-#ifdef BORINGSSL_DISPATCH_TEST
-.extern        BORINGSSL_function_hit
-       movb \$1, BORINGSSL_function_hit+4(%rip)
-#endif
-___
-$code.=<<___ if ($win64);
-	lea	-0xb8(%rsp),%rsp
-	movaps	%xmm6,0x10(%rsp)
-	movaps	%xmm7,0x20(%rsp)
-	movaps	%xmm8,0x30(%rsp)
-	movaps	%xmm9,0x40(%rsp)
-	movaps	%xmm10,0x50(%rsp)
-	movaps	%xmm11,0x60(%rsp)
-	movaps	%xmm12,0x70(%rsp)
-	movaps	%xmm13,0x80(%rsp)
-	movaps	%xmm14,0x90(%rsp)
-	movaps	%xmm15,0xa0(%rsp)
-.Lenc_body:
-___
-$code.=<<___;
-	movdqu	(%rdi),%xmm0
-	call	_vpaes_preheat
-	call	_vpaes_encrypt_core
-	movdqu	%xmm0,(%rsi)
-___
-$code.=<<___ if ($win64);
-	movaps	0x10(%rsp),%xmm6
-	movaps	0x20(%rsp),%xmm7
-	movaps	0x30(%rsp),%xmm8
-	movaps	0x40(%rsp),%xmm9
-	movaps	0x50(%rsp),%xmm10
-	movaps	0x60(%rsp),%xmm11
-	movaps	0x70(%rsp),%xmm12
-	movaps	0x80(%rsp),%xmm13
-	movaps	0x90(%rsp),%xmm14
-	movaps	0xa0(%rsp),%xmm15
-	lea	0xb8(%rsp),%rsp
-.Lenc_epilogue:
-___
-$code.=<<___;
-	ret
-.cfi_endproc
-.size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
 ___
 {
 my ($inp,$out,$blocks,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx","%r8");
@@ -1042,9 +992,6 @@
 	.rva	.LSEH_end_${PREFIX}_set_encrypt_key
 	.rva	.LSEH_info_${PREFIX}_set_encrypt_key
 
-	.rva	.LSEH_begin_${PREFIX}_encrypt
-	.rva	.LSEH_end_${PREFIX}_encrypt
-	.rva	.LSEH_info_${PREFIX}_encrypt
 	.rva	.LSEH_begin_${PREFIX}_ctr32_encrypt_blocks
 	.rva	.LSEH_end_${PREFIX}_ctr32_encrypt_blocks
 	.rva	.LSEH_info_${PREFIX}_ctr32_encrypt_blocks
@@ -1055,10 +1002,6 @@
 	.byte	9,0,0,0
 	.rva	se_handler
 	.rva	.Lenc_key_body,.Lenc_key_epilogue	# HandlerData[]
-.LSEH_info_${PREFIX}_encrypt:
-	.byte	9,0,0,0
-	.rva	se_handler
-	.rva	.Lenc_body,.Lenc_epilogue		# HandlerData[]
 .LSEH_info_${PREFIX}_ctr32_encrypt_blocks:
 	.byte	9,0,0,0
 	.rva	se_handler

src/aead/aes.rs

@@ -209,14 +209,15 @@ impl Key {
     pub fn encrypt_block(&self, a: Block, cpu_features: cpu::Features) -> Block {
         match detect_implementation(cpu_features) {
             #[cfg(any(target_arch = "aarch64", target_arch = "x86_64", target_arch = "x86"))]
-            Implementation::HWAES => encrypt_block!(aes_hw_encrypt, a, self),
+            Implementation::HWAES => self.encrypt_iv_xor_block(Iv(a), ZERO_BLOCK, cpu_features),
 
-            #[cfg(any(
-                target_arch = "aarch64",
-                target_arch = "arm",
-                target_arch = "x86_64",
-                target_arch = "x86"
-            ))]
+            #[cfg(any(target_arch = "aarch64", target_arch = "arm", target_arch = "x86_64"))]
+            Implementation::VPAES_BSAES => {
+                self.encrypt_iv_xor_block(Iv(a), ZERO_BLOCK, cpu_features)
+            }
+
+            // `encrypt_iv_xor_block` calls `encrypt_block` on `target_arch = "x86"`.
+            #[cfg(target_arch = "x86")]
             Implementation::VPAES_BSAES => encrypt_block!(vpaes_encrypt, a, self),
 
             Implementation::NOHW => encrypt_block!(aes_nohw_encrypt, a, self),