diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index 6b36b0c5e..68aa958c3 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -3582,544 +3582,589 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, /* AES-CTR */ #ifdef WOLFSSL_AES_COUNTER +static void wc_aes_ctr_encrypt_asm(Aes* aes, byte* out, const byte* in, + word32 numBlocks) +{ + word32* keyPt = aes->key; + word32* regPt = aes->reg; - /* Increment AES counter */ - static WC_INLINE void IncrementAesCounter(byte* inOutCtr) - { - int i; - - /* in network byte order so start at end and work back */ - for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) { - if (++inOutCtr[i]) /* we're done unless we overflow */ - return; - } - } - - int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) - { - byte* tmp; - word32 numBlocks; - - if (aes == NULL || out == NULL || in == NULL) { - return BAD_FUNC_ARG; - } - - tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; - - /* consume any unused bytes left in aes->tmp */ - while (aes->left && sz) { - *(out++) = *(in++) ^ *(tmp++); - aes->left--; - sz--; - } - - /* do as many block size ops as possible */ - numBlocks = sz/AES_BLOCK_SIZE; - if (numBlocks > 0) { - /* pointer needed because it is incremented when read, causing - * an issue with call to encrypt/decrypt leftovers */ - word32* keyPt = aes->key; - word32* regPt = aes->reg; - sz -= numBlocks * AES_BLOCK_SIZE; - switch(aes->rounds) { + switch(aes->rounds) { #ifdef WOLFSSL_AES_128 - case 10: /* AES 128 BLOCK */ - __asm__ __volatile__ ( - "MOV r11, %[blocks] \n" - "VLDM %[Key]!, {q1-q4} \n" + case 10: /* AES 128 BLOCK */ + __asm__ __volatile__ ( + "MOV r11, %[blocks] \n" + "VLDM %[Key]!, {q1-q4} \n" - "#Create vector with the value 1 \n" - "VMOV.u32 q15, #1 \n" - "VSHR.u64 q15, q15, #32 \n" - "VLDM %[Key]!, {q5-q8} \n" - "VEOR.32 q14, q14, q14 \n" - "VLDM %[Key]!, {q9-q11} \n" - "VEXT.8 q14, q15, q14, #8\n" + "#Create vector with the value 1 \n" + "VMOV.u32 q15, #1 \n" + "VSHR.u64 q15, q15, #32 \n" + "VLDM %[Key]!, {q5-q8} \n" + "VEOR.32 q14, q14, q14 \n" + "VLDM %[Key]!, {q9-q11} \n" + "VEXT.8 q14, q15, q14, #8\n" - "VLD1.32 {q13}, [%[reg]]\n" + "VLD1.32 {q13}, [%[reg]]\n" - /* double block */ - "1: \n" - "CMP r11, #1 \n" - "BEQ 2f \n" - "CMP r11, #0 \n" - "BEQ 3f \n" + /* double block */ + "1: \n" + "CMP r11, #1 \n" + "BEQ 2f \n" + "CMP r11, #0 \n" + "BEQ 3f \n" - "VMOV.32 q0, q13 \n" - "AESE.8 q0, q1\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q13, q13 \n" /* network order */ - "AESE.8 q0, q2\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q13, q13, q13, #8 \n" - "SUB r11, r11, #2 \n" - "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ - "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ - "AESE.8 q0, q3\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q15, q15, q15, #8 \n" - "VEXT.8 q13, q13, q13, #8 \n" - "AESE.8 q0, q4\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q15, q15\n" /* revert from network order */ - "VREV64.8 q13, q13\n" /* revert from network order */ - "AESE.8 q0, q5\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q1\n" - "AESMC.8 q15, q15\n" + "VMOV.32 q0, q13 \n" + "AESE.8 q0, q1\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q13, q13 \n" /* network order */ + "AESE.8 q0, q2\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q13, q13, q13, #8 \n" + "SUB r11, r11, #2 \n" + "VMOV.u32 q12, #0xffffffff \n" + "VADD.u32 q12, q14 \n" + "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ + "VCEQ.i32 q13, q15, q12 \n" + "VEXT.8 q13, q14, q13, #12 \n" + "VSUB.i32 q15, q15, q13 \n" + "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ + "VCEQ.i32 q12, q13, q12 \n" + "VEXT.8 q12, q14, q12, #12 \n" + "VSUB.i32 q13, q13, q12 \n" + "AESE.8 q0, q3\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q15, q15, q15, #8 \n" + "VEXT.8 q13, q13, q13, #8 \n" + "AESE.8 q0, q4\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q15, q15\n" /* revert from network order */ + "VREV64.8 q13, q13\n" /* revert from network order */ + "AESE.8 q0, q5\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q1\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q6\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q2\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q6\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q2\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q7\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q3\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q7\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q3\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q8\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q4\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q8\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q4\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q9\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q5\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q9\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q5\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q10\n" - "AESE.8 q15, q6\n" - "AESMC.8 q15, q15\n" - "VEOR.32 q0, q0, q11\n" + "AESE.8 q0, q10\n" + "AESE.8 q15, q6\n" + "AESMC.8 q15, q15\n" + "VEOR.32 q0, q0, q11\n" - "AESE.8 q15, q7\n" - "AESMC.8 q15, q15\n" - "VLD1.32 {q12}, [%[input]]! \n" - "AESE.8 q15, q8\n" - "AESMC.8 q15, q15\n" + "AESE.8 q15, q7\n" + "AESMC.8 q15, q15\n" + "VLD1.32 {q12}, [%[input]]! \n" + "AESE.8 q15, q8\n" + "AESMC.8 q15, q15\n" - "VEOR.32 q0, q0, q12\n" - "AESE.8 q15, q9\n" - "AESMC.8 q15, q15\n" + "VEOR.32 q0, q0, q12\n" + "AESE.8 q15, q9\n" + "AESMC.8 q15, q15\n" - "VLD1.32 {q12}, [%[input]]! \n" - "AESE.8 q15, q10\n" - "VST1.32 {q0}, [%[out]]! \n" - "VEOR.32 q15, q15, q11\n" - "VEOR.32 q15, q15, q12\n" - "VST1.32 {q15}, [%[out]]! \n" + "VLD1.32 {q12}, [%[input]]! \n" + "AESE.8 q15, q10\n" + "VST1.32 {q0}, [%[out]]! \n" + "VEOR.32 q15, q15, q11\n" + "VEOR.32 q15, q15, q12\n" + "VST1.32 {q15}, [%[out]]! \n" - "B 1b \n" + "B 1b \n" - /* single block */ - "2: \n" - "VMOV.32 q0, q13 \n" - "AESE.8 q0, q1\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q13, q13 \n" /* network order */ - "AESE.8 q0, q2\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q13, q13, q13, #8 \n" - "AESE.8 q0, q3\n" - "AESMC.8 q0, q0\n" - "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ - "AESE.8 q0, q4\n" - "AESMC.8 q0, q0\n" - "SUB r11, r11, #1 \n" - "AESE.8 q0, q5\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q13, q13, q13, #8 \n" - "AESE.8 q0, q6\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q13, q13\n" /* revert from network order */ - "AESE.8 q0, q7\n" - "AESMC.8 q0, q0\n" - "AESE.8 q0, q8\n" - "AESMC.8 q0, q0\n" - "AESE.8 q0, q9\n" - "AESMC.8 q0, q0\n" - "AESE.8 q0, q10\n" - "VLD1.32 {q12}, [%[input]]! \n" - "VEOR.32 q0, q0, q11\n" - "#CTR operations, increment counter and xorbuf \n" - "VEOR.32 q0, q0, q12\n" - "VST1.32 {q0}, [%[out]]! \n" + /* single block */ + "2: \n" + "VMOV.u32 q15, #0xffffffff \n" + "VADD.u32 q15, q14 \n" + "VMOV.32 q0, q13 \n" + "AESE.8 q0, q1\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q13, q13 \n" /* network order */ + "AESE.8 q0, q2\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q13, q13, q13, #8 \n" + "AESE.8 q0, q3\n" + "AESMC.8 q0, q0\n" + "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ + "VCEQ.i32 q12, q13, q15 \n" + "VEXT.8 q12, q14, q12, #12 \n" + "VSUB.i32 q13, q13, q12 \n" + "AESE.8 q0, q4\n" + "AESMC.8 q0, q0\n" + "SUB r11, r11, #1 \n" + "AESE.8 q0, q5\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q13, q13, q13, #8 \n" + "AESE.8 q0, q6\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q13, q13\n" /* revert from network order */ + "AESE.8 q0, q7\n" + "AESMC.8 q0, q0\n" + "AESE.8 q0, q8\n" + "AESMC.8 q0, q0\n" + "AESE.8 q0, q9\n" + "AESMC.8 q0, q0\n" + "AESE.8 q0, q10\n" + "VLD1.32 {q12}, [%[input]]! \n" + "VEOR.32 q0, q0, q11\n" + "#CTR operations, increment counter and xorbuf \n" + "VEOR.32 q0, q0, q12\n" + "VST1.32 {q0}, [%[out]]! \n" - "3: \n" - "#store current counter qalue at the end \n" - "VST1.32 {q13}, [%[regOut]] \n" + "3: \n" + "#store current counter qalue at the end \n" + "VST1.32 {q13}, [%[regOut]] \n" - :[out] "=r" (out), "=r" (keyPt), [regOut] "=r" (regPt), - "=r" (in) - :"0" (out), [Key] "1" (keyPt), [input] "3" (in), - [blocks] "r" (numBlocks), [reg] "2" (regPt) - : "cc", "memory", "r11", "q0", "q1", "q2", "q3", "q4", "q5", - "q6", "q7", "q8", "q9", "q10","q11","q12","q13","q14", "q15" - ); - break; + :[out] "=r" (out), "=r" (keyPt), [regOut] "=r" (regPt), + "=r" (in) + :"0" (out), [Key] "1" (keyPt), [input] "3" (in), + [blocks] "r" (numBlocks), [reg] "2" (regPt) + : "cc", "memory", "r11", "q0", "q1", "q2", "q3", "q4", "q5", + "q6", "q7", "q8", "q9", "q10","q11","q12","q13","q14", "q15" + ); + break; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 - case 12: /* AES 192 BLOCK */ - __asm__ __volatile__ ( - "MOV r11, %[blocks] \n" - "VLDM %[Key]!, {q1-q4} \n" + case 12: /* AES 192 BLOCK */ + __asm__ __volatile__ ( + "MOV r11, %[blocks] \n" + "VLDM %[Key]!, {q1-q4} \n" - "#Create vector with the value 1 \n" - "VMOV.u32 q15, #1 \n" - "VSHR.u64 q15, q15, #32 \n" - "VLDM %[Key]!, {q5-q8} \n" - "VEOR.32 q14, q14, q14 \n" - "VEXT.8 q14, q15, q14, #8\n" + "#Create vector with the value 1 \n" + "VMOV.u32 q15, #1 \n" + "VSHR.u64 q15, q15, #32 \n" + "VLDM %[Key]!, {q5-q8} \n" + "VEOR.32 q14, q14, q14 \n" + "VEXT.8 q14, q15, q14, #8\n" - "VLDM %[Key]!, {q9-q10} \n" - "VLD1.32 {q13}, [%[reg]]\n" + "VLDM %[Key]!, {q9-q10} \n" + "VLD1.32 {q13}, [%[reg]]\n" - /* double block */ - "1: \n" - "CMP r11, #1 \n" - "BEQ 2f \n" - "CMP r11, #0 \n" - "BEQ 3f \n" + /* double block */ + "1: \n" + "CMP r11, #1 \n" + "BEQ 2f \n" + "CMP r11, #0 \n" + "BEQ 3f \n" - "VMOV.32 q0, q13\n" - "AESE.8 q0, q1\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q13, q13 \n" /* network order */ - "AESE.8 q0, q2\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q13, q13, q13, #8 \n" - "SUB r11, r11, #2 \n" - "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ - "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ - "AESE.8 q0, q3\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q15, q15, q15, #8 \n" - "VEXT.8 q13, q13, q13, #8 \n" - "AESE.8 q0, q4\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q15, q15\n" /* revert from network order */ - "VREV64.8 q13, q13\n" /* revert from network order */ - "AESE.8 q0, q5\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q1\n" - "AESMC.8 q15, q15\n" + "VMOV.32 q0, q13\n" + "AESE.8 q0, q1\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q13, q13 \n" /* network order */ + "AESE.8 q0, q2\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q13, q13, q13, #8 \n" + "SUB r11, r11, #2 \n" + "VMOV.u32 q12, #0xffffffff \n" + "VADD.u32 q12, q14 \n" + "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ + "VCEQ.i32 q13, q15, q12 \n" + "VEXT.8 q13, q14, q13, #12 \n" + "VSUB.i32 q15, q15, q13 \n" + "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ + "VCEQ.i32 q12, q13, q12 \n" + "VEXT.8 q12, q14, q12, #12 \n" + "VSUB.i32 q13, q13, q12 \n" + "AESE.8 q0, q3\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q15, q15, q15, #8 \n" + "VEXT.8 q13, q13, q13, #8 \n" + "AESE.8 q0, q4\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q15, q15\n" /* revert from network order */ + "VREV64.8 q13, q13\n" /* revert from network order */ + "AESE.8 q0, q5\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q1\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q6\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q2\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q6\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q2\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q7\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q3\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q7\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q3\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q8\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q4\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q8\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q4\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q9\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q5\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q9\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q5\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q10\n" - "AESMC.8 q0, q0\n" - "VLD1.32 {q11}, [%[Key]]! \n" - "AESE.8 q15, q6\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q10\n" + "AESMC.8 q0, q0\n" + "VLD1.32 {q11}, [%[Key]]! \n" + "AESE.8 q15, q6\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q11\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q7\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q11\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q7\n" + "AESMC.8 q15, q15\n" - "AESE.8 q15, q8\n" - "AESMC.8 q15, q15\n" + "AESE.8 q15, q8\n" + "AESMC.8 q15, q15\n" - "VLD1.32 {q12}, [%[Key]]! \n" - "AESE.8 q15, q9\n" - "AESMC.8 q15, q15\n" - "AESE.8 q15, q10\n" - "AESMC.8 q15, q15\n" + "VLD1.32 {q12}, [%[Key]]! \n" + "AESE.8 q15, q9\n" + "AESMC.8 q15, q15\n" + "AESE.8 q15, q10\n" + "AESMC.8 q15, q15\n" - "AESE.8 q15, q11\n" - "AESMC.8 q15, q15\n" - "VLD1.32 {q11}, [%[Key]] \n" - "AESE.8 q0, q12\n" - "AESE.8 q15, q12\n" + "AESE.8 q15, q11\n" + "AESMC.8 q15, q15\n" + "VLD1.32 {q11}, [%[Key]] \n" + "AESE.8 q0, q12\n" + "AESE.8 q15, q12\n" - "VLD1.32 {q12}, [%[input]]! \n" - "VEOR.32 q0, q0, q11\n" - "VEOR.32 q15, q15, q11\n" - "VEOR.32 q0, q0, q12\n" + "VLD1.32 {q12}, [%[input]]! \n" + "VEOR.32 q0, q0, q11\n" + "VEOR.32 q15, q15, q11\n" + "VEOR.32 q0, q0, q12\n" - "VLD1.32 {q12}, [%[input]]! \n" - "VST1.32 {q0}, [%[out]]! \n" - "VEOR.32 q15, q15, q12\n" - "VST1.32 {q15}, [%[out]]! \n" - "SUB %[Key], %[Key], #32 \n" + "VLD1.32 {q12}, [%[input]]! \n" + "VST1.32 {q0}, [%[out]]! \n" + "VEOR.32 q15, q15, q12\n" + "VST1.32 {q15}, [%[out]]! \n" + "SUB %[Key], %[Key], #32 \n" - "B 1b \n" + "B 1b \n" - /* single block */ - "2: \n" - "VLD1.32 {q11}, [%[Key]]! \n" - "VMOV.32 q0, q13 \n" - "AESE.8 q0, q1\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q13, q13 \n" /* network order */ - "AESE.8 q0, q2\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q13, q13, q13, #8 \n" - "AESE.8 q0, q3\n" - "AESMC.8 q0, q0\n" - "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ - "AESE.8 q0, q4\n" - "AESMC.8 q0, q0\n" - "SUB r11, r11, #1 \n" - "AESE.8 q0, q5\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q13, q13, q13, #8 \n" - "AESE.8 q0, q6\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q13, q13\n" /* revert from network order */ - "AESE.8 q0, q7\n" - "AESMC.8 q0, q0\n" - "AESE.8 q0, q8\n" - "AESMC.8 q0, q0\n" - "AESE.8 q0, q9\n" - "AESMC.8 q0, q0\n" - "AESE.8 q0, q10\n" - "AESMC.8 q0, q0\n" - "VLD1.32 {q12}, [%[Key]]! \n" - "AESE.8 q0, q11\n" - "AESMC.8 q0, q0\n" - "VLD1.32 {q11}, [%[Key]] \n" - "AESE.8 q0, q12\n" - "VLD1.32 {q12}, [%[input]]! \n" - "VEOR.32 q0, q0, q11\n" - "#CTR operations, increment counter and xorbuf \n" - "VEOR.32 q0, q0, q12\n" - "VST1.32 {q0}, [%[out]]! \n" + /* single block */ + "2: \n" + "VMOV.u32 q15, #0xffffffff \n" + "VADD.u32 q15, q14 \n" + "VLD1.32 {q11}, [%[Key]]! \n" + "VMOV.32 q0, q13 \n" + "AESE.8 q0, q1\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q13, q13 \n" /* network order */ + "AESE.8 q0, q2\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q13, q13, q13, #8 \n" + "AESE.8 q0, q3\n" + "AESMC.8 q0, q0\n" + "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ + "VCEQ.i32 q12, q13, q15 \n" + "VEXT.8 q12, q14, q12, #12 \n" + "VSUB.i32 q13, q13, q12 \n" + "AESE.8 q0, q4\n" + "AESMC.8 q0, q0\n" + "SUB r11, r11, #1 \n" + "AESE.8 q0, q5\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q13, q13, q13, #8 \n" + "AESE.8 q0, q6\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q13, q13\n" /* revert from network order */ + "AESE.8 q0, q7\n" + "AESMC.8 q0, q0\n" + "AESE.8 q0, q8\n" + "AESMC.8 q0, q0\n" + "AESE.8 q0, q9\n" + "AESMC.8 q0, q0\n" + "AESE.8 q0, q10\n" + "AESMC.8 q0, q0\n" + "VLD1.32 {q12}, [%[Key]]! \n" + "AESE.8 q0, q11\n" + "AESMC.8 q0, q0\n" + "VLD1.32 {q11}, [%[Key]] \n" + "AESE.8 q0, q12\n" + "VLD1.32 {q12}, [%[input]]! \n" + "VEOR.32 q0, q0, q11\n" + "#CTR operations, increment counter and xorbuf \n" + "VEOR.32 q0, q0, q12\n" + "VST1.32 {q0}, [%[out]]! \n" - "3: \n" - "#store current counter qalue at the end \n" - "VST1.32 {q13}, [%[regOut]] \n" + "3: \n" + "#store current counter qalue at the end \n" + "VST1.32 {q13}, [%[regOut]] \n" - :[out] "=r" (out), "=r" (keyPt), [regOut] "=r" (regPt), - "=r" (in) - :"0" (out), [Key] "1" (keyPt), [input] "3" (in), - [blocks] "r" (numBlocks), [reg] "2" (regPt) - : "cc", "memory", "r11", "q0", "q1", "q2", "q3", "q4", "q5", - "q6", "q7", "q8", "q9", "q10","q11","q12","q13","q14" - ); - break; + :[out] "=r" (out), "=r" (keyPt), [regOut] "=r" (regPt), + "=r" (in) + :"0" (out), [Key] "1" (keyPt), [input] "3" (in), + [blocks] "r" (numBlocks), [reg] "2" (regPt) + : "cc", "memory", "r11", "q0", "q1", "q2", "q3", "q4", "q5", + "q6", "q7", "q8", "q9", "q10","q11","q12","q13","q14" + ); + break; #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 - case 14: /* AES 256 BLOCK */ - __asm__ __volatile__ ( - "MOV r11, %[blocks] \n" - "VLDM %[Key]!, {q1-q4} \n" + case 14: /* AES 256 BLOCK */ + __asm__ __volatile__ ( + "MOV r11, %[blocks] \n" + "VLDM %[Key]!, {q1-q4} \n" - "#Create vector with the value 1 \n" - "VMOV.u32 q15, #1 \n" - "VSHR.u64 q15, q15, #32 \n" - "VLDM %[Key]!, {q5-q8} \n" - "VEOR.32 q14, q14, q14 \n" - "VEXT.8 q14, q15, q14, #8\n" + "#Create vector with the value 1 \n" + "VMOV.u32 q15, #1 \n" + "VSHR.u64 q15, q15, #32 \n" + "VLDM %[Key]!, {q5-q8} \n" + "VEOR.32 q14, q14, q14 \n" + "VEXT.8 q14, q15, q14, #8\n" - "VLDM %[Key]!, {q9-q10} \n" - "VLD1.32 {q13}, [%[reg]]\n" + "VLDM %[Key]!, {q9-q10} \n" + "VLD1.32 {q13}, [%[reg]]\n" - /* double block */ - "1: \n" - "CMP r11, #1 \n" - "BEQ 2f \n" - "CMP r11, #0 \n" - "BEQ 3f \n" + /* double block */ + "1: \n" + "CMP r11, #1 \n" + "BEQ 2f \n" + "CMP r11, #0 \n" + "BEQ 3f \n" - "VMOV.32 q0, q13 \n" - "AESE.8 q0, q1\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q13, q13 \n" /* network order */ - "AESE.8 q0, q2\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q13, q13, q13, #8 \n" - "SUB r11, r11, #2 \n" - "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ - "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ - "AESE.8 q0, q3\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q15, q15, q15, #8 \n" - "VEXT.8 q13, q13, q13, #8 \n" - "AESE.8 q0, q4\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q15, q15\n" /* revert from network order */ - "AESE.8 q0, q5\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q13, q13\n" /* revert from network order */ - "AESE.8 q15, q1\n" - "AESMC.8 q15, q15\n" + "VMOV.32 q0, q13 \n" + "AESE.8 q0, q1\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q13, q13 \n" /* network order */ + "AESE.8 q0, q2\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q13, q13, q13, #8 \n" + "SUB r11, r11, #2 \n" + "VMOV.u32 q12, #0xffffffff \n" + "VADD.u32 q12, q14 \n" + "VADD.i32 q15, q13, q14 \n" /* add 1 to counter */ + "VCEQ.i32 q13, q15, q12 \n" + "VEXT.8 q13, q14, q13, #12 \n" + "VSUB.i32 q15, q15, q13 \n" + "VADD.i32 q13, q15, q14 \n" /* add 1 to counter */ + "VCEQ.i32 q12, q13, q12 \n" + "VEXT.8 q12, q14, q12, #12 \n" + "VSUB.i32 q13, q13, q12 \n" + "AESE.8 q0, q3\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q15, q15, q15, #8 \n" + "VEXT.8 q13, q13, q13, #8 \n" + "AESE.8 q0, q4\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q15, q15\n" /* revert from network order */ + "AESE.8 q0, q5\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q13, q13\n" /* revert from network order */ + "AESE.8 q15, q1\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q6\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q2\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q6\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q2\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q7\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q3\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q7\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q3\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q8\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q4\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q8\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q4\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q9\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q5\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q9\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q5\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q10\n" - "AESMC.8 q0, q0\n" - "VLD1.32 {q11}, [%[Key]]! \n" - "AESE.8 q15, q6\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q10\n" + "AESMC.8 q0, q0\n" + "VLD1.32 {q11}, [%[Key]]! \n" + "AESE.8 q15, q6\n" + "AESMC.8 q15, q15\n" - "AESE.8 q0, q11\n" - "AESMC.8 q0, q0\n" - "AESE.8 q15, q7\n" - "AESMC.8 q15, q15\n" + "AESE.8 q0, q11\n" + "AESMC.8 q0, q0\n" + "AESE.8 q15, q7\n" + "AESMC.8 q15, q15\n" - "AESE.8 q15, q8\n" - "AESMC.8 q15, q15\n" + "AESE.8 q15, q8\n" + "AESMC.8 q15, q15\n" - "AESE.8 q15, q9\n" - "AESMC.8 q15, q15\n" - "VLD1.32 {q12}, [%[Key]]! \n" - "AESE.8 q15, q10\n" - "AESMC.8 q15, q15\n" + "AESE.8 q15, q9\n" + "AESMC.8 q15, q15\n" + "VLD1.32 {q12}, [%[Key]]! \n" + "AESE.8 q15, q10\n" + "AESMC.8 q15, q15\n" - "AESE.8 q15, q11\n" - "AESMC.8 q15, q15\n" + "AESE.8 q15, q11\n" + "AESMC.8 q15, q15\n" - "VLD1.32 {q11}, [%[Key]]! \n" - "AESE.8 q0, q12\n" /* rnd 12*/ - "AESMC.8 q0, q0\n" - "AESE.8 q15, q12\n" /* rnd 12 */ - "AESMC.8 q15, q15\n" + "VLD1.32 {q11}, [%[Key]]! \n" + "AESE.8 q0, q12\n" /* rnd 12*/ + "AESMC.8 q0, q0\n" + "AESE.8 q15, q12\n" /* rnd 12 */ + "AESMC.8 q15, q15\n" - "VLD1.32 {q12}, [%[Key]]! \n" - "AESE.8 q0, q11\n" /* rnd 13 */ - "AESMC.8 q0, q0\n" - "AESE.8 q15, q11\n" /* rnd 13 */ - "AESMC.8 q15, q15\n" + "VLD1.32 {q12}, [%[Key]]! \n" + "AESE.8 q0, q11\n" /* rnd 13 */ + "AESMC.8 q0, q0\n" + "AESE.8 q15, q11\n" /* rnd 13 */ + "AESMC.8 q15, q15\n" - "VLD1.32 {q11}, [%[Key]] \n" - "AESE.8 q0, q12\n" /* rnd 14 */ - "AESE.8 q15, q12\n" /* rnd 14 */ + "VLD1.32 {q11}, [%[Key]] \n" + "AESE.8 q0, q12\n" /* rnd 14 */ + "AESE.8 q15, q12\n" /* rnd 14 */ - "VLD1.32 {q12}, [%[input]]! \n" - "VEOR.32 q0, q0, q11\n" /* rnd 15 */ - "VEOR.32 q15, q15, q11\n" /* rnd 15 */ - "VEOR.32 q0, q0, q12\n" + "VLD1.32 {q12}, [%[input]]! \n" + "VEOR.32 q0, q0, q11\n" /* rnd 15 */ + "VEOR.32 q15, q15, q11\n" /* rnd 15 */ + "VEOR.32 q0, q0, q12\n" - "VLD1.32 {q12}, [%[input]]! \n" - "VST1.32 {q0}, [%[out]]! \n" - "VEOR.32 q15, q15, q12\n" - "VST1.32 {q15}, [%[out]]! \n" - "SUB %[Key], %[Key], #64 \n" + "VLD1.32 {q12}, [%[input]]! \n" + "VST1.32 {q0}, [%[out]]! \n" + "VEOR.32 q15, q15, q12\n" + "VST1.32 {q15}, [%[out]]! \n" + "SUB %[Key], %[Key], #64 \n" - /* single block */ - "B 1b \n" + /* single block */ + "B 1b \n" - "2: \n" - "VLD1.32 {q11}, [%[Key]]! \n" - "VMOV.32 q0, q13 \n" - "AESE.8 q0, q1\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q13, q13 \n" /* network order */ - "AESE.8 q0, q2\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q13, q13, q13, #8 \n" - "AESE.8 q0, q3\n" - "AESMC.8 q0, q0\n" - "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ - "AESE.8 q0, q4\n" - "AESMC.8 q0, q0\n" - "AESE.8 q0, q5\n" - "AESMC.8 q0, q0\n" - "VEXT.8 q13, q13, q13, #8 \n" - "AESE.8 q0, q6\n" - "AESMC.8 q0, q0\n" - "VREV64.8 q13, q13\n" /* revert from network order */ - "AESE.8 q0, q7\n" - "AESMC.8 q0, q0\n" - "AESE.8 q0, q8\n" - "AESMC.8 q0, q0\n" - "AESE.8 q0, q9\n" - "AESMC.8 q0, q0\n" - "AESE.8 q0, q10\n" - "AESMC.8 q0, q0\n" - "VLD1.32 {q12}, [%[Key]]! \n" - "AESE.8 q0, q11\n" - "AESMC.8 q0, q0\n" - "VLD1.32 {q11}, [%[Key]]! \n" - "AESE.8 q0, q12\n" /* rnd 12 */ - "AESMC.8 q0, q0\n" - "VLD1.32 {q12}, [%[Key]]! \n" - "AESE.8 q0, q11\n" /* rnd 13 */ - "AESMC.8 q0, q0\n" - "VLD1.32 {q11}, [%[Key]] \n" - "AESE.8 q0, q12\n" /* rnd 14 */ - "VLD1.32 {q12}, [%[input]]! \n" - "VEOR.32 q0, q0, q11\n" /* rnd 15 */ - "#CTR operations, increment counter and xorbuf \n" - "VEOR.32 q0, q0, q12\n" - "VST1.32 {q0}, [%[out]]! \n" + "2: \n" + "VMOV.u32 q15, #0xffffffff \n" + "VADD.u32 q15, q14 \n" + "VLD1.32 {q11}, [%[Key]]! \n" + "VMOV.32 q0, q13 \n" + "AESE.8 q0, q1\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q13, q13 \n" /* network order */ + "AESE.8 q0, q2\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q13, q13, q13, #8 \n" + "AESE.8 q0, q3\n" + "AESMC.8 q0, q0\n" + "VADD.i32 q13, q13, q14 \n" /* add 1 to counter */ + "VCEQ.i32 q12, q13, q15 \n" + "VEXT.8 q12, q14, q12, #12 \n" + "VSUB.i32 q13, q13, q12 \n" + "AESE.8 q0, q4\n" + "AESMC.8 q0, q0\n" + "AESE.8 q0, q5\n" + "AESMC.8 q0, q0\n" + "VEXT.8 q13, q13, q13, #8 \n" + "AESE.8 q0, q6\n" + "AESMC.8 q0, q0\n" + "VREV64.8 q13, q13\n" /* revert from network order */ + "AESE.8 q0, q7\n" + "AESMC.8 q0, q0\n" + "AESE.8 q0, q8\n" + "AESMC.8 q0, q0\n" + "AESE.8 q0, q9\n" + "AESMC.8 q0, q0\n" + "AESE.8 q0, q10\n" + "AESMC.8 q0, q0\n" + "VLD1.32 {q12}, [%[Key]]! \n" + "AESE.8 q0, q11\n" + "AESMC.8 q0, q0\n" + "VLD1.32 {q11}, [%[Key]]! \n" + "AESE.8 q0, q12\n" /* rnd 12 */ + "AESMC.8 q0, q0\n" + "VLD1.32 {q12}, [%[Key]]! \n" + "AESE.8 q0, q11\n" /* rnd 13 */ + "AESMC.8 q0, q0\n" + "VLD1.32 {q11}, [%[Key]] \n" + "AESE.8 q0, q12\n" /* rnd 14 */ + "VLD1.32 {q12}, [%[input]]! \n" + "VEOR.32 q0, q0, q11\n" /* rnd 15 */ + "#CTR operations, increment counter and xorbuf \n" + "VEOR.32 q0, q0, q12\n" + "VST1.32 {q0}, [%[out]]! \n" - "3: \n" - "#store current counter qalue at the end \n" - "VST1.32 {q13}, [%[regOut]] \n" + "3: \n" + "#store current counter qalue at the end \n" + "VST1.32 {q13}, [%[regOut]] \n" - :[out] "=r" (out), "=r" (keyPt), [regOut] "=r" (regPt), - "=r" (in) - :"0" (out), [Key] "1" (keyPt), [input] "3" (in), - [blocks] "r" (numBlocks), [reg] "2" (regPt) - : "cc", "memory", "r11", "q0", "q1", "q2", "q3", "q4", "q5", - "q6", "q7", "q8", "q9", "q10","q11","q12","q13","q14" - ); - break; + :[out] "=r" (out), "=r" (keyPt), [regOut] "=r" (regPt), + "=r" (in) + :"0" (out), [Key] "1" (keyPt), [input] "3" (in), + [blocks] "r" (numBlocks), [reg] "2" (regPt) + : "cc", "memory", "r11", "q0", "q1", "q2", "q3", "q4", "q5", + "q6", "q7", "q8", "q9", "q10","q11","q12","q13","q14" + ); + break; #endif /* WOLFSSL_AES_256 */ - default: - WOLFSSL_MSG("Bad AES-CTR round qalue"); - return BAD_FUNC_ARG; - } + } +} - aes->left = 0; - } +int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + byte* tmp; + word32 numBlocks; - /* handle non block size remaining */ - if (sz) { - wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp); - IncrementAesCounter((byte*)aes->reg); + if (aes == NULL || out == NULL || in == NULL) { + return BAD_FUNC_ARG; + } + switch(aes->rounds) { + #ifdef WOLFSSL_AES_128 + case 10: /* AES 128 BLOCK */ + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + case 12: /* AES 192 BLOCK */ + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + case 14: /* AES 256 BLOCK */ + #endif /* WOLFSSL_AES_256 */ + break; + default: + WOLFSSL_MSG("Bad AES-CTR round value"); + return BAD_FUNC_ARG; + } - aes->left = AES_BLOCK_SIZE; - tmp = (byte*)aes->tmp; - while (sz--) { - *(out++) = *(in++) ^ *(tmp++); - aes->left--; - } - } + tmp = (byte*)aes->tmp + AES_BLOCK_SIZE - aes->left; - return 0; + /* consume any unused bytes left in aes->tmp */ + while ((aes->left != 0) && (sz != 0)) { + *(out++) = *(in++) ^ *(tmp++); + aes->left--; + sz--; + } + + /* do as many block size ops as possible */ + numBlocks = sz / AES_BLOCK_SIZE; + if (numBlocks > 0) { + wc_aes_ctr_encrypt_asm(aes, out, in, numBlocks); + + sz -= numBlocks * AES_BLOCK_SIZE; + out += numBlocks * AES_BLOCK_SIZE; + in += numBlocks * AES_BLOCK_SIZE; + } + + /* handle non block size remaining */ + if (sz) { + byte zeros[AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0 }; + wc_aes_ctr_encrypt_asm(aes, (byte*)aes->tmp, zeros, 1); + + aes->left = AES_BLOCK_SIZE; + tmp = (byte*)aes->tmp; + + while (sz--) { + *(out++) = *(in++) ^ *(tmp++); + aes->left--; } + } + return 0; +} #endif /* WOLFSSL_AES_COUNTER */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 955aa304d..6b5d8ecd2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -8946,6 +8946,14 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86, 0xd3,0xda,0xe1,0x5b,0x04 }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr128WrapCipherLong[] = + { + 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62, + 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86, + 0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f, + 0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e + }; #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -8970,9 +8978,17 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) WOLFSSL_SMALL_STACK_STATIC const byte ctr192WrapCipher[] = { - 0xd4,0x45,0x1f,0xc8,0xa4,0x71,0xbf,0xd9, - 0x61,0xe2,0xec,0xa8,0x4d,0x80,0x7b,0x81, - 0xf8,0xd4,0x6f,0xa1,0x38 + 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67, + 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98, + 0x8c,0x68,0xa7,0xd9,0x57 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192WrapCipherLong[] = + { + 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67, + 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98, + 0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f, + 0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a, }; #endif #ifdef WOLFSSL_AES_256 @@ -8998,9 +9014,17 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) WOLFSSL_SMALL_STACK_STATIC const byte ctr256WrapCipher[] = { - 0xed,0x4b,0xc8,0xa8,0x5c,0x84,0xae,0x14, - 0xc4,0x6e,0xb2,0x25,0xba,0xf7,0x4f,0x47, - 0x38,0xf1,0xe2,0xee,0x3d + 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48, + 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6, + 0x4b,0x45,0x7c,0xd6,0x8a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256WrapCipherLong[] = + { + 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48, + 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6, + 0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a, + 0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05, }; #endif @@ -9076,13 +9100,13 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) ERROR_OUT(-5945, out); /* When more than a block but less than two and wrapping ctr */ - ret = wc_AesSetKeyDirect(enc, ctr128Key, AES_BLOCK_SIZE, + ret = wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key), ctrIvWrap, AES_ENCRYPTION); if (ret != 0) { ERROR_OUT(-5946, out); } /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr128Key, AES_BLOCK_SIZE, + ret = wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key), ctrIvWrap, AES_ENCRYPTION); if (ret != 0) { ERROR_OUT(-5947, out); @@ -9092,7 +9116,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) if (ret != 0) { ERROR_OUT(-5948, out); } - ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr128WrapCipher)); + ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr128WrapCipher)); if (ret != 0) { ERROR_OUT(-5949, out); } @@ -9102,6 +9126,36 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) if (XMEMCMP(cipher, ctr128WrapCipher, sizeof(ctr128WrapCipher))) ERROR_OUT(-5951, out); + + /* When more than a block but less than two and wrapping ctr */ + ret = wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key), + ctrIvWrap, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(-5952, out); + } + /* Ctr only uses encrypt, even on key setup */ + ret = wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key), + ctrIvWrap, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(-5953, out); + } + + ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, + sizeof(ctr128WrapCipherLong)); + if (ret != 0) { + ERROR_OUT(-5954, out); + } + ret = wc_AesCtrEncrypt(dec, plain, cipher, + sizeof(ctr128WrapCipherLong)); + if (ret != 0) { + ERROR_OUT(-5955, out); + } + + if (XMEMCMP(plain, ctrPlain, sizeof(ctr128WrapCipherLong))) + ERROR_OUT(-5956, out); + + if (XMEMCMP(cipher, ctr128WrapCipherLong, sizeof(ctr128WrapCipherLong))) + ERROR_OUT(-5957, out); #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -9109,58 +9163,88 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key), ctrIv, AES_ENCRYPTION); if (ret != 0) { - ERROR_OUT(-5952, out); + ERROR_OUT(-5958, out); } /* Ctr only uses encrypt, even on key setup */ ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key), ctrIv, AES_ENCRYPTION); if (ret != 0) { - ERROR_OUT(-5953, out); + ERROR_OUT(-5959, out); } XMEMSET(plain, 0, sizeof(plain)); ret = wc_AesCtrEncrypt(enc, plain, ctr192Cipher, sizeof(ctr192Cipher)); if (ret != 0) { - ERROR_OUT(-5954, out); + ERROR_OUT(-5960, out); } if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher))) - ERROR_OUT(-5955, out); + ERROR_OUT(-5961, out); ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain)); if (ret != 0) { - ERROR_OUT(-5956, out); + ERROR_OUT(-5962, out); } if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher))) - ERROR_OUT(-5957, out); + ERROR_OUT(-5963, out); /* When more than a block but less than two and wrapping ctr */ - ret = wc_AesSetKeyDirect(enc, ctr192Key, AES_BLOCK_SIZE, + ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key), ctrIvWrap, AES_ENCRYPTION); if (ret != 0) { - ERROR_OUT(-5958, out); + ERROR_OUT(-5964, out); } /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr192Key, AES_BLOCK_SIZE, + ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key), ctrIvWrap, AES_ENCRYPTION); if (ret != 0) { - ERROR_OUT(-5959, out); + ERROR_OUT(-5965, out); } ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctr192WrapCipher)); if (ret != 0) { - ERROR_OUT(-5960, out); + ERROR_OUT(-5966, out); } ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr192WrapCipher)); if (ret != 0) { - ERROR_OUT(-5961, out); + ERROR_OUT(-5967, out); } if (XMEMCMP(plain, ctrPlain, sizeof(ctr192WrapCipher))) - ERROR_OUT(-5962, out); + ERROR_OUT(-5968, out); if (XMEMCMP(cipher, ctr192WrapCipher, sizeof(ctr192WrapCipher))) - ERROR_OUT(-5963, out); + ERROR_OUT(-5969, out); + + /* When more than a block but less than two and wrapping ctr */ + ret = wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key), + ctrIvWrap, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(-5970, out); + } + /* Ctr only uses encrypt, even on key setup */ + ret = wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key), + ctrIvWrap, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(-5971, out); + } + + ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, + sizeof(ctr192WrapCipherLong)); + if (ret != 0) { + ERROR_OUT(-5972, out); + } + ret = wc_AesCtrEncrypt(dec, plain, cipher, + sizeof(ctr192WrapCipherLong)); + if (ret != 0) { + ERROR_OUT(-5973, out); + } + + if (XMEMCMP(plain, ctrPlain, sizeof(ctr192WrapCipherLong))) + ERROR_OUT(-5974, out); + + if (XMEMCMP(cipher, ctr192WrapCipherLong, sizeof(ctr192WrapCipherLong))) + ERROR_OUT(-5975, out); #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -9168,58 +9252,88 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key), ctrIv, AES_ENCRYPTION); if (ret != 0) { - ERROR_OUT(-5964, out); + ERROR_OUT(-5976, out); } /* Ctr only uses encrypt, even on key setup */ ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key), ctrIv, AES_ENCRYPTION); if (ret != 0) { - ERROR_OUT(-5965, out); + ERROR_OUT(-5977, out); } XMEMSET(plain, 0, sizeof(plain)); ret = wc_AesCtrEncrypt(enc, plain, ctr256Cipher, sizeof(ctr256Cipher)); if (ret != 0) { - ERROR_OUT(-5966, out); + ERROR_OUT(-5978, out); } if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain))) - ERROR_OUT(-5967, out); + ERROR_OUT(-5979, out); ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain)); if (ret != 0) { - ERROR_OUT(-5968, out); + ERROR_OUT(-5980, out); } if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher))) - ERROR_OUT(-5969, out); + ERROR_OUT(-5981, out); /* When more than a block but less than two and wrapping ctr */ - ret = wc_AesSetKeyDirect(enc, ctr256Key, AES_BLOCK_SIZE, + ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key), ctrIvWrap, AES_ENCRYPTION); if (ret != 0) { - ERROR_OUT(-5970, out); + ERROR_OUT(-5982, out); } /* Ctr only uses encrypt, even on key setup */ - ret = wc_AesSetKeyDirect(dec, ctr256Key, AES_BLOCK_SIZE, + ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key), ctrIvWrap, AES_ENCRYPTION); if (ret != 0) { - ERROR_OUT(-5971, out); + ERROR_OUT(-5983, out); } ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctr256WrapCipher)); if (ret != 0) { - ERROR_OUT(-5972, out); + ERROR_OUT(-5984, out); } ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctr256WrapCipher)); if (ret != 0) { - ERROR_OUT(-5973, out); + ERROR_OUT(-5985, out); } if (XMEMCMP(plain, ctrPlain, sizeof(ctr256WrapCipher))) - ERROR_OUT(-5974, out); + ERROR_OUT(-5986, out); if (XMEMCMP(cipher, ctr256WrapCipher, sizeof(ctr256WrapCipher))) - ERROR_OUT(-5975, out); + ERROR_OUT(-5987, out); + + /* When more than a block but less than two and wrapping ctr */ + ret = wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key), + ctrIvWrap, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(-5888, out); + } + /* Ctr only uses encrypt, even on key setup */ + ret = wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key), + ctrIvWrap, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(-5989, out); + } + + ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, + sizeof(ctr256WrapCipherLong)); + if (ret != 0) { + ERROR_OUT(-5990, out); + } + ret = wc_AesCtrEncrypt(dec, plain, cipher, + sizeof(ctr256WrapCipherLong)); + if (ret != 0) { + ERROR_OUT(-5991, out); + } + + if (XMEMCMP(plain, ctrPlain, sizeof(ctr256WrapCipherLong))) + ERROR_OUT(-5992, out); + + if (XMEMCMP(cipher, ctr256WrapCipherLong, sizeof(ctr256WrapCipherLong))) + ERROR_OUT(-5993, out); #endif /* WOLFSSL_AES_256 */ } #endif /* WOLFSSL_AES_COUNTER */ @@ -9249,34 +9363,34 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) XMEMSET(cipher, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); if (ret != 0) - ERROR_OUT(-5976, out); + ERROR_OUT(-5994, out); #if !defined(HAVE_SELFTEST) && \ (defined(WOLFSSL_LINUXKM) || \ !defined(HAVE_FIPS) || \ (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) if (wc_AesEncryptDirect(enc, cipher, niPlain) != 0) - ERROR_OUT(-5977, out); + ERROR_OUT(-5995, out); #else wc_AesEncryptDirect(enc, cipher, niPlain); #endif if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) - ERROR_OUT(-5978, out); + ERROR_OUT(-5996, out); XMEMSET(plain, 0, AES_BLOCK_SIZE); ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); if (ret != 0) - ERROR_OUT(-5979, out); + ERROR_OUT(-5997, out); #if !defined(HAVE_SELFTEST) && \ (defined(WOLFSSL_LINUXKM) || \ !defined(HAVE_FIPS) || \ (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) if (wc_AesDecryptDirect(dec, plain, niCipher) != 0) - ERROR_OUT(-5980, out); + ERROR_OUT(-5998, out); #else wc_AesDecryptDirect(dec, plain, niCipher); #endif if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) - ERROR_OUT(-5981, out); + ERROR_OUT(-5999, out); } #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */