From cf1575fafbb897ada3e19dee0e74288d11a5e40f Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Sat, 23 Dec 2017 13:02:16 -0700 Subject: [PATCH] AES-GCM performance enhancement --- wolfcrypt/src/aes.c | 45 +++++++++++++++++++++++++++++++++++- wolfssl/wolfcrypt/settings.h | 6 +++++ 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index aba26594b..29274b74d 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -3050,6 +3050,11 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #endif /* HAVE_AES_CBC */ #ifdef HAVE_AES_ECB +#ifdef WOLFSSL_IMX6_CAAM + /* implemented in wolfcrypt/src/port/caam/caam_aes.c */ +#else + +/* software implementation */ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { word32 blocks = sz / AES_BLOCK_SIZE; @@ -3083,6 +3088,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) return 0; } #endif +#endif /* AES-CTR */ #if defined(WOLFSSL_AES_COUNTER) @@ -6955,6 +6961,25 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, } /* process remainder using partial handling */ #endif + +#if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) + /* some hardware acceleration can gain performance from doing AES encryption + * of the whole buffer at once */ + if (c != p) { /* can not handle inline encryption */ + while (blocks--) { + IncrementGcmCounter(ctr); + XMEMCPY(c, ctr, AES_BLOCK_SIZE); + c += AES_BLOCK_SIZE; + } + + /* reset number of blocks and then do encryption */ + blocks = sz / AES_BLOCK_SIZE; + wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks); + xorbuf(out, p, AES_BLOCK_SIZE * blocks); + p += AES_BLOCK_SIZE * blocks; + } + else +#endif /* HAVE_AES_ECB */ while (blocks--) { IncrementGcmCounter(ctr); #ifndef WOLFSSL_PIC32MZ_CRYPT @@ -7234,6 +7259,24 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, /* process remainder using partial handling */ #endif +#if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) + /* some hardware acceleration can gain performance from doing AES encryption + * of the whole buffer at once */ + if (c != p) { /* can not handle inline decryption */ + while (blocks--) { + IncrementGcmCounter(ctr); + XMEMCPY(p, ctr, AES_BLOCK_SIZE); + p += AES_BLOCK_SIZE; + } + + /* reset number of blocks and then do encryption */ + blocks = sz / AES_BLOCK_SIZE; + wc_AesEcbEncrypt(aes, out, out, AES_BLOCK_SIZE * blocks); + xorbuf(out, c, AES_BLOCK_SIZE * blocks); + c += AES_BLOCK_SIZE * blocks; + } + else +#endif /* HAVE_AES_ECB */ while (blocks--) { IncrementGcmCounter(ctr); #ifndef WOLFSSL_PIC32MZ_CRYPT @@ -7244,13 +7287,13 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, p += AES_BLOCK_SIZE; c += AES_BLOCK_SIZE; } + if (partial != 0) { IncrementGcmCounter(ctr); wc_AesEncrypt(aes, ctr, scratch); xorbuf(scratch, c, partial); XMEMCPY(p, scratch, partial); } - #endif return ret; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 63ba2ecfc..ca45eabb6 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1196,6 +1196,12 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_IMX6_CAAM_BLOB #define WOLFSSL_IMX6_CAAM_BLOB + +#ifdef HAVE_AESGCM + /* large performance gain with HAVE_AES_ECB defined */ + #undef HAVE_AES_ECB + #define HAVE_AES_ECB +#endif #endif #if !defined(XMALLOC_USER) && !defined(MICRIUM_MALLOC) && \