diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml index 9d1761673..c01bcbb03 100644 --- a/.github/workflows/os-check.yml +++ b/.github/workflows/os-check.yml @@ -65,6 +65,7 @@ jobs: --enable-cert-setup-cb --enable-sessioncerts', '--disable-sni --disable-ecc --disable-tls13 --disable-secure-renegotiation-info', 'CPPFLAGS=-DWOLFSSL_BLIND_PRIVATE_KEY', + '--enable-all --enable-certgencache', ] name: make check if: github.repository_owner == 'wolfssl' diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index ca9dc8cce..52270c6eb 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -663,6 +663,7 @@ WOLFSSL_ALLOW_TLS_SHA1 WOLFSSL_ALTERNATIVE_DOWNGRADE WOLFSSL_ALT_NAMES_NO_REV WOLFSSL_ARM_ARCH_NEON_64BIT +WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP WOLFSSL_ASCON_UNROLL WOLFSSL_ASNC_CRYPT WOLFSSL_ASN_EXTRA diff --git a/CMakeLists.txt b/CMakeLists.txt index 12bcf1031..a23cb522f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2693,6 +2693,18 @@ if(WOLFSSL_EXAMPLES) tests/api/test_ossl_mac.c tests/api/test_ossl_rsa.c tests/api/test_ossl_sk.c + tests/api/test_ossl_x509.c + tests/api/test_ossl_x509_ext.c + tests/api/test_ossl_x509_name.c + tests/api/test_ossl_x509_pk.c + tests/api/test_ossl_x509_vp.c + tests/api/test_ossl_x509_io.c + tests/api/test_ossl_x509_crypto.c + tests/api/test_ossl_x509_acert.c + tests/api/test_ossl_x509_info.c + tests/api/test_ossl_x509_str.c + tests/api/test_ossl_x509_lu.c + tests/api/test_ossl_pem.c tests/api/test_tls13.c tests/srp.c tests/suites.c diff --git a/IDE/Renesas/e2studio/RA6M4/include.am b/IDE/Renesas/e2studio/RA6M4/include.am index db3f280f3..11ca06680 100644 --- a/IDE/Renesas/e2studio/RA6M4/include.am +++ b/IDE/Renesas/e2studio/RA6M4/include.am @@ -17,3 +17,7 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h +EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/README.md +EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh +EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem +EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem diff --git a/linuxkm/Makefile b/linuxkm/Makefile index 4cd05cf96..4e48291de 100644 --- a/linuxkm/Makefile +++ b/linuxkm/Makefile @@ -104,21 +104,41 @@ ifndef MAKE_TMPDIR endif GENERATE_SECTION_MAP := $(AWK) 'BEGIN { printf("") >ENVIRON["SECTION_MAP"]; } \ - { \ - if ($$7 !~ "^[0-9]+$$") \ - next; \ - if ($$4 == "SECTION") { \ - sections[$$7] = $$8; \ - next; \ + /^Section Headers:/ { \ + in_sections = 1; \ + in_symbols = 0; \ + next; \ + } \ + /^Symbol table / { \ + if (! in_sections) { \ + print "symbol table appeared before section headers." >"/dev/stderr"; \ + exit(1); \ } \ - if (($$4 == "NOTYPE") || ($$4 == "OBJECT") || ($$4 == "FUNC")) { \ - if (($$8 == "$$d") || ($$8 == "$$t")) \ + in_sections = 0; \ + in_symbols = 1; \ + next; \ + } \ + { \ + if (in_sections) { \ + if (match($$0, \ + "^[[:space:]]*\\[[[:space:]]*([0-9]+)[[:space:]]*\\][[:space:]]+([^[:space:]]+)[[:space:]]",\ + section_line_a)) { \ + sections[section_line_a[1]] = section_line_a[2]; \ next; \ - if ($$7 in sections) { \ - if (sections[$$7] ~ "_wolfcrypt$$") \ - print $$8 "\t" sections[$$7] >>ENVIRON["SECTION_MAP"]; \ - } else \ - print $$8 " is in section " $$7 " with no name mapping." >"/dev/stderr";\ + } \ + } \ + if (in_symbols) { \ + if ($$7 !~ "^[0-9]+$$") \ + next; \ + if (($$4 == "NOTYPE") || ($$4 == "OBJECT") || ($$4 == "FUNC")) { \ + if (($$8 == "$$d") || ($$8 == "$$t")) \ + next; \ + if ($$7 in sections) { \ + if (sections[$$7] ~ "_wolfcrypt$$") \ + print $$8 "\t" sections[$$7] >>ENVIRON["SECTION_MAP"]; \ + } else \ + print $$8 " is in section " $$7 " with no name mapping." >"/dev/stderr";\ + } \ } \ }' @@ -272,7 +292,7 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes" @SECTION_MAP=$$(mktemp) @trap 'rm "$$SECTION_MAP"' EXIT @export SECTION_MAP - @$(READELF) --wide --symbols "$@" | $(GENERATE_SECTION_MAP) + @$(READELF) --wide --sections --symbols "$@" | $(GENERATE_SECTION_MAP) @$(READELF) --wide --relocs "$@" | $(GENERATE_RELOC_TAB) >| '$(MODULE_TOP)/linuxkm/wc_linuxkm_pie_reloc_tab.c' +$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE= @$(READELF) --wide --relocs "$@" | $(GENERATE_RELOC_TAB) >| "$$RELOC_TMP" diff --git a/linuxkm/include.am b/linuxkm/include.am index 353911615..2dd41b815 100644 --- a/linuxkm/include.am +++ b/linuxkm/include.am @@ -24,6 +24,7 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \ linuxkm/patches/5.10.236/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v10v236.patch \ linuxkm/patches/5.15/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v15.patch \ linuxkm/patches/5.17/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17.patch \ + linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch \ linuxkm/patches/6.1.73/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v1v73.patch \ linuxkm/patches/6.12/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v12.patch \ linuxkm/patches/6.15/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v15.patch diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c index 1819fad7a..ef14524a4 100644 --- a/linuxkm/lkcapi_sha_glue.c +++ b/linuxkm/lkcapi_sha_glue.c @@ -1073,17 +1073,17 @@ static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) { return NULL; } - #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) if (tfm == crypto_default_rng) { + #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) migrate_disable(); /* this actually makes irq_count() nonzero, so that * DISABLE_VECTOR_REGISTERS() is superfluous, but * don't depend on that. */ + #endif + local_bh_disable(); new_lock_value = 2; } else - #endif { new_lock_value = 1; } @@ -1104,7 +1104,9 @@ static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) { } /* get_drbg_n() is used by bulk seed, mix-in, and reseed operations. It expects - * the caller to be able to wait until the requested DRBG is available. + * the caller to be able to wait until the requested DRBG is available. If the + * caller can't sleep and the requested DRBG is busy, it returns immediately -- + * this avoids priority inversions and deadlocks. */ static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, int n) { int can_sleep = (preempt_count() == 0); @@ -1119,23 +1121,22 @@ static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, in cond_resched(); } else - cpu_relax(); + return NULL; } __builtin_unreachable(); } static inline void put_drbg(struct wc_rng_inst *drbg) { - #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) int migration_disabled = (drbg->lock == 2); - #endif __atomic_store_n(&(drbg->lock),0,__ATOMIC_RELEASE); - #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) - if (migration_disabled) + + if (migration_disabled) { + local_bh_enable(); + #if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) migrate_enable(); - #endif + #endif + } } static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm, diff --git a/linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch b/linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch new file mode 100644 index 000000000..eea4a90e8 --- /dev/null +++ b/linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch @@ -0,0 +1,462 @@ +--- 5.17-ubuntu-jammy-tegra/drivers/char/random.c.dist 2025-12-10 09:55:51.740854778 -0600 ++++ 5.17-ubuntu-jammy-tegra/drivers/char/random.c 2025-12-10 10:19:00.414922381 -0600 +@@ -60,6 +60,260 @@ + #include + #include + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ ++#include ++ ++static atomic_long_t random_bytes_cb_owner = ++ ATOMIC_INIT((long)NULL); ++static atomic_t random_bytes_cb_refcnt = ++ ATOMIC_INIT(0); /* 0 if unregistered, 1 if no calls in flight. */ ++static _get_random_bytes_cb_t _get_random_bytes_cb = NULL; ++static get_random_bytes_user_cb_t get_random_bytes_user_cb = NULL; ++static crng_ready_cb_t crng_ready_cb = NULL; ++static mix_pool_bytes_cb_t mix_pool_bytes_cb = NULL; ++static credit_init_bits_cb_t credit_init_bits_cb = NULL; ++static crng_reseed_cb_t crng_reseed_cb = NULL; ++ ++int wolfssl_linuxkm_register_random_bytes_handlers( ++ struct module *new_random_bytes_cb_owner, ++ const struct wolfssl_linuxkm_random_bytes_handlers *handlers) ++{ ++ if ((! new_random_bytes_cb_owner) || ++ (! handlers) || ++ (! handlers->_get_random_bytes) || ++ (! handlers->get_random_bytes_user)) ++ { ++ return -EINVAL; ++ } ++ ++ /* random_bytes_cb_owner is used to enforce serialization of ++ * wolfssl_register_random_bytes_handlers() and ++ * wolfssl_unregister_random_bytes_handlers(). ++ */ ++ if (atomic_long_cmpxchg(&random_bytes_cb_owner, ++ (long)NULL, ++ (long)new_random_bytes_cb_owner) ++ != (long)NULL) ++ { ++ return -EBUSY; ++ } ++ ++ { ++ int current_random_bytes_cb_refcnt = atomic_read(&random_bytes_cb_refcnt); ++ if (current_random_bytes_cb_refcnt) { ++ pr_err("BUG: random_bytes_cb_refcnt == %d with null random_bytes_cb_owner", current_random_bytes_cb_refcnt); ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ return -EFAULT; ++ } ++ } ++ ++ if (! try_module_get(new_random_bytes_cb_owner)) { ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ return -ENODEV; ++ } ++ ++ _get_random_bytes_cb = handlers->_get_random_bytes; ++ get_random_bytes_user_cb = handlers->get_random_bytes_user; ++ crng_ready_cb = handlers->crng_ready; ++ mix_pool_bytes_cb = handlers->mix_pool_bytes; ++ credit_init_bits_cb = handlers->credit_init_bits; ++ crng_reseed_cb = handlers->crng_reseed; ++ ++ barrier(); ++ atomic_set_release(&random_bytes_cb_refcnt, 1); ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(wolfssl_linuxkm_register_random_bytes_handlers); ++ ++int wolfssl_linuxkm_unregister_random_bytes_handlers(void) ++{ ++ int current_random_bytes_cb_refcnt; ++ int n_tries; ++ if (! atomic_long_read(&random_bytes_cb_owner)) ++ return -ENODEV; ++ ++ /* we're racing the kernel at large to try to catch random_bytes_cb_refcnt ++ * with no callers in flight -- retry and relax up to 100 times. ++ */ ++ for (n_tries = 0; n_tries < 100; ++n_tries) { ++ current_random_bytes_cb_refcnt = atomic_cmpxchg(&random_bytes_cb_refcnt, 1, 0); ++ if (current_random_bytes_cb_refcnt == 1) ++ break; ++ if (current_random_bytes_cb_refcnt < 0) { ++ pr_err("BUG: random_bytes_cb_refcnt is %d in wolfssl_linuxkm_unregister_random_bytes_handlers.", current_random_bytes_cb_refcnt); ++ break; ++ } ++ if (msleep_interruptible(10) != 0) ++ return -EINTR; ++ } ++ if (current_random_bytes_cb_refcnt != 1) { ++ pr_warn("WARNING: wolfssl_unregister_random_bytes_handlers called with random_bytes_cb_refcnt == %d", current_random_bytes_cb_refcnt); ++ return -EBUSY; ++ } ++ ++ _get_random_bytes_cb = NULL; ++ get_random_bytes_user_cb = NULL; ++ crng_ready_cb = NULL; ++ mix_pool_bytes_cb = NULL; ++ credit_init_bits_cb = NULL; ++ crng_reseed_cb = NULL; ++ ++ module_put((struct module *)atomic_long_read(&random_bytes_cb_owner)); ++ barrier(); ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(wolfssl_linuxkm_unregister_random_bytes_handlers); ++ ++static __always_inline int reserve_random_bytes_cb(void) { ++ int current_random_bytes_cb_refcnt = ++ atomic_read_acquire(&random_bytes_cb_refcnt); ++ ++ if (! current_random_bytes_cb_refcnt) ++ return -ENODEV; ++ ++ if (current_random_bytes_cb_refcnt < 0) { ++ pr_err("BUG: random_bytes_cb_refcnt is %d in reserve_random_bytes_cb.", current_random_bytes_cb_refcnt); ++ return -EFAULT; ++ } ++ ++ for (;;) { ++ int orig_random_bytes_cb_refcnt = ++ atomic_cmpxchg( ++ &random_bytes_cb_refcnt, ++ current_random_bytes_cb_refcnt, ++ current_random_bytes_cb_refcnt + 1); ++ if (orig_random_bytes_cb_refcnt == current_random_bytes_cb_refcnt) ++ return 0; ++ else if (! orig_random_bytes_cb_refcnt) ++ return -ENODEV; ++ else ++ current_random_bytes_cb_refcnt = orig_random_bytes_cb_refcnt; ++ } ++ ++ __builtin_unreachable(); ++} ++ ++static __always_inline void release_random_bytes_cb(void) { ++ atomic_dec(&random_bytes_cb_refcnt); ++} ++ ++static inline int call__get_random_bytes_cb(void *buf, size_t len) ++{ ++ int ret; ++ ++ if (! _get_random_bytes_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = _get_random_bytes_cb(buf, len); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline ssize_t call_get_random_bytes_user_cb(struct iov_iter *iter) ++{ ++ ssize_t ret; ++ ++ if (! get_random_bytes_user_cb) ++ return -ECANCELED; ++ ++ ret = (ssize_t)reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = get_random_bytes_user_cb(iter); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline bool call_crng_ready_cb(void) ++{ ++ bool ret; ++ ++ /* Null crng_ready_cb signifies that the DRBG is always ready, i.e. that if ++ * called, it will always have or obtain sufficient entropy to fulfill the ++ * call. ++ */ ++ if (! crng_ready_cb) ++ return 1; ++ ++ if (reserve_random_bytes_cb() != 0) ++ return 0; ++ ++ ret = crng_ready_cb(); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_mix_pool_bytes_cb(const void *buf, size_t len) ++{ ++ int ret; ++ ++ if (! mix_pool_bytes_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = mix_pool_bytes_cb(buf, len); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_credit_init_bits_cb(size_t bits) ++{ ++ int ret; ++ ++ if (! credit_init_bits_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = credit_init_bits_cb(bits); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_crng_reseed_cb(void) ++{ ++ int ret; ++ ++ if (! crng_reseed_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = crng_reseed_cb(); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++#endif /* WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS */ ++ + /********************************************************************* + * + * Initialization and readiness waiting. +@@ -79,7 +333,15 @@ static enum { + CRNG_EARLY = 1, /* At least POOL_EARLY_BITS collected */ + CRNG_READY = 2 /* Fully initialized with POOL_READY_BITS collected */ + } crng_init __read_mostly = CRNG_EMPTY; ++ + #define crng_ready() (likely(crng_init >= CRNG_READY)) ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ #define crng_ready_by_cb() (atomic_read(&random_bytes_cb_refcnt) && call_crng_ready_cb()) ++ #define crng_ready_maybe_cb() (atomic_read(&random_bytes_cb_refcnt) ? (call_crng_ready_cb() || crng_ready()) : crng_ready()) ++#else ++ #define crng_ready_maybe_cb() crng_ready() ++#endif ++ + /* Various types of waiters for crng_init->CRNG_READY transition. */ + static DECLARE_WAIT_QUEUE_HEAD(crng_init_wait); + static struct fasync_struct *fasync; +@@ -105,7 +367,7 @@ MODULE_PARM_DESC(ratelimit_disable, "Dis + */ + bool rng_is_initialized(void) + { +- return crng_ready(); ++ return crng_ready_maybe_cb(); + } + EXPORT_SYMBOL(rng_is_initialized); + +@@ -124,11 +386,11 @@ static void try_to_generate_entropy(void + */ + int wait_for_random_bytes(void) + { +- while (!crng_ready()) { ++ while (!crng_ready_maybe_cb()) { + int ret; + + try_to_generate_entropy(); +- ret = wait_event_interruptible_timeout(crng_init_wait, crng_ready(), HZ); ++ ret = wait_event_interruptible_timeout(crng_init_wait, crng_ready_maybe_cb(), HZ); + if (ret) + return ret > 0 ? 0 : ret; + } +@@ -182,7 +444,7 @@ static void __cold process_random_ready_ + } + + #define warn_unseeded_randomness() \ +- if (IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM) && !crng_ready()) \ ++ if (IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM) && !crng_ready_maybe_cb()) \ + printk_deferred(KERN_NOTICE "random: %s called from %pS with crng_init=%d\n", \ + __func__, (void *)_RET_IP_, crng_init) + +@@ -401,6 +663,14 @@ static void _get_random_bytes(void *buf, + if (!len) + return; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ /* If call__get_random_bytes_cb() doesn't succeed, flow falls through to ++ * the native implementation. _get_random_bytes() must succeed. ++ */ ++ if (call__get_random_bytes_cb(buf, len) == 0) ++ return; ++#endif ++ + first_block_len = min_t(size_t, 32, len); + crng_make_state(chacha_state, buf, first_block_len); + len -= first_block_len; +@@ -450,6 +720,18 @@ static ssize_t get_random_bytes_user(str + if (unlikely(!iov_iter_count(iter))) + return 0; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ { ++ ssize_t cb_ret = call_get_random_bytes_user_cb(iter); ++ /* If the callback returns -ECANCELED, that signals that iter is ++ * still intact, and flow can safely fall through to the native ++ * implementation. ++ */ ++ if (cb_ret != -ECANCELED) ++ return cb_ret; ++ } ++#endif ++ + /* + * Immediately overwrite the ChaCha key at index 4 with random + * bytes, in case userspace causes copy_to_iter() below to sleep +@@ -526,7 +808,7 @@ type get_random_ ##type(void) \ + \ + warn_unseeded_randomness(); \ + \ +- if (!crng_ready()) { \ ++ if (!crng_ready_maybe_cb()) { \ + _get_random_bytes(&ret, sizeof(ret)); \ + return ret; \ + } \ +@@ -650,6 +932,11 @@ static void mix_pool_bytes(const void *b + { + unsigned long flags; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ (void)call_mix_pool_bytes_cb(buf, len); ++ /* fall through to mix into native pool too. */ ++#endif ++ + spin_lock_irqsave(&input_pool.lock, flags); + _mix_pool_bytes(buf, len); + spin_unlock_irqrestore(&input_pool.lock, flags); +@@ -701,7 +988,11 @@ static void extract_entropy(void *buf, s + memzero_explicit(&block, sizeof(block)); + } + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++#define credit_init_bits(bits) do { (void)call_credit_init_bits_cb(bits); if (!crng_ready()) _credit_init_bits(bits); } while (0) ++#else + #define credit_init_bits(bits) if (!crng_ready()) _credit_init_bits(bits) ++#endif + + static void __cold _credit_init_bits(size_t bits) + { +@@ -1228,7 +1519,7 @@ SYSCALL_DEFINE3(getrandom, char __user * + if ((flags & (GRND_INSECURE | GRND_RANDOM)) == (GRND_INSECURE | GRND_RANDOM)) + return -EINVAL; + +- if (!crng_ready() && !(flags & GRND_INSECURE)) { ++ if (!crng_ready_maybe_cb() && !(flags & GRND_INSECURE)) { + if (flags & GRND_NONBLOCK) + return -EAGAIN; + ret = wait_for_random_bytes(); +@@ -1244,6 +1535,10 @@ SYSCALL_DEFINE3(getrandom, char __user * + + static __poll_t random_poll(struct file *file, poll_table *wait) + { ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ if (crng_ready_by_cb()) ++ return EPOLLIN | EPOLLRDNORM; ++#endif + poll_wait(file, &crng_init_wait, wait); + return crng_ready() ? EPOLLIN | EPOLLRDNORM : EPOLLOUT | EPOLLWRNORM; + } +@@ -1285,7 +1580,7 @@ static ssize_t urandom_read_iter(struct + { + static int maxwarn = 10; + +- if (!crng_ready()) { ++ if (!crng_ready_maybe_cb()) { + if (!ratelimit_disable && maxwarn <= 0) + ++urandom_warning.missed; + else if (ratelimit_disable || __ratelimit(&urandom_warning)) { +@@ -1368,6 +1663,14 @@ static long random_ioctl(struct file *f, + case RNDRESEEDCRNG: + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ /* fall through to reseed native crng too. */ ++ if (call_crng_reseed_cb() == 0) { ++ if (crng_ready()) ++ crng_reseed(); ++ return 0; ++ } ++#endif + if (!crng_ready()) + return -ENODATA; + crng_reseed(); +--- 5.17-ubuntu-jammy-tegra/include/linux/random.h.dist 2025-12-10 10:11:26.642681781 -0600 ++++ 5.17-ubuntu-jammy-tegra/include/linux/random.h 2025-12-10 10:14:44.417609545 -0600 +@@ -138,4 +138,37 @@ int random_online_cpu(unsigned int cpu); + extern const struct file_operations random_fops, urandom_fops; + #endif + ++#ifndef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ #define WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS 1 ++#endif ++ ++typedef int (*_get_random_bytes_cb_t)(void *buf, size_t len); ++struct iov_iter; ++/* kernels >= 5.17.0 use get_random_bytes_user() */ ++typedef ssize_t (*get_random_bytes_user_cb_t)(struct iov_iter *iter); ++/* kernels < 5.17.0 use extract_crng_user(), though some LTS kernels, ++ * e.g. 5.10.236, have the 5.17+ architecture backported. ++ */ ++typedef ssize_t (*extract_crng_user_cb_t)(void __user *buf, size_t nbytes); ++typedef bool (*crng_ready_cb_t)(void); ++typedef int (*mix_pool_bytes_cb_t)(const void *buf, size_t len); ++typedef int (*credit_init_bits_cb_t)(size_t bits); ++typedef int (*crng_reseed_cb_t)(void); ++ ++struct wolfssl_linuxkm_random_bytes_handlers { ++ _get_random_bytes_cb_t _get_random_bytes; ++ get_random_bytes_user_cb_t get_random_bytes_user; ++ extract_crng_user_cb_t extract_crng_user; ++ crng_ready_cb_t crng_ready; ++ mix_pool_bytes_cb_t mix_pool_bytes; ++ credit_init_bits_cb_t credit_init_bits; ++ crng_reseed_cb_t crng_reseed; ++}; ++ ++int wolfssl_linuxkm_register_random_bytes_handlers( ++ struct module *new_random_bytes_cb_owner, ++ const struct wolfssl_linuxkm_random_bytes_handlers *handlers); ++ ++int wolfssl_linuxkm_unregister_random_bytes_handlers(void); ++ + #endif /* _LINUX_RANDOM_H */ diff --git a/src/internal.c b/src/internal.c index 2a7ae4a6f..3c9e39da2 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2085,7 +2085,8 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz, #endif } - /* check is at least the minimum size needed, TLS cipher states add more */ + /* check if sz is sufficient for the worst-case scenario computed above, + * TLS cipher states add more */ if (ret == 0 && (totalLen > *sz || buf == NULL)) { WOLFSSL_MSG("export buffer was too small or null"); *sz = totalLen; diff --git a/src/ssl_load.c b/src/ssl_load.c index dc652748c..5b995f013 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -1607,6 +1607,9 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, #ifndef NO_RSA word32 idx; #endif + if (ctx == NULL && ssl == NULL) { + return BAD_FUNC_ARG; + } /* Get key size and check unless not verifying. */ switch (cert->keyOID) { diff --git a/src/x509.c b/src/x509.c index ea9f9b743..8fc94f5f1 100644 --- a/src/x509.c +++ b/src/x509.c @@ -11630,15 +11630,20 @@ int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name, unsigned char** out) } nameStr = (const char*)wolfSSL_ASN1_STRING_data(cano_data); - ret = wc_EncodeNameCanonical(&names[i], nameStr, CTC_UTF8, - (byte)ConvertNIDToWolfSSL(entry->nid)); - if (ret < 0) { - WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_ASN1_STRING_free(cano_data); - WOLFSSL_MSG("EncodeName failed"); - return WOLFSSL_FATAL_ERROR; + /* allow for blank values in the name structure, eg OU= */ + if (nameStr) + { + ret = wc_EncodeNameCanonical(&names[i], nameStr, CTC_UTF8, + (byte)ConvertNIDToWolfSSL(entry->nid)); + if (ret < 0) { + WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_ASN1_STRING_free(cano_data); + WOLFSSL_MSG("EncodeName failed"); + return WOLFSSL_FATAL_ERROR; + } + totalBytes += ret; } - totalBytes += ret; + wolfSSL_ASN1_STRING_free(cano_data); } } @@ -14190,6 +14195,13 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, chklen--; } +#ifdef WOLFSSL_IP_ALT_NAME + ret = CheckIPAddr(dCert, (char *)chk); + if (ret == 0) { + goto out; + } +#endif /* WOLFSSL_IP_ALT_NAME */ + ret = CheckHostName(dCert, (char *)chk, chklen, flags, 0); out: diff --git a/tests/api.c b/tests/api.c index d56ddc2a1..9084e6662 100644 --- a/tests/api.c +++ b/tests/api.c @@ -228,6 +228,18 @@ #include #include #include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ @@ -3434,31 +3446,6 @@ static int test_wolfSSL_CertManagerSetVerify(void) return EXPECT_RESULT(); } -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ - defined(DEBUG_UNIT_TEST_CERTS) -/* Used when debugging name constraint tests. Not static to allow use in - * multiple locations with complex define guards. */ -void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName) -{ - BIO* out = BIO_new_file(fileName, "wb"); - if (out != NULL) { - PEM_write_bio_X509(out, x509); - BIO_free(out); - } -} -void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName) -{ - BIO* out = BIO_new_file(fileName, "wb"); - if (out != NULL) { - BIO_write(out, der, derSz); - BIO_free(out); - } -} -#else -#define DEBUG_WRITE_CERT_X509(x509, fileName) WC_DO_NOTHING -#define DEBUG_WRITE_DER(der, derSz, fileName) WC_DO_NOTHING -#endif - static int test_wolfSSL_CertManagerNameConstraint(void) { @@ -13050,66 +13037,6 @@ static int test_tls_bad_legacy_version(void) /*----------------------------------------------------------------------------* | X509 Tests *----------------------------------------------------------------------------*/ -static int test_wolfSSL_X509_NAME_get_entry(void) -{ - EXPECT_DECLS; -#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) -#if defined(OPENSSL_ALL) || \ - (defined(OPENSSL_EXTRA) && \ - (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS))) - /* use openssl like name to test mapping */ - X509_NAME_ENTRY* ne = NULL; - X509_NAME* name = NULL; - X509* x509 = NULL; - ASN1_STRING* asn = NULL; - char* subCN = NULL; - int idx = 0; - ASN1_OBJECT *object = NULL; -#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_NGINX) -#ifndef NO_BIO - BIO* bio = NULL; -#endif -#endif - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = X509_get_subject_name(x509)); - ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); - ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); - ExpectNull(X509_NAME_ENTRY_get_data(NULL)); - ExpectNotNull(asn = X509_NAME_ENTRY_get_data(ne)); - ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn)); - wolfSSL_FreeX509(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = X509_get_subject_name(x509)); - ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); - -#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_NGINX) -#ifndef NO_BIO - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(bio, name, 4, - (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_print_ex_fp(XBADFILE, name, 4, - (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_print_ex_fp(stderr, name, 4, - (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); - BIO_free(bio); -#endif -#endif - - ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); - ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); - wolfSSL_FreeX509(x509); -#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */ -#endif /* !NO_CERTS && !NO_RSA && !NO_FILESYSTEM */ - - return EXPECT_RESULT(); -} /* Testing functions dealing with PKCS12 parsing out X509 certs */ static int test_wolfSSL_PKCS12(void) @@ -13987,601 +13914,6 @@ static int test_wolfSSL_URI(void) } -static int test_wolfSSL_TBS(void) -{ - EXPECT_DECLS; -#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ - && defined(OPENSSL_EXTRA) - WOLFSSL_X509* x509 = NULL; - const unsigned char* tbs; - int tbsSz; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile, - WOLFSSL_FILETYPE_PEM)); - - ExpectNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz)); - ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, NULL)); - ExpectNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); - ExpectIntEQ(tbsSz, 1003); - - wolfSSL_FreeX509(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_verify(void) -{ - EXPECT_DECLS; -#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ - defined(OPENSSL_EXTRA) - WOLFSSL_X509* ca = NULL; - WOLFSSL_X509* serv = NULL; - WOLFSSL_EVP_PKEY* pkey = NULL; - unsigned char buf[2048]; - const unsigned char* pt = NULL; - int bufSz = 0; - - ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, - WOLFSSL_FILETYPE_PEM)); - - ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, NULL), - WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(bufSz, 294); - - bufSz--; - ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), - WOLFSSL_SUCCESS); - bufSz = 2048; - ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk); - - - ExpectNotNull(serv = wolfSSL_X509_load_certificate_file(svrCertFile, - WOLFSSL_FILETYPE_PEM)); - - /* success case */ - pt = buf; - ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); - - ExpectIntEQ(i2d_PUBKEY(pkey, NULL), bufSz); - - ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS); - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - - /* fail case */ - bufSz = 2048; - ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz), - WOLFSSL_SUCCESS); - pt = buf; - ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); - ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - -#ifndef NO_WOLFSSL_STUB - ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(NULL)); - ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(serv)); -#endif - - wolfSSL_EVP_PKEY_free(pkey); - - wolfSSL_FreeX509(ca); - wolfSSL_FreeX509(serv); -#endif - return EXPECT_RESULT(); -} - -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) -/* Given acert file and its pubkey file, read them and then - * attempt to verify signed acert. - * - * If expect_pass is true, then verification should pass. - * If expect_pass is false, then verification should fail. - * */ -static int do_acert_verify_test(const char * acert_file, - const char * pkey_file, - size_t expect_pass) -{ - X509_ACERT * x509 = NULL; - EVP_PKEY * pkey = NULL; - BIO * bp = NULL; - int verify_rc = 0; - - /* First read the attribute certificate. */ - bp = BIO_new_file(acert_file, "r"); - if (bp == NULL) { - return -1; - } - - x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL); - BIO_free(bp); - bp = NULL; - - if (x509 == NULL) { - return -1; - } - - /* Next read the associated pub key. */ - bp = BIO_new_file(pkey_file, "r"); - - if (bp == NULL) { - X509_ACERT_free(x509); - x509 = NULL; - return -1; - } - - pkey = PEM_read_bio_PUBKEY(bp, &pkey, NULL, NULL); - BIO_free(bp); - bp = NULL; - - if (pkey == NULL) { - X509_ACERT_free(x509); - x509 = NULL; - return -1; - } - - /* Finally, do verification. */ - verify_rc = X509_ACERT_verify(x509, pkey); - - X509_ACERT_free(x509); - x509 = NULL; - - EVP_PKEY_free(pkey); - pkey = NULL; - - if (expect_pass && verify_rc != 1) { - return -1; - } - - if (!expect_pass && verify_rc == 1) { - return -1; - } - - return 0; -} -#endif - -static int test_wolfSSL_X509_ACERT_verify(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) - /* Walk over list of signed ACERTs and their pubkeys. - * All should load and pass verification. */ - const char * acerts[4] = {"certs/acert/acert.pem", - "certs/acert/acert_ietf.pem", - "certs/acert/rsa_pss/acert.pem", - "certs/acert/rsa_pss/acert_ietf.pem"}; - const char * pkeys[4] = {"certs/acert/acert_pubkey.pem", - "certs/acert/acert_ietf_pubkey.pem", - "certs/acert/rsa_pss/acert_pubkey.pem", - "certs/acert/rsa_pss/acert_ietf_pubkey.pem"}; - int rc = 0; - size_t i = 0; - size_t j = 0; - - for (i = 0; i < 4; ++i) { - for (j = i; j < 4; ++j) { - rc = do_acert_verify_test(acerts[i], pkeys[j], i == j); - - if (rc) { - fprintf(stderr, "error: %s: i = %zu, j = %zu, rc = %d\n", - "do_acert_verify_test", i, j, rc); - break; - } - } - - if (rc) { break; } - } - - ExpectIntEQ(rc, 0); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_ACERT_misc_api(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) - const char * acerts[4] = {"certs/acert/acert.pem", - "certs/acert/acert_ietf.pem", - "certs/acert/rsa_pss/acert.pem", - "certs/acert/rsa_pss/acert_ietf.pem"}; - int rc = 0; - X509_ACERT * x509 = NULL; - BIO * bp = NULL; - long ver_long = 0; - int ver = 0; - int nid = 0; - const byte * raw_attr = NULL; - word32 attr_len = 0; - size_t i = 0; - int buf_len = 0; - byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, - 0xa2, 0xaa, 0xb5, 0x40, 0x21, - 0x44, 0xb8, 0x2c, 0x4f, 0xd9, - 0x80, 0x1b, 0x5f, 0x57, 0xc2}; - - for (i = 0; i < 4; ++i) { - const char * acert_file = acerts[i]; - int is_rsa_pss = 0; - int is_ietf_acert = 0; - byte serial[64]; - int serial_len = sizeof(serial); - - XMEMSET(serial, 0, sizeof(serial)); - - is_rsa_pss = XSTRSTR(acert_file, "rsa_pss") != NULL ? 1 : 0; - is_ietf_acert = XSTRSTR(acert_file, "ietf.pem") != NULL ? 1 : 0; - - /* First read the attribute certificate. */ - bp = BIO_new_file(acert_file, "r"); - ExpectNotNull(bp); - - x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL); - ExpectNotNull(x509); - - /* We're done with the bio for now. */ - if (bp != NULL) { - BIO_free(bp); - bp = NULL; - } - - /* Check version and signature NID. */ - ver_long = X509_ACERT_get_version(x509); - ExpectIntEQ(ver_long, 1); - - ver = wolfSSL_X509_ACERT_version(x509); - ExpectIntEQ(ver, 2); - - nid = X509_ACERT_get_signature_nid(x509); - - if (is_rsa_pss) { - ExpectIntEQ(nid, NID_rsassaPss); - } - else { - ExpectIntEQ(nid, NID_sha256WithRSAEncryption); - } - - /* Get the serial number buffer. - * The ietf acert example has a 20 byte serial number. */ - rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); - ExpectIntEQ(rc, SSL_SUCCESS); - - if (is_ietf_acert) { - ExpectIntEQ(serial_len, 20); - ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); - } - else { - ExpectIntEQ(serial_len, 1); - ExpectTrue(serial[0] == 0x01); - } - - /* Repeat the same but with null serial buffer. This is ok. */ - rc = wolfSSL_X509_ACERT_get_serial_number(x509, NULL, &serial_len); - ExpectIntEQ(rc, SSL_SUCCESS); - - if (is_ietf_acert) { - ExpectIntEQ(serial_len, 20); - } - else { - ExpectIntEQ(serial_len, 1); - ExpectTrue(serial[0] == 0x01); - } - - /* Get the attributes buffer. */ - rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); - ExpectIntEQ(rc, SSL_SUCCESS); - - if (is_ietf_acert) { - /* This cert has a 65 byte attributes field. */ - ExpectNotNull(raw_attr); - ExpectIntEQ(attr_len, 65); - } - else { - /* This cert has a 237 byte attributes field. */ - ExpectNotNull(raw_attr); - ExpectIntEQ(attr_len, 237); - } - - /* Test printing acert to memory bio. */ - ExpectNotNull(bp = BIO_new(BIO_s_mem())); - rc = X509_ACERT_print(bp, x509); - ExpectIntEQ(rc, SSL_SUCCESS); - - /* Now do a bunch of invalid stuff with partially valid inputs. */ - rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, NULL); - ExpectIntEQ(rc, BAD_FUNC_ARG); - - rc = wolfSSL_X509_ACERT_get_attr_buf(x509, NULL, &attr_len); - ExpectIntEQ(rc, BAD_FUNC_ARG); - - rc = wolfSSL_X509_ACERT_get_attr_buf(NULL, &raw_attr, &attr_len); - ExpectIntEQ(rc, BAD_FUNC_ARG); - - ver_long = X509_ACERT_get_version(NULL); - ExpectIntEQ(ver_long, 0); - - ver = wolfSSL_X509_ACERT_version(NULL); - ExpectIntEQ(ver, 0); - - rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, NULL); - ExpectIntEQ(rc, WOLFSSL_FATAL_ERROR); - - rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, &buf_len); - ExpectIntEQ(rc, SSL_SUCCESS); - ExpectIntEQ(buf_len, 256); - - rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, NULL); - ExpectIntEQ(rc, BAD_FUNC_ARG); - - rc = X509_ACERT_print(bp, NULL); - ExpectIntEQ(rc, WOLFSSL_FAILURE); - - rc = X509_ACERT_print(NULL, x509); - ExpectIntEQ(rc, WOLFSSL_FAILURE); - - /* Finally free the acert and bio, we're done with them. */ - if (x509 != NULL) { - X509_ACERT_free(x509); - x509 = NULL; - } - - if (bp != NULL) { - BIO_free(bp); - bp = NULL; - } - } -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_ACERT_buffer(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ - !defined(NO_RSA) && defined(WC_RSA_PSS) && \ - (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) - const byte acert_ietf[] = \ - "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" - "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" - "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" - "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" - "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" - "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" - "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" - "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" - "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" - "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" - "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" - "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" - "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" - "Bw==\n" - "-----END ATTRIBUTE CERTIFICATE-----\n"; - X509_ACERT * x509 = NULL; - int rc = 0; - byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, - 0xa2, 0xaa, 0xb5, 0x40, 0x21, - 0x44, 0xb8, 0x2c, 0x4f, 0xd9, - 0x80, 0x1b, 0x5f, 0x57, 0xc2}; - byte serial[64]; - int serial_len = sizeof(serial); - const byte * raw_attr = NULL; - word32 attr_len = 0; - - x509 = wolfSSL_X509_ACERT_load_certificate_buffer_ex(acert_ietf, - sizeof(acert_ietf), - WOLFSSL_FILETYPE_PEM, - HEAP_HINT); - - rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); - ExpectIntEQ(rc, SSL_SUCCESS); - - ExpectIntEQ(serial_len, 20); - ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); - - /* Get the attributes buffer. */ - rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); - ExpectIntEQ(rc, SSL_SUCCESS); - - /* This cert has a 65 byte attributes field. */ - ExpectNotNull(raw_attr); - ExpectIntEQ(attr_len, 65); - - ExpectNotNull(x509); - - if (x509 != NULL) { - wolfSSL_X509_ACERT_free(x509); - x509 = NULL; - } -#endif - return EXPECT_RESULT(); -} - -/* note: when ACERT generation and signing are implemented, - * this test will be filled out appropriately. - * */ -static int test_wolfSSL_X509_ACERT_new_and_sign(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ - !defined(NO_RSA) && defined(WC_RSA_PSS) && \ - (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) - X509_ACERT * x509 = NULL; - int rc = 0; - - x509 = X509_ACERT_new(); - ExpectNotNull(x509); - - if (x509 != NULL) { - wolfSSL_X509_ACERT_free(x509); - x509 = NULL; - } - - /* Same but with static memory hint. */ - x509 = wolfSSL_X509_ACERT_new_ex(HEAP_HINT); - ExpectNotNull(x509); - - #ifndef NO_WOLFSSL_STUB - /* ACERT sign not implemented yet. */ - if (x509 != NULL) { - rc = wolfSSL_X509_ACERT_sign(x509, NULL, NULL); - ExpectIntEQ(rc, WOLFSSL_NOT_IMPLEMENTED); - } - #else - (void) rc; - #endif /* NO_WOLFSSL_STUB */ - - if (x509 != NULL) { - wolfSSL_X509_ACERT_free(x509); - x509 = NULL; - } - -#endif - return EXPECT_RESULT(); -} - -/* Test ACERT support, but with ASN functions only. - * - * This example acert_ietf has both Holder IssuerSerial - * and Holder entityName fields. - * */ -static int test_wolfSSL_X509_ACERT_asn(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) - const byte acert_ietf[] = \ - "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" - "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" - "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" - "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" - "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" - "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" - "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" - "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" - "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" - "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" - "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" - "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" - "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" - "Bw==\n" - "-----END ATTRIBUTE CERTIFICATE-----\n"; - int rc = 0; - int n_diff = 0; - byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, - 0xa2, 0xaa, 0xb5, 0x40, 0x21, - 0x44, 0xb8, 0x2c, 0x4f, 0xd9, - 0x80, 0x1b, 0x5f, 0x57, 0xc2}; - byte holderIssuerName[] = {0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, - 0x02, 0x43, 0x41}; - byte holderEntityName[] = {0x31, 0x17, 0x30, 0x15, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, - 0x0e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x65, 0x78, - 0x61, 0x6d, 0x70, 0x6c, 0x65}; - DerBuffer * der = NULL; - WC_DECLARE_VAR(acert, DecodedAcert, 1, 0); - - rc = wc_PemToDer(acert_ietf, sizeof(acert_ietf), ACERT_TYPE, &der, - HEAP_HINT, NULL, NULL); - - ExpectIntEQ(rc, 0); - ExpectNotNull(der); - - if (der != NULL) { - ExpectNotNull(der->buffer); - } - -#ifdef WOLFSSL_SMALL_STACK - acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), HEAP_HINT, - DYNAMIC_TYPE_DCERT); - ExpectNotNull(acert); -#else - XMEMSET(acert, 0, sizeof(DecodedAcert)); -#endif - - if (der != NULL && der->buffer != NULL -#ifdef WOLFSSL_SMALL_STACK - && acert != NULL -#endif - ) { - wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT); - rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE); - ExpectIntEQ(rc, 0); - - ExpectIntEQ(acert->serialSz, 20); - ExpectIntEQ(XMEMCMP(acert->serial, ietf_serial, sizeof(ietf_serial)), - 0); - - /* This cert has a 65 byte attributes field. */ - ExpectNotNull(acert->rawAttr); - ExpectIntEQ(acert->rawAttrLen, 65); - - ExpectNotNull(acert->holderIssuerName); - ExpectNotNull(acert->holderEntityName); - - if ((acert->holderIssuerName != NULL) && - (acert->holderEntityName != NULL)) { - ExpectNotNull(acert->holderEntityName->name); - ExpectNotNull(acert->holderIssuerName->name); - } - - if ((acert->holderIssuerName != NULL) && - (acert->holderEntityName != NULL) && - (acert->holderIssuerName->name != NULL) && - (acert->holderEntityName->name != NULL)) { - ExpectIntEQ(acert->holderIssuerName->len, - sizeof(holderIssuerName)); - ExpectIntEQ(acert->holderEntityName->len, - sizeof(holderEntityName)); - - ExpectIntEQ(acert->holderIssuerName->type, ASN_DIR_TYPE); - ExpectIntEQ(acert->holderEntityName->type, ASN_DIR_TYPE); - - n_diff = XMEMCMP(acert->holderIssuerName->name, holderIssuerName, - sizeof(holderIssuerName)); - ExpectIntEQ(n_diff, 0); - - n_diff = XMEMCMP(acert->holderEntityName->name, holderEntityName, - sizeof(holderEntityName)); - ExpectIntEQ(n_diff, 0); - } - - wc_FreeDecodedAcert(acert); - } - -#ifdef WOLFSSL_SMALL_STACK - if (acert != NULL) { - XFREE(acert, HEAP_HINT, DYNAMIC_TYPE_DCERT); - acert = NULL; - } -#endif - - if (der != NULL) { - wc_FreeDer(&der); - der = NULL; - } - -#endif - return EXPECT_RESULT(); -} - #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \ defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) @@ -15242,754 +14574,6 @@ static int test_wolfSSL_lhash(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_NAME(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ - defined(OPENSSL_EXTRA)) - X509* x509 = NULL; -#ifndef OPENSSL_EXTRA - const unsigned char* c = NULL; - int bytes = 0; -#endif - unsigned char buf[4096]; - XFILE f = XBADFILE; - const X509_NAME* a = NULL; - const X509_NAME* b = NULL; - X509_NAME* d2i_name = NULL; - int sz = 0; - unsigned char* tmp = NULL; - char file[] = "./certs/ca-cert.der"; -#ifndef OPENSSL_EXTRA_X509_SMALL - byte empty[] = { /* CN=empty emailAddress= */ - 0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70, - 0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, - 0x01, 0x16, 0x00 - }; -#endif -#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) - byte digest[64]; /* max digest size */ - word32 digestSz; -#endif - -#ifndef OPENSSL_EXTRA_X509_SMALL - /* test compile of deprecated function, returns 0 */ - ExpectIntEQ(CRYPTO_thread_id(), 0); -#endif - - ExpectNotNull(a = X509_NAME_new()); - ExpectNotNull(b = X509_NAME_new()); -#ifndef OPENSSL_EXTRA_X509_SMALL - ExpectIntEQ(X509_NAME_cmp(a, b), 0); -#endif - X509_NAME_free((X509_NAME*)b); - X509_NAME_free((X509_NAME*)a); - a = NULL; - - ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); -#ifndef OPENSSL_EXTRA - ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); - if (f != XBADFILE) - XFCLOSE(f); - - c = buf; - ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT)); -#else - ExpectNull(wolfSSL_X509_d2i_fp(NULL, XBADFILE)); - ExpectNotNull(wolfSSL_X509_d2i_fp(&x509, f)); - if (f != XBADFILE) - XFCLOSE(f); -#endif - - /* test cmp function */ - ExpectNull(X509_get_issuer_name(NULL)); - ExpectNotNull(a = X509_get_issuer_name(x509)); - ExpectNull(X509_get_subject_name(NULL)); - ExpectNotNull(b = X509_get_subject_name(x509)); -#ifdef KEEP_PEER_CERT - ExpectNull(wolfSSL_X509_get_subjectCN(NULL)); - ExpectNotNull(wolfSSL_X509_get_subjectCN(x509)); -#endif - -#if defined(OPENSSL_EXTRA) - ExpectIntEQ(X509_check_issued(NULL, NULL), - WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); - ExpectIntEQ(X509_check_issued(x509, NULL), - WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); - ExpectIntEQ(X509_check_issued(NULL, x509), - WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); - ExpectIntEQ(X509_check_issued(x509, x509), WOLFSSL_X509_V_OK); - - ExpectIntEQ(X509_NAME_cmp(NULL, NULL), -2); - ExpectIntEQ(X509_NAME_cmp(NULL, b), -2); - ExpectIntEQ(X509_NAME_cmp(a, NULL), -2); - ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */ - -#if !defined(NO_PWDBASED) - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), 0); - ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, NULL, NULL), 0); -#ifndef NO_SHA256 - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), NULL, - NULL), 0); -#endif - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, digest, NULL), 0); - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, &digestSz), 0); - ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, digest, - &digestSz), 0); -#ifndef NO_SHA256 - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), digest, - &digestSz), 0); - ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), NULL, - &digestSz), 0); - ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest, - NULL), 1); - ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest, - &digestSz), 1); - ExpectTrue(digestSz == 32); -#endif -#else - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), - NOT_COMPILED_IN); -#endif -#endif /* OPENSSL_EXTRA */ - - tmp = buf; - ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0); - if (sz > 0 && tmp == buf) { - fprintf(stderr, "\nERROR - %s line %d failed with:", __FILE__, - __LINE__); - fprintf(stderr, " Expected pointer to be incremented\n"); - abort(); - } - -#ifndef OPENSSL_EXTRA_X509_SMALL - tmp = buf; - ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); -#endif - - /* if output parameter is NULL, should still return required size. */ - ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, NULL)), 0); - /* retry but with the function creating a buffer */ - tmp = NULL; - ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); - XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); - tmp = NULL; - -#ifdef WOLFSSL_CERT_NAME_ALL - /* test for givenName and name */ - { - WOLFSSL_X509_NAME_ENTRY* entry = NULL; - WOLFSSL_X509_NAME_ENTRY empty; - const byte gName[] = "test-given-name"; - const byte name[] = "test-name"; - - XMEMSET(&empty, 0, sizeof(empty)); - - ExpectNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, - NID_givenName, ASN_UTF8STRING, NULL, sizeof(gName))); - ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, - NID_givenName, ASN_UTF8STRING, gName, sizeof(gName))); - ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry, - NID_givenName, ASN_UTF8STRING, gName, sizeof(gName))); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL , NULL , -1, 0), - 0); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, NULL , -1, 0), - 0); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL , entry , -1, 0), - 0); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, &empty, -1, 0), - 0); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , 99, 0), - 0); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , -1, 0), - 1); - wolfSSL_X509_NAME_ENTRY_free(entry); - entry = NULL; - - ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry, - NID_name, ASN_UTF8STRING, name, sizeof(name))); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0), - 1); - wolfSSL_X509_NAME_ENTRY_free(entry); - - tmp = NULL; - ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); - XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); - } -#endif - - b = NULL; - ExpectNull(X509_NAME_dup(NULL)); - ExpectNotNull(b = X509_NAME_dup((X509_NAME*)a)); -#ifndef OPENSSL_EXTRA_X509_SMALL - ExpectIntEQ(X509_NAME_cmp(a, b), 0); -#endif - ExpectIntEQ(X509_NAME_entry_count(NULL), 0); - ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7); - X509_NAME_free((X509_NAME*)b); - ExpectNotNull(b = wolfSSL_X509_NAME_new()); - ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 0); - ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, NULL), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, NULL), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, (X509_NAME*)b), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, (X509_NAME*)b), 1); - ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7); - X509_NAME_free((X509_NAME*)b); - X509_NAME_free(d2i_name); - d2i_name = NULL; - X509_free(x509); - -#ifndef OPENSSL_EXTRA_X509_SMALL - /* test with an empty domain component */ - tmp = empty; - sz = sizeof(empty); - ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); - ExpectIntEQ(X509_NAME_entry_count(d2i_name), 2); - - /* size of empty emailAddress will be 0 */ - tmp = buf; - ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress, - (char*)tmp, sizeof(buf)), 0); - - /* should contain no organization name */ - tmp = buf; - ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName, - (char*)tmp, sizeof(buf)), -1); - X509_NAME_free(d2i_name); -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_NAME_hash(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO) - BIO* bio = NULL; - X509* x509 = NULL; - X509_NAME* name = NULL; - - ExpectIntEQ(X509_NAME_hash(NULL), 0); - ExpectNotNull(name = wolfSSL_X509_NAME_new_ex(NULL)); - ExpectIntEQ(X509_NAME_hash(name), 0); - X509_NAME_free(name); - - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); - ExpectIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0x137DC03F); - ExpectIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0xFDB2DA4); - X509_free(x509); - BIO_free(bio); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_NAME_print_ex(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ - (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) && \ - !defined(NO_BIO) && !defined(NO_RSA) - int memSz = 0; - byte* mem = NULL; - BIO* bio = NULL; - BIO* membio = NULL; - X509* x509 = NULL; - X509_NAME* name = NULL; - X509_NAME* empty = NULL; - - const char* expNormal = "C=US, CN=wolfssl.com"; - const char* expEqSpace = "C = US, CN = wolfssl.com"; - const char* expReverse = "CN=wolfssl.com, C=US"; - - const char* expNotEscaped = "C= US,+\"\\ , CN=#wolfssl.com<>;"; - const char* expNotEscapedRev = "CN=#wolfssl.com<>;, C= US,+\"\\ "; - const char* expRFC5523 = - "CN=\\#wolfssl.com\\<\\>\\;, C=\\ US\\,\\+\\\"\\\\\\ "; - - /* Test with real cert (svrCertFile) first */ - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); - ExpectNotNull(name = X509_get_subject_name(x509)); - - /* Test without flags */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectNotNull(empty = wolfSSL_X509_NAME_new()); - ExpectIntEQ(X509_NAME_print_ex(NULL, NULL, 0, 0), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_print_ex(membio, NULL, 0, 0), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_print_ex(NULL, name, 0, 0), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_print_ex(membio, empty, 0, 0), WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); - wolfSSL_X509_NAME_free(empty); - BIO_free(membio); - membio = NULL; - - /* Test flag: XN_FLAG_RFC2253 */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_RFC2253), WOLFSSL_SUCCESS); - BIO_free(membio); - membio = NULL; - - /* Test flag: XN_FLAG_RFC2253 | XN_FLAG_DN_REV */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_RFC2253 | XN_FLAG_DN_REV), WOLFSSL_SUCCESS); - BIO_free(membio); - membio = NULL; - - X509_free(x509); - BIO_free(bio); - name = NULL; - - /* Test with empty issuer cert empty-issuer-cert.pem. - * See notes in certs/test/gen-testcerts.sh for how it was generated. */ - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, noIssuerCertFile), 0); - ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); - ExpectNotNull(name = X509_get_subject_name(x509)); - - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); - /* Should be empty string "" */ - ExpectIntEQ((memSz = BIO_get_mem_data(membio, &mem)), 0); - - BIO_free(membio); - membio = NULL; - X509_free(x509); - BIO_free(bio); - name = NULL; - - /* Test normal case without escaped characters */ - { - /* Create name: "/C=US/CN=wolfssl.com" */ - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", - MBSTRING_UTF8, (byte*)"US", 2, -1, 0), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", - MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), - WOLFSSL_SUCCESS); - - /* Test without flags */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expNormal)); - ExpectIntEQ(XSTRNCMP((char*)mem, expNormal, XSTRLEN(expNormal)), 0); - BIO_free(membio); - membio = NULL; - - /* Test with XN_FLAG_ONELINE which should enable XN_FLAG_SPC_EQ for - spaces around '=' */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_ONELINE), - WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expEqSpace)); - ExpectIntEQ(XSTRNCMP((char*)mem, expEqSpace, XSTRLEN(expEqSpace)), 0); - BIO_free(membio); - membio = NULL; - - /* Test flags: XN_FLAG_RFC2253 - should be reversed */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_RFC2253), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expReverse)); - BIO_free(membio); - membio = NULL; - - /* Test flags: XN_FLAG_DN_REV - reversed */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_DN_REV), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expReverse)); - ExpectIntEQ(XSTRNCMP((char*)mem, expReverse, XSTRLEN(expReverse)), 0); - BIO_free(membio); - membio = NULL; - - X509_NAME_free(name); - name = NULL; - } - - /* Test RFC2253 characters are escaped with backslashes */ - { - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", - /* space at beginning and end, and: ,+"\ */ - MBSTRING_UTF8, (byte*)" US,+\"\\ ", 8, -1, 0), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", - /* # at beginning, and: <>;*/ - MBSTRING_UTF8, (byte*)"#wolfssl.com<>;", 15, -1, 0), - WOLFSSL_SUCCESS); - - /* Test without flags */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expNotEscaped)); - ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscaped, - XSTRLEN(expNotEscaped)), 0); - BIO_free(membio); - membio = NULL; - - /* Test flags: XN_FLAG_RFC5523 - should be reversed and escaped */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_RFC2253), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expRFC5523)); - ExpectIntEQ(XSTRNCMP((char*)mem, expRFC5523, XSTRLEN(expRFC5523)), 0); - BIO_free(membio); - membio = NULL; - - /* Test flags: XN_FLAG_DN_REV - reversed but not escaped */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_DN_REV), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expNotEscapedRev)); - ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscapedRev, - XSTRLEN(expNotEscapedRev)), 0); - BIO_free(membio); - - X509_NAME_free(name); - } -#endif - return EXPECT_RESULT(); -} - -#ifndef NO_BIO -static int test_wolfSSL_X509_INFO_multiple_info(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - STACK_OF(X509_INFO) *info_stack = NULL; - X509_INFO *info = NULL; - int len; - int i; - const char* files[] = { - cliCertFile, - cliKeyFile, - /* This needs to be the order as svrCertFile contains the - * intermediate cert as well. */ - svrKeyFile, - svrCertFile, - NULL, - }; - const char** curFile; - BIO *fileBIO = NULL; - BIO *concatBIO = NULL; - byte tmp[FOURK_BUF]; - - /* concatenate the cert and the key file to force PEM_X509_INFO_read_bio - * to group objects together. */ - ExpectNotNull(concatBIO = BIO_new(BIO_s_mem())); - for (curFile = files; EXPECT_SUCCESS() && *curFile != NULL; curFile++) { - int fileLen = 0; - ExpectNotNull(fileBIO = BIO_new_file(*curFile, "rb")); - ExpectIntGT(fileLen = wolfSSL_BIO_get_len(fileBIO), 0); - if (EXPECT_SUCCESS()) { - while ((len = BIO_read(fileBIO, tmp, sizeof(tmp))) > 0) { - ExpectIntEQ(BIO_write(concatBIO, tmp, len), len); - fileLen -= len; - if (EXPECT_FAIL()) - break; - } - /* Make sure we read the entire file */ - ExpectIntEQ(fileLen, 0); - } - BIO_free(fileBIO); - fileBIO = NULL; - } - - ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(concatBIO, NULL, NULL, - NULL)); - ExpectIntEQ(sk_X509_INFO_num(info_stack), 3); - for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { - ExpectNotNull(info = sk_X509_INFO_value(info_stack, i)); - ExpectNotNull(info->x509); - ExpectNull(info->crl); - if (i != 2) { - ExpectNotNull(info->x_pkey); - ExpectIntEQ(X509_check_private_key(info->x509, - info->x_pkey->dec_pkey), 1); - } - else { - ExpectNull(info->x_pkey); - } - } - - sk_X509_INFO_pop_free(info_stack, X509_INFO_free); - BIO_free(concatBIO); -#endif - return EXPECT_RESULT(); -} -#endif - -#ifndef NO_BIO -static int test_wolfSSL_X509_INFO(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - STACK_OF(X509_INFO) *info_stack = NULL; - X509_INFO *info = NULL; - BIO *cert = NULL; - int i; - /* PEM in hex format to avoid null terminator */ - byte data[] = { - 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, - 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d, - 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d, - 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d, - 0x2d, 0x2d, 0x2d - }; - /* PEM in hex format to avoid null terminator */ - byte data2[] = { - 0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72, - 0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d, - 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50, - 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d, - 0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71, - 0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d, - 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d - }; - - ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); - ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); - for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { - ExpectNotNull(info = sk_X509_INFO_value(info_stack, i)); - ExpectNotNull(info->x509); - ExpectNull(info->crl); - ExpectNull(info->x_pkey); - } - sk_X509_INFO_pop_free(info_stack, X509_INFO_free); - info_stack = NULL; - BIO_free(cert); - cert = NULL; - - ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); - ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); - sk_X509_INFO_pop_free(info_stack, X509_INFO_free); - info_stack = NULL; - BIO_free(cert); - cert = NULL; - - /* This case should fail due to invalid input. */ - ExpectNotNull(cert = BIO_new(BIO_s_mem())); - ExpectIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data)); - ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); - sk_X509_INFO_pop_free(info_stack, X509_INFO_free); - info_stack = NULL; - BIO_free(cert); - cert = NULL; - ExpectNotNull(cert = BIO_new(BIO_s_mem())); - ExpectIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2)); - ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); - sk_X509_INFO_pop_free(info_stack, X509_INFO_free); - BIO_free(cert); -#endif - return EXPECT_RESULT(); -} -#endif - -static int test_wolfSSL_X509_subject_name_hash(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) - X509* x509 = NULL; - X509_NAME* subjectName = NULL; - unsigned long ret1 = 0; - unsigned long ret2 = 0; - - ExpectNotNull(x509 = X509_new()); - ExpectIntEQ(X509_subject_name_hash(NULL), 0); - ExpectIntEQ(X509_subject_name_hash(x509), 0); - X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull(subjectName = wolfSSL_X509_get_subject_name(x509)); - - /* These two - * - X509_subject_name_hash(x509) - * - X509_NAME_hash(X509_get_subject_name(x509)) - * should give the same hash, if !defined(NO_SHA) is true. */ - - ret1 = X509_subject_name_hash(x509); - ExpectIntNE(ret1, 0); - -#if !defined(NO_SHA) - ret2 = X509_NAME_hash(X509_get_subject_name(x509)); - ExpectIntNE(ret2, 0); - - ExpectIntEQ(ret1, ret2); -#else - (void) ret2; -#endif - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_issuer_name_hash(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ - && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) - X509* x509 = NULL; - X509_NAME* issuertName = NULL; - unsigned long ret1 = 0; - unsigned long ret2 = 0; - - ExpectNotNull(x509 = X509_new()); - ExpectIntEQ(X509_issuer_name_hash(NULL), 0); - ExpectIntEQ(X509_issuer_name_hash(x509), 0); - X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509)); - - /* These two - * - X509_issuer_name_hash(x509) - * - X509_NAME_hash(X509_get_issuer_name(x509)) - * should give the same hash, if !defined(NO_SHA) is true. */ - - ret1 = X509_issuer_name_hash(x509); - ExpectIntNE(ret1, 0); - -#if !defined(NO_SHA) - ret2 = X509_NAME_hash(X509_get_issuer_name(x509)); - ExpectIntNE(ret2, 0); - - ExpectIntEQ(ret1, ret2); -#else - (void) ret2; -#endif - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_check_host(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ - && !defined(NO_SHA) && !defined(NO_RSA) - X509* x509 = NULL; - const char altName[] = "example.com"; - const char badAltName[] = "a.example.com"; - - ExpectIntEQ(X509_check_host(NULL, NULL, XSTRLEN(altName), 0, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - - ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL), - WOLFSSL_SUCCESS); - - ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ - ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), - WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS); - - ExpectIntEQ(X509_check_host(x509, NULL, 0, - WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), - WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), - WOLFSSL_NO_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), - WOLFSSL_NO_PARTIAL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), - WOLFSSL_MULTI_LABEL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - X509_free(x509); - - ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ - ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), - WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_check_email(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) - X509* x509 = NULL; - X509* empty = NULL; - const char goodEmail[] = "info@wolfssl.com"; - const char badEmail[] = "disinfo@wolfssl.com"; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull(empty = wolfSSL_X509_new()); - - ExpectIntEQ(wolfSSL_X509_check_email(NULL, NULL, 0, 0), 0); - ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), 0); - ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, XSTRLEN(goodEmail), - 0), 0); - ExpectIntEQ(wolfSSL_X509_check_email(empty, goodEmail, XSTRLEN(goodEmail), - 0), 0); - - /* Should fail on non-matching email address */ - ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Should succeed on matching email address */ - ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0), - WOLFSSL_SUCCESS); - /* Should compute length internally when not provided */ - ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0), - WOLFSSL_SUCCESS); - /* Should fail when email address is NULL */ - ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - X509_free(empty); - X509_free(x509); - - /* Should fail when x509 is NULL */ - ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ - return EXPECT_RESULT(); -} - static int test_wc_PemToDer(void) { EXPECT_DECLS; @@ -17045,44 +15629,6 @@ static int test_wolfSSL_certs(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_check_private_key(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY) && \ - !defined(NO_FILESYSTEM) - X509* x509 = NULL; - EVP_PKEY* pkey = NULL; - const byte* key; - - /* Check with correct key */ - ExpectNotNull((x509 = X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM))); - key = client_key_der_2048; - ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, - (long)sizeof_client_key_der_2048)); - ExpectIntEQ(X509_check_private_key(x509, pkey), 1); - EVP_PKEY_free(pkey); - pkey = NULL; - - /* Check with wrong key */ - key = server_key_der_2048; - ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, - (long)sizeof_server_key_der_2048)); - ExpectIntEQ(X509_check_private_key(x509, pkey), 0); - - /* test for incorrect parameter */ - ExpectIntEQ(X509_check_private_key(NULL, pkey), 0); - ExpectIntEQ(X509_check_private_key(x509, NULL), 0); - ExpectIntEQ(X509_check_private_key(NULL, NULL), 0); - - EVP_PKEY_free(pkey); - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - - static int test_wolfSSL_private_keys(void) { EXPECT_DECLS; @@ -17344,1181 +15890,6 @@ static int test_wolfSSL_private_keys(void) return EXPECT_RESULT(); } -static int test_wolfSSL_PEM_def_callback(void) -{ - EXPECT_DECLS; -#ifdef OPENSSL_EXTRA - char buf[10]; - const char* defpwd = "DEF PWD"; - int defpwdLen = (int)XSTRLEN(defpwd); - int smallLen = 1; - - /* Bad parameters. */ - ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, NULL), 0); - ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, (void*)defpwd), - 0); - ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, NULL), 0); - - XMEMSET(buf, 0, sizeof(buf)); - ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, (void*)defpwd), - defpwdLen); - ExpectIntEQ(XMEMCMP(buf, defpwd, defpwdLen), 0); - ExpectIntEQ(buf[defpwdLen], 0); - /* Size of buffer is smaller than default password. */ - XMEMSET(buf, 0, sizeof(buf)); - ExpectIntEQ(wolfSSL_PEM_def_callback(buf, smallLen, 0, (void*)defpwd), - smallLen); - ExpectIntEQ(XMEMCMP(buf, defpwd, smallLen), 0); - ExpectIntEQ(buf[smallLen], 0); -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_read_PrivateKey(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || \ - !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_DH)) - XFILE file = XBADFILE; -#if !defined(NO_RSA) - const char* fname_rsa = "./certs/server-key.pem"; - RSA* rsa = NULL; - WOLFSSL_EVP_PKEY_CTX* ctx = NULL; - unsigned char* sig = NULL; - size_t sigLen = 0; - const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7}; - size_t tbsLen = sizeof(tbs); -#endif -#if !defined(NO_DSA) - const char* fname_dsa = "./certs/dsa2048.pem"; -#endif -#if defined(HAVE_ECC) - const char* fname_ec = "./certs/ecc-key.pem"; -#endif -#if !defined(NO_DH) - const char* fname_dh = "./certs/dh-priv-2048.pem"; -#endif - EVP_PKEY* pkey = NULL; - - /* Check error case. */ - ExpectNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL)); - - /* not a PEM key. */ - ExpectTrue((file = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); - ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; - -#ifndef NO_RSA - /* Read in an RSA key. */ - ExpectTrue((file = XFOPEN(fname_rsa, "rb")) != XBADFILE); - ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; - - /* Make sure the key is usable by signing some data with it. */ - ExpectNotNull(rsa = EVP_PKEY_get0_RSA(pkey)); - ExpectIntGT((sigLen = RSA_size(rsa)), 0); - ExpectNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen), - WOLFSSL_SUCCESS); - - XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - pkey = NULL; -#endif - -#ifndef NO_DSA - /* Read in a DSA key. */ - ExpectTrue((file = XFOPEN(fname_dsa, "rb")) != XBADFILE); -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) - ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); - EVP_PKEY_free(pkey); - pkey = NULL; -#else - ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); -#endif - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; -#endif - -#ifdef HAVE_ECC - /* Read in an EC key. */ - ExpectTrue((file = XFOPEN(fname_ec, "rb")) != XBADFILE); - ExpectNotNull(pkey = EVP_PKEY_new()); - ExpectPtrEq(PEM_read_PrivateKey(file, &pkey, NULL, NULL), pkey); - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; - EVP_PKEY_free(pkey); - pkey = NULL; -#endif - -#ifndef NO_DH - /* Read in a DH key. */ - ExpectTrue((file = XFOPEN(fname_dh, "rb")) != XBADFILE); -#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) - ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); - EVP_PKEY_free(pkey); - pkey = NULL; -#else - ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); -#endif - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_read_PUBKEY(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \ - && !defined(NO_FILESYSTEM) - XFILE file = XBADFILE; - const char* fname = "./certs/client-keyPub.pem"; - EVP_PKEY* pkey = NULL; - - /* Check error case. */ - ExpectNull(pkey = PEM_read_PUBKEY(NULL, NULL, NULL, NULL)); - - /* Read in an RSA key. */ - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectNotNull(pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL)); - EVP_PKEY_free(pkey); - pkey = NULL; - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectNotNull(pkey = EVP_PKEY_new()); - ExpectPtrEq(PEM_read_PUBKEY(file, &pkey, NULL, NULL), pkey); - EVP_PKEY_free(pkey); - if (file != XBADFILE) - XFCLOSE(file); -#endif - return EXPECT_RESULT(); -} - -/* test loading RSA key using BIO */ -static int test_wolfSSL_PEM_PrivateKey_rsa(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(USE_CERT_BUFFERS_2048) && !defined(NO_FILESYSTEM) && \ - !defined(NO_BIO) - BIO* bio = NULL; - XFILE file = XBADFILE; - const char* fname = "./certs/server-key.pem"; - const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem"; - EVP_PKEY* pkey = NULL; - size_t sz = 0; - byte* buf = NULL; - EVP_PKEY* pkey2 = NULL; - EVP_PKEY* pkey3 = NULL; - RSA* rsa_key = NULL; -#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) - unsigned char extra[10]; - int i; - BIO* pub_bio = NULL; - const unsigned char* server_key = (const unsigned char*)server_key_der_2048; -#endif - - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf != NULL) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } - - /* Test using BIO new mem and loading PEM private key */ - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - BIO_free(bio); - bio = NULL; - - /* New empty EVP_PKEY */ - ExpectNotNull(pkey2 = EVP_PKEY_new()); - if (pkey2 != NULL) { - pkey2->type = EVP_PKEY_RSA; - } - /* Test parameter copy */ - ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0); - EVP_PKEY_free(pkey2); - EVP_PKEY_free(pkey); - pkey = NULL; - - /* Qt unit test case : rsa pkcs8 key */ - ExpectTrue((file = XFOPEN(fname_rsa_p8, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } - - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - BIO_free(bio); - bio = NULL; - ExpectNotNull(pkey3 = EVP_PKEY_new()); - - ExpectNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey)); - ExpectIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS); - -#ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); -#else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); -#endif - - RSA_free(rsa_key); - EVP_PKEY_free(pkey3); - EVP_PKEY_free(pkey); - pkey = NULL; - pkey2 = NULL; - -#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) - #define BIO_PEM_TEST_CHAR 'a' - XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra)); - - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, - (long)sizeof_server_key_der_2048)); - ExpectNull(pkey); - - ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, - (long)sizeof_server_key_der_2048)); - ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectIntGT(BIO_pending(bio), 0); - ExpectIntEQ(BIO_pending(bio), 1679); - /* Check if the pubkey API writes only the public key */ -#ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); - ExpectIntGT(BIO_pending(pub_bio), 0); - /* Previously both the private key and the pubkey calls would write - * out the private key and the PEM header was the only difference. - * The public PEM should be significantly shorter than the - * private key versison. */ - ExpectIntEQ(BIO_pending(pub_bio), 451); -#else - /* Not supported. */ - ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), 0); -#endif - - /* test creating new EVP_PKEY with good args */ - ExpectNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { - ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, - pkey->pkey_sz), 0); - } - - /* test of reuse of EVP_PKEY */ - ExpectNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - ExpectIntEQ(BIO_pending(bio), 0); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - SSL_SUCCESS); - /* add 10 extra bytes after PEM */ - ExpectIntEQ(BIO_write(bio, extra, 10), 10); - ExpectNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - ExpectNotNull(pkey); - if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { - ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, - pkey->pkey_sz), 0); - } - /* check 10 extra bytes still there */ - ExpectIntEQ(BIO_pending(bio), 10); - ExpectIntEQ(BIO_read(bio, extra, 10), 10); - for (i = 0; i < 10; i++) { - ExpectIntEQ(extra[i], BIO_PEM_TEST_CHAR); - } - - BIO_free(pub_bio); - BIO_free(bio); - bio = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; - EVP_PKEY_free(pkey2); -#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ -#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 && - * !NO_FILESYSTEM && !NO_BIO */ - return EXPECT_RESULT(); -} - -/* test loading ECC key using BIO */ -static int test_wolfSSL_PEM_PrivateKey_ecc(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_ECC) && \ - !defined(NO_FILESYSTEM) && !defined(NO_BIO) - BIO* bio = NULL; - EVP_PKEY* pkey = NULL; - XFILE file = XBADFILE; - const char* fname = "./certs/ecc-key.pem"; - const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem"; - - size_t sz = 0; - byte* buf = NULL; - EVP_PKEY* pkey2 = NULL; - EVP_PKEY* pkey3 = NULL; - EC_KEY* ec_key = NULL; - int nid = 0; - BIO* pub_bio = NULL; - - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } - - /* Test using BIO new mem and loading PEM private key */ - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectIntGT(BIO_pending(bio), 0); - /* No parameters. */ - ExpectIntEQ(BIO_pending(bio), 227); - /* Check if the pubkey API writes only the public key */ -#ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); - ExpectIntGT(BIO_pending(pub_bio), 0); - /* Previously both the private key and the pubkey calls would write - * out the private key and the PEM header was the only difference. - * The public PEM should be significantly shorter than the - * private key versison. */ - ExpectIntEQ(BIO_pending(pub_bio), 178); -#endif - BIO_free(pub_bio); - BIO_free(bio); - bio = NULL; - ExpectNotNull(pkey2 = EVP_PKEY_new()); - ExpectNotNull(pkey3 = EVP_PKEY_new()); - if (pkey2 != NULL) { - pkey2->type = EVP_PKEY_EC; - } - /* Test parameter copy */ - ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1); - - - /* Qt unit test case 1*/ - ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); - ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); - #ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); - #else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); - #endif - /* Test default digest */ - ExpectIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1); - ExpectIntEQ(nid, NID_sha256); - EC_KEY_free(ec_key); - ec_key = NULL; - EVP_PKEY_free(pkey3); - pkey3 = NULL; - EVP_PKEY_free(pkey2); - pkey2 = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; - - /* Qt unit test case ec pkcs8 key */ - ExpectTrue((file = XFOPEN(fname_ecc_p8, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } - - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - BIO_free(bio); - bio = NULL; - ExpectNotNull(pkey3 = EVP_PKEY_new()); - /* Qt unit test case */ - ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); - ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); -#ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); -#else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); -#endif - EC_KEY_free(ec_key); - EVP_PKEY_free(pkey3); - EVP_PKEY_free(pkey); - pkey = NULL; -#endif - return EXPECT_RESULT(); -} - -/* test loading DSA key using BIO */ -static int test_wolfSSL_PEM_PrivateKey_dsa(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DSA) && \ - !defined(NO_FILESYSTEM) && !defined(NO_BIO) -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - BIO* bio = NULL; - EVP_PKEY* pkey = NULL; - - ExpectNotNull(bio = BIO_new_file("./certs/dsa2048.pem", "rb")); - /* Private DSA EVP_PKEY */ - ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, - NULL)); - BIO_free(bio); - bio = NULL; - - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); -#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) -#ifdef WOLFSSL_ASN_TEMPLATE - ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 1216); -#else - ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 1212); -#endif -#endif - -#ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1); -#ifdef WOLFSSL_ASN_TEMPLATE - ExpectIntEQ(BIO_pending(bio), 2394); -#else - ExpectIntEQ(BIO_pending(bio), 2390); -#endif - BIO_reset(bio); -#endif - - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - 1); - ExpectIntEQ(BIO_pending(bio), 1196); - - BIO_free(bio); - bio = NULL; - - EVP_PKEY_free(pkey); - pkey = NULL; -#endif -#endif - return EXPECT_RESULT(); -} - -/* test loading DH key using BIO */ -static int test_wolfSSL_PEM_PrivateKey_dh(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DH) && \ - !defined(NO_FILESYSTEM) && !defined(NO_BIO) -#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) - BIO* bio = NULL; - EVP_PKEY* pkey = NULL; - int expectedBytes = 0; - - ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb")); - /* Private DH EVP_PKEY */ - ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, - NULL)); - BIO_free(bio); - bio = NULL; - - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - -#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) - expectedBytes += 806; - ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), expectedBytes); -#endif -#ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0); -#endif - - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - 1); - expectedBytes += 806; - ExpectIntEQ(BIO_pending(bio), expectedBytes); - - BIO_free(bio); - bio = NULL; - - EVP_PKEY_free(pkey); - pkey = NULL; -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_PrivateKey(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ - (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048) -#ifndef NO_BIO - BIO* bio = NULL; -#endif - EVP_PKEY* pkey = NULL; - const unsigned char* server_key = (const unsigned char*)server_key_der_2048; - -#ifndef NO_BIO - - /* test creating new EVP_PKEY with bad arg */ - ExpectNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); - - /* Test bad EVP_PKEY type. */ - /* New HMAC EVP_PKEY */ - ExpectNotNull(bio = BIO_new_mem_buf("", 1)); - ExpectNotNull(pkey = EVP_PKEY_new()); - if (pkey != NULL) { - pkey->type = EVP_PKEY_HMAC; - } - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - 0); -#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) - ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 0); -#endif -#ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif - EVP_PKEY_free(pkey); - pkey = NULL; - BIO_free(bio); - bio = NULL; - - - /* key is DES encrypted */ - #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ - !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \ - !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) - { - XFILE f = XBADFILE; - wc_pem_password_cb* passwd_cb = NULL; - void* passwd_cb_userdata; - SSL_CTX* ctx = NULL; - char passwd[] = "bad password"; - - #ifndef WOLFSSL_NO_TLS12 - #ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); - #else - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); - #endif - #else - #ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method())); - #else - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_client_method())); - #endif - #endif - - ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); - SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); - ExpectNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx)); - ExpectNull(passwd_cb_userdata = - SSL_CTX_get_default_passwd_cb_userdata(ctx)); - - /* fail case with password call back */ - ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, - (void*)passwd)); - BIO_free(bio); - ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); - ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, - (void*)passwd)); - BIO_free(bio); - - ExpectTrue((f = XFOPEN("./certs/server-keyEnc.pem", "rb")) != XBADFILE); - ExpectNotNull(bio = BIO_new_fp(f, BIO_CLOSE)); - if ((bio == NULL) && (f != XBADFILE)) { - XFCLOSE(f); - } - - /* use callback that works */ - ExpectNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, - (void*)"yassl123")); - - ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); - - EVP_PKEY_free(pkey); - pkey = NULL; - BIO_free(bio); - bio = NULL; - SSL_CTX_free(ctx); - } - #endif /* !defined(NO_DES3) */ - -#endif /* !NO_BIO */ - - #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) - { - unsigned char buf[2048]; - size_t bytes = 0; - XFILE f = XBADFILE; - SSL_CTX* ctx = NULL; - - #ifndef WOLFSSL_NO_TLS12 - #ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); - #else - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); - #endif - #else - #ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method())); - #else - ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method())); - #endif - #endif - - ExpectTrue((f = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); - ExpectIntGT(bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f), 0); - if (f != XBADFILE) - XFCLOSE(f); - - server_key = buf; - pkey = NULL; - ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long int)bytes)); - ExpectNull(pkey); - ExpectNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, (long int)bytes)); - ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); - - EVP_PKEY_free(pkey); - pkey = NULL; - SSL_CTX_free(ctx); - server_key = NULL; - } - #endif - -#ifndef NO_BIO - (void)bio; -#endif - (void)pkey; - (void)server_key; -#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_file_RSAKey(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) && !defined(NO_CERTS) - RSA* rsa = NULL; - XFILE fp = XBADFILE; - - ExpectTrue((fp = XFOPEN("./certs/rsa-pub-2048.pem", "rb")) != XBADFILE); - ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))); - if (fp != XBADFILE) - XFCLOSE(fp); - ExpectIntEQ(RSA_size(rsa), 256); - - ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS); - - ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS); - - RSA_free(rsa); -#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_file_RSAPrivateKey(void) -{ - EXPECT_DECLS; -#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(NO_FILESYSTEM) && \ - (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) - RSA* rsa = NULL; - XFILE f = NULL; - - ExpectTrue((f = XFOPEN(svrKeyFile, "rb")) != XBADFILE); - ExpectNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); - ExpectIntEQ(RSA_size(rsa), 256); - if (f != XBADFILE) { - XFCLOSE(f); - f = XBADFILE; - } - - ExpectIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL, - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); - - RSA_free(rsa); - -#ifdef HAVE_ECC - ExpectTrue((f = XFOPEN(eccKeyFile, "rb")) != XBADFILE); - ExpectNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); - if (f != XBADFILE) - XFCLOSE(f); -#endif /* HAVE_ECC */ -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_read_RSA_PUBKEY(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - XFILE file = XBADFILE; - const char* fname = "./certs/client-keyPub.pem"; - RSA *rsa = NULL; - - ExpectNull(wolfSSL_PEM_read_RSA_PUBKEY(XBADFILE, NULL, NULL, NULL)); - - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL))); - ExpectIntEQ(RSA_size(rsa), 256); - RSA_free(rsa); - if (file != XBADFILE) - XFCLOSE(file); -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -#ifndef NO_BIO -static int test_wolfSSL_PEM_bio_RSAKey(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) && !defined(NO_CERTS) - RSA* rsa = NULL; - BIO* bio = NULL; - - /* PrivateKey */ - ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); - ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL))); - ExpectNotNull(PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL)); - ExpectNotNull(rsa); - ExpectIntEQ(RSA_size(rsa), 256); - ExpectIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \ - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \ - NULL), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - RSA_free(rsa); - rsa = NULL; - - /* PUBKEY */ - ExpectNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb")); - ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL))); - ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); - ExpectIntEQ(RSA_size(rsa), 256); - ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - - RSA_free(rsa); - rsa = NULL; - - /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */ - ExpectNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb")); - ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - RSA_free(rsa); - rsa = NULL; - - #ifdef HAVE_ECC - /* ensure that non-rsa keys do not work */ - ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ - ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); - ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - RSA_free(rsa); - rsa = NULL; - #endif /* HAVE_ECC */ -#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_bio_RSAPrivateKey(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - RSA* rsa = NULL; - RSA* rsa_dup = NULL; - BIO* bio = NULL; - - ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); - ExpectNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); - ExpectIntEQ(RSA_size(rsa), 256); - -#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) - ExpectNull(rsa_dup = RSAPublicKey_dup(NULL)); - /* Test duplicating empty key. */ - ExpectNotNull(rsa_dup = RSA_new()); - ExpectNull(RSAPublicKey_dup(rsa_dup)); - RSA_free(rsa_dup); - rsa_dup = NULL; - ExpectNotNull(rsa_dup = RSAPublicKey_dup(rsa)); - ExpectPtrNE(rsa_dup, rsa); -#endif - - /* test if valgrind complains about unreleased memory */ - RSA_up_ref(rsa); - RSA_free(rsa); - - BIO_free(bio); - bio = NULL; - RSA_free(rsa); - rsa = NULL; - RSA_free(rsa_dup); - rsa_dup = NULL; - -#ifdef HAVE_ECC - ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); - ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); - - BIO_free(bio); -#endif /* HAVE_ECC */ -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_bio_DSAKey(void) -{ - EXPECT_DECLS; -#ifndef HAVE_SELFTEST -#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \ - defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA) - DSA* dsa = NULL; - BIO* bio = NULL; - - /* PrivateKey */ - ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb")); - ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL))); - ExpectNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); - ExpectIntEQ(BN_num_bytes(dsa->g), 128); - ExpectIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, - NULL), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - DSA_free(dsa); - dsa = NULL; - - /* PUBKEY */ - ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb")); - ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL))); - ExpectNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); - ExpectIntEQ(BN_num_bytes(dsa->g), 128); - ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - DSA_free(dsa); - dsa = NULL; - - #ifdef HAVE_ECC - /* ensure that non-dsa keys do not work */ - ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ - ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); - ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - DSA_free(dsa); - dsa = NULL; - #endif /* HAVE_ECC */ -#endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \ - !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \ - !defined(NO_FILESYSTEM) && !defined(NO_DSA) */ -#endif /* HAVE_SELFTEST */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_bio_ECKey(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) - EC_KEY* ec = NULL; - EC_KEY* ec2; - BIO* bio = NULL; -#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) - unsigned char* pem = NULL; - int pLen; -#endif - static char ec_key_bad_1[] = "-----BEGIN PUBLIC KEY-----\n" - "MAA=\n" - "-----END PUBLIC KEY-----"; - static char ec_priv_key_bad_1[] = "-----BEGIN EC PRIVATE KEY-----\n" - "MAA=\n" - "-----END EC PRIVATE KEY-----"; - - /* PrivateKey */ - ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); - ExpectNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL))); - ec2 = NULL; - ExpectNotNull((ec = PEM_read_bio_ECPrivateKey(bio, &ec2, NULL, NULL))); - ExpectIntEQ(ec == ec2, 1); - ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); - ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, NULL, NULL, NULL, 0, NULL, - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, ec, NULL, NULL, 0, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - /* Public key data - fail. */ - ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); - ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \ - NULL), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - - ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, NULL, NULL, NULL, 0, NULL, - NULL),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_ECPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, ec, NULL, NULL, 0, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_ECPrivateKey(stderr, ec, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, - NULL), 0); -#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, - NULL), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, - NULL), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, - &pLen), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, - &pLen), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, - &pLen), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, - NULL), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, - &pLen), 1); - ExpectIntGT(pLen, 0); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - EC_KEY_free(ec); - ec = NULL; - - /* PUBKEY */ - ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); - ExpectNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL))); - ec2 = NULL; - ExpectNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, &ec2, NULL, NULL))); - ExpectIntEQ(ec == ec2, 1); - ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); - ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - /* Test 0x30, 0x00 fails. */ - ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_key_bad_1, - sizeof(ec_key_bad_1))); - ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); - BIO_free(bio); - bio = NULL; - - /* Private key data - fail. */ - ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); - ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - - /* Same test as above, but with a file pointer rather than a BIO. */ - ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS); - - EC_KEY_free(ec); - ec = NULL; - - #ifndef NO_RSA - /* ensure that non-ec keys do not work */ - ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */ - ExpectNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL))); - ExpectNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - EC_KEY_free(ec); - ec = NULL; - #endif /* !NO_RSA */ - /* Test 0x30, 0x00 fails. */ - ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_priv_key_bad_1, - sizeof(ec_priv_key_bad_1))); - ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); - BIO_free(bio); - bio = NULL; -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_PUBKEY(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) - BIO* bio = NULL; - EVP_PKEY* pkey = NULL; - - /* test creating new EVP_PKEY with bad arg */ - ExpectNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL))); - - /* test loading ECC key using BIO */ -#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) - { - XFILE file = XBADFILE; - const char* fname = "./certs/ecc-client-keyPub.pem"; - size_t sz = 0; - byte* buf = NULL; - - EVP_PKEY* pkey2 = NULL; - EC_KEY* ec_key = NULL; - - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectIntEQ(XFSEEK(file, 0, XSEEK_END), 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectIntEQ(XFSEEK(file, 0, XSEEK_SET), 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf != NULL) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - } - - /* Test using BIO new mem and loading PEM private key */ - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull(pkey = EVP_PKEY_new()); - ExpectPtrEq(PEM_read_bio_PUBKEY(bio, &pkey, NULL, NULL), pkey); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - BIO_free(bio); - bio = NULL; - - /* Qt unit test case*/ - ExpectNotNull(pkey2 = EVP_PKEY_new()); - ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); - ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS); - #ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */); - #else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0); - #endif - - EC_KEY_free(ec_key); - EVP_PKEY_free(pkey2); - EVP_PKEY_free(pkey); - pkey = NULL; - } -#endif - - (void)bio; - (void)pkey; -#endif - return EXPECT_RESULT(); -} - -#endif /* !NO_BIO */ - static int test_wolfSSL_tmp_dh(void) { EXPECT_DECLS; @@ -19722,369 +17093,6 @@ static int test_wolfSSL_ERR_peek_last_error_line(void) } #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) -static int verify_cb(int ok, X509_STORE_CTX *ctx) -{ - (void) ok; - (void) ctx; - fprintf(stderr, "ENTER verify_cb\n"); - return SSL_SUCCESS; -} -#endif - -static int test_wolfSSL_X509_Name_canon(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ - defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA) - const long ex_hash1 = 0x0fdb2da4; - const long ex_hash2 = 0x9f3e8c9e; - X509_NAME *name = NULL; - X509 *x509 = NULL; - XFILE file = XBADFILE; - unsigned long hash = 0; - byte digest[WC_MAX_DIGEST_SIZE] = {0}; - byte *pbuf = NULL; - word32 len = 0; - (void) ex_hash2; - - ExpectTrue((file = XFOPEN(caCertFile, "rb")) != XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); - ExpectNotNull(name = X509_get_issuer_name(x509)); - - /* When output buffer is NULL, should return necessary output buffer - * length.*/ - ExpectIntEQ(wolfSSL_i2d_X509_NAME_canon(NULL, NULL), BAD_FUNC_ARG); - ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0); - ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); - ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); - - hash = (((unsigned long)digest[3] << 24) | - ((unsigned long)digest[2] << 16) | - ((unsigned long)digest[1] << 8) | - ((unsigned long)digest[0])); - ExpectIntEQ(hash, ex_hash1); - - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } - X509_free(x509); - x509 = NULL; - XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); - pbuf = NULL; - - ExpectTrue((file = XFOPEN(cliCertFile, "rb")) != XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); - ExpectNotNull(name = X509_get_issuer_name(x509)); - - ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); - ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); - - hash = (((unsigned long)digest[3] << 24) | - ((unsigned long)digest[2] << 16) | - ((unsigned long)digest[1] << 8) | - ((unsigned long)digest[0])); - - ExpectIntEQ(hash, ex_hash2); - - if (file != XBADFILE) - XFCLOSE(file); - X509_free(x509); - XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - const int MAX_DIR = 4; - const char paths[][32] = { - "./certs/ed25519", - "./certs/ecc", - "./certs/crl", - "./certs/", - }; - - char CertCrl_path[MAX_FILENAME_SZ]; - char *p; - X509_STORE* str = NULL; - X509_LOOKUP* lookup = NULL; - WOLFSSL_STACK* sk = NULL; - int len, total_len, i; - - (void)sk; - - XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ); - - /* illegal string */ - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "", - SSL_FILETYPE_PEM, NULL), 0); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_STORE, "", - SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_LOAD_STORE, "", - SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, 0, "", - SSL_FILETYPE_PEM, NULL), WOLFSSL_FAILURE); - - /* free store */ - X509_STORE_free(str); - str = NULL; - - /* short folder string */ - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./", - SSL_FILETYPE_PEM,NULL), 1); - #if defined(WOLFSSL_INT_H) - /* only available when including internal.h */ - ExpectNotNull(sk = lookup->dirs->dir_entry); - #endif - /* free store */ - X509_STORE_free(str); - str = NULL; - - /* typical function check */ - p = &CertCrl_path[0]; - total_len = 0; - - for (i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) { - len = (int)XSTRLEN((const char*)&paths[i]); - total_len += len; - XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len); - p += len; - if (i != 0) *(p++) = SEPARATOR_CHAR; - } - - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path, - SSL_FILETYPE_PEM,NULL), 1); - #if defined(WOLFSSL_INT_H) - /* only available when including internal.h */ - ExpectNotNull(sk = lookup->dirs->dir_entry); - #endif - - X509_STORE_free(str); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_LOOKUP_ctrl_file(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ - defined(WOLFSSL_SIGNER_DER_CERT) - X509_STORE_CTX* ctx = NULL; - X509_STORE* str = NULL; - X509_LOOKUP* lookup = NULL; - - X509* cert1 = NULL; - X509* x509Ca = NULL; - X509* x509Svr = NULL; - X509* issuer = NULL; - - WOLFSSL_STACK* sk = NULL; - X509_NAME* caName = NULL; - X509_NAME* issuerName = NULL; - - XFILE file1 = XBADFILE; - int i; - int cert_count = 0; - int cmp; - - char der[] = "certs/ca-cert.der"; - -#ifdef HAVE_CRL - char pem[][100] = { - "./certs/crl/crl.pem", - "./certs/crl/crl2.pem", - "./certs/crl/caEccCrl.pem", - "./certs/crl/eccCliCRL.pem", - "./certs/crl/eccSrvCRL.pem", - "" - }; -#endif - ExpectTrue((file1 = XFOPEN("./certs/ca-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); - if (file1 != XBADFILE) - XFCLOSE(file1); - - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, NULL, - WOLFSSL_FILETYPE_PEM), 0); - ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(lookup, NULL, - WOLFSSL_FILETYPE_PEM), 0); - ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, caCertFile, - WOLFSSL_FILETYPE_PEM), 0); - ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, der , - WOLFSSL_FILETYPE_PEM), 0); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, - SSL_FILETYPE_PEM,NULL), 1); - ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); - ExpectIntEQ((cert_count = sk_X509_num(sk)), 1); - - /* check if CA cert is loaded into the store */ - for (i = 0; i < cert_count; i++) { - x509Ca = sk_X509_value(sk, i); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); - } - - ExpectNotNull((x509Svr = - wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); - - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); - - ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); - issuer = X509_STORE_CTX_get0_current_issuer(ctx); - ExpectNull(issuer); - - ExpectIntEQ(X509_verify_cert(ctx), 1); - - issuer = X509_STORE_CTX_get0_current_issuer(ctx); - ExpectNotNull(issuer); - caName = X509_get_subject_name(x509Ca); - ExpectNotNull(caName); - issuerName = X509_get_subject_name(issuer); - ExpectNotNull(issuerName); - cmp = X509_NAME_cmp(caName, issuerName); - ExpectIntEQ(cmp, 0); - - /* load der format */ - issuer = NULL; - X509_STORE_CTX_free(ctx); - ctx = NULL; - X509_STORE_free(str); - str = NULL; - sk_X509_pop_free(sk, NULL); - sk = NULL; - X509_free(x509Svr); - x509Svr = NULL; - - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der, - SSL_FILETYPE_ASN1,NULL), 1); - ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); - ExpectIntEQ((cert_count = sk_X509_num(sk)), 1); - /* check if CA cert is loaded into the store */ - for (i = 0; i < cert_count; i++) { - x509Ca = sk_X509_value(sk, i); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); - } - - X509_STORE_free(str); - str = NULL; - sk_X509_pop_free(sk, NULL); - sk = NULL; - X509_free(cert1); - cert1 = NULL; - -#ifdef HAVE_CRL - ExpectNotNull(str = wolfSSL_X509_STORE_new()); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, - SSL_FILETYPE_PEM,NULL), 1); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, - "certs/server-revoked-cert.pem", - SSL_FILETYPE_PEM,NULL), 1); - if (str) { - ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile, - WOLFSSL_FILETYPE_PEM), 1); - /* since store hasn't yet known the revoked cert*/ - ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, - "certs/server-revoked-cert.pem", - WOLFSSL_FILETYPE_PEM), 1); - } - for (i = 0; pem[i][0] != '\0'; i++) - { - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i], - SSL_FILETYPE_PEM, NULL), 1); - } - - if (str) { - /* since store knows crl list */ - ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, - "certs/server-revoked-cert.pem", - WOLFSSL_FILETYPE_PEM ), WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); - } - - ExpectIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0); - X509_STORE_free(str); -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) - X509_STORE_CTX_cleanup(NULL); - X509_STORE_CTX_trusted_stack(NULL, NULL); - - res = TEST_SUCCESS; -#endif - return res; -} - -static int test_wolfSSL_X509_STORE_CTX_get_issuer(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - X509_STORE_CTX* ctx = NULL; - X509_STORE* str = NULL; - X509* x509Ca = NULL; - X509* x509Svr = NULL; - X509* issuer = NULL; - X509_NAME* caName = NULL; - X509_NAME* issuerName = NULL; - - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull((x509Ca = - wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS); - ExpectNotNull((x509Svr = - wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); - - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); - - /* Issuer0 is not set until chain is built for verification */ - ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); - ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); - - /* Issuer1 will use the store to make a new issuer */ - ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1); - ExpectNotNull(issuer); - X509_free(issuer); - - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); - ExpectNotNull(caName = X509_get_subject_name(x509Ca)); - ExpectNotNull(issuerName = X509_get_subject_name(issuer)); -#ifdef WOLFSSL_SIGNER_DER_CERT - ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0); -#endif - - X509_STORE_CTX_free(ctx); - X509_free(x509Svr); - X509_STORE_free(str); - X509_free(x509Ca); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_PKCS7_certs(void) { EXPECT_DECLS; @@ -20159,871 +17167,6 @@ static int test_wolfSSL_PKCS7_certs(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_STORE_CTX(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509_STORE_CTX* ctx = NULL; - X509_STORE* str = NULL; - X509* x509 = NULL; -#ifdef OPENSSL_ALL - X509* x5092 = NULL; - STACK_OF(X509) *sk = NULL; - STACK_OF(X509) *sk2 = NULL; - STACK_OF(X509) *sk3 = NULL; -#endif - - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull((x509 = - wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS); -#ifdef OPENSSL_ALL - /* sk_X509_new only in OPENSSL_ALL */ - sk = sk_X509_new_null(); - ExpectNotNull(sk); - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS); -#else - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS); -#endif - ExpectIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0); - X509_STORE_CTX_set_error(ctx, -5); - X509_STORE_CTX_set_error(NULL, -5); - - X509_STORE_CTX_free(ctx); - ctx = NULL; -#ifdef OPENSSL_ALL - sk_X509_pop_free(sk, NULL); - sk = NULL; -#endif - X509_STORE_free(str); - str = NULL; - X509_free(x509); - x509 = NULL; - - ExpectNotNull(ctx = X509_STORE_CTX_new()); - X509_STORE_CTX_set_verify_cb(ctx, verify_cb); - X509_STORE_CTX_free(ctx); - ctx = NULL; - -#ifdef OPENSSL_ALL - /* test X509_STORE_CTX_get(1)_chain */ - ExpectNotNull((x509 = X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM))); - ExpectNotNull((x5092 = X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM))); - ExpectNotNull((sk = sk_X509_new_null())); - ExpectIntEQ(sk_X509_push(sk, x509), 1); - if (EXPECT_FAIL()) { - X509_free(x509); - x509 = NULL; - } - ExpectNotNull((str = X509_STORE_new())); - ExpectNotNull((ctx = X509_STORE_CTX_new())); - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1); - ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL))); - ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx))); - ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL))); - ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); - X509_STORE_CTX_free(ctx); - ctx = NULL; - X509_STORE_free(str); - str = NULL; - /* CTX certs not freed yet */ - X509_free(x5092); - x5092 = NULL; - sk_X509_pop_free(sk, NULL); - sk = NULL; - /* sk3 is dup so free here */ - sk_X509_pop_free(sk3, NULL); - sk3 = NULL; -#endif - - /* test X509_STORE_CTX_get/set_ex_data */ - { - int i = 0, tmpData = 5; - void* tmpDataRet; - ExpectNotNull(ctx = X509_STORE_CTX_new()); - #ifdef HAVE_EX_DATA - for (i = 0; i < MAX_EX_DATA; i++) { - ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), - WOLFSSL_SUCCESS); - tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); - ExpectNotNull(tmpDataRet); - ExpectIntEQ(tmpData, *(int*)tmpDataRet); - } - #else - ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); - ExpectNull(tmpDataRet); - #endif - X509_STORE_CTX_free(ctx); - ctx = NULL; - } - - /* test X509_STORE_get/set_ex_data */ - { - int i = 0, tmpData = 99; - void* tmpDataRet; - ExpectNotNull(str = X509_STORE_new()); - #ifdef HAVE_EX_DATA - for (i = 0; i < MAX_EX_DATA; i++) { - ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), - WOLFSSL_SUCCESS); - tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); - ExpectNotNull(tmpDataRet); - ExpectIntEQ(tmpData, *(int*)tmpDataRet); - } - #else - ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); - ExpectNull(tmpDataRet); - #endif - X509_STORE_free(str); - str = NULL; - } - -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ - - return EXPECT_RESULT(); -} - -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - -typedef struct { - const char *caFile; - const char *caIntFile; - const char *caInt2File; - const char *leafFile; - X509 *x509Ca; - X509 *x509CaInt; - X509 *x509CaInt2; - X509 *x509Leaf; - STACK_OF(X509)* expectedChain; -} X509_STORE_test_data; - -static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file) -{ - XFILE fp = XBADFILE; - X509 *x = NULL; - - fp = XFOPEN(file, "rb"); - if (fp == NULL) { - return NULL; - } - x = PEM_read_X509(fp, 0, 0, 0); - XFCLOSE(fp); - - return x; -} - -static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - int i = 0; - - /* Test case 1, add X509 certs to store and verify */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - int i = 0; - - /* Test case 2, add certs by filename to store and verify */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_load_locations( - store, testData->caFile, NULL), 1); - ExpectIntEQ(X509_STORE_load_locations( - store, testData->caIntFile, NULL), 1); - ExpectIntEQ(X509_STORE_load_locations( - store, testData->caInt2File, NULL), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - int i = 0; - - /* Test case 3, mix and match X509 with files */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectIntEQ(X509_STORE_load_locations( - store, testData->caFile, NULL), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - STACK_OF(X509)* inter = NULL; - int i = 0; - - /* Test case 4, CA loaded by file, intermediates passed on init */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_load_locations( - store, testData->caFile, NULL), 1); - ExpectNotNull(inter = sk_X509_new_null()); - ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); - ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - sk_X509_free(inter); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - STACK_OF(X509)* trusted = NULL; - int i = 0; - - /* Test case 5, manually set trusted stack */ - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(trusted = sk_X509_new_null()); - ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); - ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); - ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - X509_STORE_CTX_trusted_stack(ctx, trusted); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - sk_X509_free(trusted); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - STACK_OF(X509)* trusted = NULL; - STACK_OF(X509)* inter = NULL; - int i = 0; - - /* Test case 6, manually set trusted stack will be unified with - * any intermediates provided on init */ - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(trusted = sk_X509_new_null()); - ExpectNotNull(inter = sk_X509_new_null()); - ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); - ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); - ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); - X509_STORE_CTX_trusted_stack(ctx, trusted); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - sk_X509_free(trusted); - sk_X509_free(inter); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - int i = 0; - - /* Test case 7, certs added to store after ctx init are still used */ - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - int i = 0; - - /* Test case 8, Only full chain verifies */ - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - X509_STORE_CTX* ctx2 = NULL; - STACK_OF(X509)* trusted = NULL; - - /* Test case 9, certs added to store should not be reflected in ctx that - * has been manually set with a trusted stack, but are reflected in ctx - * that has not set trusted stack */ - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull(ctx2 = X509_STORE_CTX_new()); - ExpectNotNull(trusted = sk_X509_new_null()); - ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); - ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); - ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1); - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntNE(X509_verify_cert(ctx2), 1); - X509_STORE_CTX_trusted_stack(ctx, trusted); - /* CTX1 should now verify */ - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectIntNE(X509_verify_cert(ctx2), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - /* CTX2 should now verify */ - ExpectIntEQ(X509_verify_cert(ctx2), 1); - X509_STORE_CTX_free(ctx); - X509_STORE_CTX_free(ctx2); - X509_STORE_free(store); - sk_X509_free(trusted); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - - /* Test case 10, ensure partial chain flag works */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - /* Fails because chain is incomplete */ - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1); - /* Partial chain now OK */ - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - - /* Test case 11, test partial chain flag on ctx itself */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - /* Fails because chain is incomplete */ - ExpectIntNE(X509_verify_cert(ctx), 1); - X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN); - /* Partial chain now OK */ - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex12(void) -{ - EXPECT_DECLS; -#ifdef HAVE_ECC - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - X509* rootEccX509 = NULL; - X509* badAkiX509 = NULL; - X509* ca1X509 = NULL; - - const char* intCARootECCFile = "./certs/ca-ecc-cert.pem"; - const char* intCA1ECCFile = "./certs/intermediate/ca-int-ecc-cert.pem"; - const char* intCABadAKIECCFile = "./certs/intermediate/ca-ecc-bad-aki.pem"; - - /* Test case 12, multiple CAs with the same SKI including 1 with intentionally - bad/unregistered AKI. x509_verify_cert should still form a valid chain - using the valid CA, ignoring the bad CA. Developed from customer provided - reproducer. */ - - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(rootEccX509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCARootECCFile)); - ExpectIntEQ(X509_STORE_add_cert(store, rootEccX509), 1); - ExpectNotNull(badAkiX509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCABadAKIECCFile)); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, badAkiX509, NULL), 1); - ExpectIntEQ(X509_verify_cert(ctx), 0); - X509_STORE_CTX_cleanup(ctx); - - ExpectIntEQ(X509_STORE_add_cert(store, badAkiX509), 1); - ExpectNotNull(ca1X509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCA1ECCFile)); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, ca1X509, NULL), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - X509_free(rootEccX509); - X509_free(badAkiX509); - X509_free(ca1X509); -#endif - return EXPECT_RESULT(); -} -#endif - -static int test_wolfSSL_X509_STORE_CTX_ex(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509_STORE_test_data testData; - XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data)); - testData.caFile = "./certs/ca-cert.pem"; - testData.caIntFile = "./certs/intermediate/ca-int-cert.pem"; - testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem"; - testData.leafFile = "./certs/intermediate/server-chain.pem"; - - ExpectNotNull(testData.x509Ca = \ - test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile)); - ExpectNotNull(testData.x509CaInt = \ - test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile)); - ExpectNotNull(testData.x509CaInt2 = \ - test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File)); - ExpectNotNull(testData.x509Leaf = \ - test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile)); - ExpectNotNull(testData.expectedChain = sk_X509_new_null()); - ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1); - ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1); - ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1); - ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1); - - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1); - test_wolfSSL_X509_STORE_CTX_ex12(); - - if(testData.x509Ca) { - X509_free(testData.x509Ca); - } - if(testData.x509CaInt) { - X509_free(testData.x509CaInt); - } - if(testData.x509CaInt2) { - X509_free(testData.x509CaInt2); - } - if(testData.x509Leaf) { - X509_free(testData.x509Leaf); - } - if (testData.expectedChain) { - sk_X509_free(testData.expectedChain); - } - -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ - - return EXPECT_RESULT(); -} - - -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) -static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename, - STACK_OF(X509)* chain) -{ - EXPECT_DECLS; - XFILE fp = XBADFILE; - X509* cert = NULL; - - ExpectTrue((fp = XFOPEN(filename, "rb")) - != XBADFILE); - ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - ExpectIntGT(sk_X509_push(chain, cert), 0); - if (EXPECT_FAIL()) - X509_free(cert); - - return EXPECT_RESULT(); -} - -#if defined(OPENSSL_ALL) - -static int last_errcode; -static int last_errdepth; - -static int X509Callback(int ok, X509_STORE_CTX *ctx) -{ - - if (!ok) { - last_errcode = X509_STORE_CTX_get_error(ctx); - last_errdepth = X509_STORE_CTX_get_error_depth(ctx); - } - /* Always return OK to allow verification to continue.*/ - return 1; -} - -static int test_X509_STORE_InvalidCa(void) -{ - EXPECT_DECLS; - const char* filename = "./certs/intermediate/ca_false_intermediate/" - "test_int_not_cacert.pem"; - const char* srvfile = "./certs/intermediate/ca_false_intermediate/" - "test_sign_bynoca_srv.pem"; - X509_STORE_CTX* ctx = NULL; - X509_STORE* str = NULL; - XFILE fp = XBADFILE; - X509* cert = NULL; - STACK_OF(X509)* untrusted = NULL; - - last_errcode = 0; - last_errdepth = 0; - - ExpectTrue((fp = XFOPEN(srvfile, "rb")) - != XBADFILE); - ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - - ExpectNotNull(str = X509_STORE_new()); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull(untrusted = sk_X509_new_null()); - - /* create cert chain stack */ - ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(filename, - untrusted), TEST_SUCCESS); - - X509_STORE_set_verify_cb(str, X509Callback); - - ExpectIntEQ(X509_STORE_load_locations(str, - "./certs/intermediate/ca_false_intermediate/test_ca.pem", - NULL), 1); - - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectIntEQ(last_errcode, X509_V_ERR_INVALID_CA); - - X509_free(cert); - X509_STORE_free(str); - X509_STORE_CTX_free(ctx); - sk_X509_pop_free(untrusted, NULL); - - return EXPECT_RESULT(); -} -#endif /* OPENSSL_ALL */ - - - -static int test_X509_STORE_untrusted_certs(const char** filenames, int ret, - int err, int loadCA) -{ - EXPECT_DECLS; - X509_STORE_CTX* ctx = NULL; - X509_STORE* str = NULL; - XFILE fp = XBADFILE; - X509* cert = NULL; - STACK_OF(X509)* untrusted = NULL; - - ExpectTrue((fp = XFOPEN("./certs/intermediate/server-int-cert.pem", "rb")) - != XBADFILE); - ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - - ExpectNotNull(str = X509_STORE_new()); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull(untrusted = sk_X509_new_null()); - - ExpectIntEQ(X509_STORE_set_flags(str, 0), 1); - if (loadCA) { - ExpectIntEQ(X509_STORE_load_locations(str, "./certs/ca-cert.pem", NULL), - 1); - } - for (; *filenames; filenames++) { - ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(*filenames, - untrusted), TEST_SUCCESS); - } - - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); - ExpectIntEQ(X509_verify_cert(ctx), ret); - ExpectIntEQ(X509_STORE_CTX_get_error(ctx), err); - - X509_free(cert); - X509_STORE_free(str); - X509_STORE_CTX_free(ctx); - sk_X509_pop_free(untrusted, NULL); - - return EXPECT_RESULT(); -} -#endif - -static int test_X509_STORE_untrusted(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - const char* untrusted1[] = { - "./certs/intermediate/ca-int2-cert.pem", - NULL - }; - const char* untrusted2[] = { - "./certs/intermediate/ca-int-cert.pem", - "./certs/intermediate/ca-int2-cert.pem", - NULL - }; - const char* untrusted3[] = { - "./certs/intermediate/ca-int-cert.pem", - "./certs/intermediate/ca-int2-cert.pem", - "./certs/ca-cert.pem", - NULL - }; - /* Adding unrelated certs that should be ignored */ - const char* untrusted4[] = { - "./certs/client-ca.pem", - "./certs/intermediate/ca-int-cert.pem", - "./certs/server-cert.pem", - "./certs/intermediate/ca-int2-cert.pem", - NULL - }; - - /* Only immediate issuer in untrusted chain. Fails since can't build chain - * to loaded CA. */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted1, 0, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 1), TEST_SUCCESS); - /* Succeeds because path to loaded CA is available. */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1), - TEST_SUCCESS); - /* Root CA in untrusted chain is OK so long as CA has been loaded - * properly */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1), - TEST_SUCCESS); - /* Still needs properly loaded CA, while including it in untrusted - * list is not an error, it also doesn't count for verify */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), - TEST_SUCCESS); - /* Succeeds because path to loaded CA is available. */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1), - TEST_SUCCESS); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_set_flags(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509_STORE* store = NULL; - X509* x509 = NULL; - - ExpectNotNull((store = wolfSSL_X509_STORE_new())); - ExpectNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - WOLFSSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS); - -#ifdef HAVE_CRL - ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), - WOLFSSL_SUCCESS); -#else - ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), - WC_NO_ERR_TRACE(NOT_COMPILED_IN)); -#endif - - wolfSSL_X509_free(x509); - wolfSSL_X509_STORE_free(store); -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && - * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_LOOKUP_load_file(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_ECC) && \ - (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) - WOLFSSL_X509_STORE* store = NULL; - WOLFSSL_X509_LOOKUP* lookup = NULL; - - ExpectNotNull(store = wolfSSL_X509_STORE_new()); - ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); - /* One RSA and one ECC certificate in file. */ - ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem", - X509_FILETYPE_PEM), 1); - ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem", - X509_FILETYPE_PEM), 1); - - if (store != NULL) { - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile, - WOLFSSL_FILETYPE_PEM), 1); - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, - WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); - } - ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", - X509_FILETYPE_PEM), 1); - if (store != NULL) { - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, - WOLFSSL_FILETYPE_PEM), 1); - } - - wolfSSL_X509_STORE_free(store); -#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && - * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_set_time(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - WOLFSSL_X509_STORE_CTX* ctx = NULL; - time_t c_time; - - ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); - c_time = 365*24*60*60; - wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time); - ExpectTrue((ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == - WOLFSSL_USE_CHECK_TIME); - ExpectTrue(ctx->param->check_time == c_time); - wolfSSL_X509_STORE_CTX_free(ctx); -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - static int test_wolfSSL_CTX_get0_set1_param(void) { EXPECT_DECLS; @@ -21101,35 +17244,6 @@ static int test_wolfSSL_get0_param(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - const char host[] = "www.example.com"; - WOLFSSL_X509_VERIFY_PARAM* pParam = NULL; - - ExpectNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( - sizeof(WOLFSSL_X509_VERIFY_PARAM), HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); - if (pParam != NULL) { - XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_host(NULL, host, sizeof(host)), - WOLFSSL_FAILURE); - - X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host)); - - ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); - - XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); - - ExpectIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); - - XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); - } -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - static int test_wolfSSL_set1_host(void) { EXPECT_DECLS; @@ -21176,110 +17290,6 @@ static int test_wolfSSL_set1_host(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) - unsigned char buf[16] = {0}; - WOLFSSL_X509_VERIFY_PARAM* param = NULL; - - ExpectNotNull(param = X509_VERIFY_PARAM_new()); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 16), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 4), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 0), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, buf, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 16), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 4), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 16), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 4), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 0), WOLFSSL_FAILURE); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 0), WOLFSSL_SUCCESS); - - /* test 127.0.0.1 */ - buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0); - - /* test 2001:db8:3333:4444:5555:6666:7777:8888 */ - buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; - buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68; - buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102; - buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, - "2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0); - - /* test 2001:db8:: */ - buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; - buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; - buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; - buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0); - - /* test ::1234:5678 */ - buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0; - buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; - buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; - buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0); - - - /* test 2001:db8::1234:5678 */ - buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; - buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; - buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; - buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678", - sizeof(param->ipasc)), 0); - - /* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/ - /* 2001:db8:1::ab9:c0a8:102 */ - buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; - buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0; - buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185; - buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102", - sizeof(param->ipasc)), 0); - - XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_get0_store(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - X509_STORE_CTX* ctx_no_init = NULL; - - ExpectNotNull((store = X509_STORE_new())); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull(ctx_no_init = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS); - - ExpectNull(X509_STORE_CTX_get0_store(NULL)); - /* should return NULL if ctx has not bee initialized */ - ExpectNull(X509_STORE_CTX_get0_store(ctx_no_init)); - ExpectNotNull(X509_STORE_CTX_get0_store(ctx)); - - wolfSSL_X509_STORE_CTX_free(ctx); - wolfSSL_X509_STORE_CTX_free(ctx_no_init); - X509_STORE_free(store); -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_ECC) && !defined(NO_TLS) && defined(HAVE_AESGCM) @@ -22066,84 +18076,6 @@ static int test_wolfSSL_Tls13_postauth(void) } -static int test_wolfSSL_X509_NID(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) - int sigType; - int nameSz = 0; - - X509* cert = NULL; - EVP_PKEY* pubKeyTmp = NULL; - X509_NAME* name = NULL; - - char commonName[80]; - char countryName[80]; - char localityName[80]; - char stateName[80]; - char orgName[80]; - char orgUnit[80]; - - /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */ - - /* convert cert from DER to internal WOLFSSL_X509 struct */ - ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048, - sizeof_client_cert_der_2048, HEAP_HINT)); - - /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */ - - /* extract PUBLIC KEY from cert */ - ExpectNotNull(pubKeyTmp = X509_get_pubkey(cert)); - - /* extract signatureType */ - ExpectIntEQ(wolfSSL_X509_get_signature_type(NULL), 0); - ExpectIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0); - - /* extract subjectName info */ - ExpectNotNull(name = X509_get_subject_name(cert)); - ExpectIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1); - ExpectIntEQ(X509_NAME_get_text_by_NID(NULL, NID_commonName, NULL, 0), -1); - ExpectIntEQ(X509_NAME_get_text_by_NID(name, NID_commonName, - commonName, -2), 0); - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, - NULL, 0)), 0); - ExpectIntEQ(nameSz, 15); - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, - commonName, sizeof(commonName))), 0); - ExpectIntEQ(nameSz, 15); - ExpectIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0); - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, - commonName, 9)), 0); - ExpectIntEQ(nameSz, 8); - ExpectIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0); - - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName, - countryName, sizeof(countryName))), 0); - ExpectIntEQ(XMEMCMP(countryName, "US", nameSz), 0); - - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName, - localityName, sizeof(localityName))), 0); - ExpectIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0); - - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, - NID_stateOrProvinceName, stateName, sizeof(stateName))), 0); - ExpectIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0); - - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName, - orgName, sizeof(orgName))), 0); - ExpectIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0); - - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, - NID_organizationalUnitName, orgUnit, sizeof(orgUnit))), 0); - ExpectIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0); - - EVP_PKEY_free(pubKeyTmp); - X509_free(cert); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_CTX_set_srp_username(void) { EXPECT_DECLS; @@ -22205,323 +18137,6 @@ static int test_wolfSSL_CTX_set_srp_password(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_STORE(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \ - !defined(NO_FILESYSTEM) - X509_STORE *store = NULL; - -#ifdef HAVE_CRL - X509_STORE_CTX *storeCtx = NULL; - X509 *ca = NULL; - X509 *cert = NULL; - const char srvCert[] = "./certs/server-revoked-cert.pem"; - const char caCert[] = "./certs/ca-cert.pem"; -#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP - X509_CRL *crl = NULL; - const char crlPem[] = "./certs/crl/crl.revoked"; - XFILE fp = XBADFILE; -#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ - - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); - ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, - SSL_FILETYPE_PEM))); - ExpectNotNull((storeCtx = X509_STORE_CTX_new())); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); - ExpectIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS); - X509_STORE_free(store); - store = NULL; - X509_STORE_CTX_free(storeCtx); - storeCtx = NULL; - X509_free(cert); - cert = NULL; - X509_free(ca); - ca = NULL; - -#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP - /* should fail to verify now after adding in CRL */ - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); - ExpectTrue((fp = XFOPEN(crlPem, "rb")) != XBADFILE); - ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, - NULL, NULL)); - if (fp != XBADFILE) - XFCLOSE(fp); - ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); - ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS); - ExpectNotNull((storeCtx = X509_STORE_CTX_new())); - ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); - ExpectIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS); - ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), - WOLFSSL_X509_V_ERR_CERT_REVOKED); - X509_CRL_free(crl); - crl = NULL; - X509_STORE_free(store); - store = NULL; - X509_STORE_CTX_free(storeCtx); - storeCtx = NULL; - X509_free(cert); - cert = NULL; - X509_free(ca); - ca = NULL; -#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ -#endif /* HAVE_CRL */ - - - -#if !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM) - { - #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) - SSL_CTX* ctx = NULL; - SSL* ssl = NULL; - int i; - for (i = 0; i < 2; i++) { - #ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); - #else - ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); - #endif - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - SSL_CTX_set_cert_store(ctx, store); - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - SSL_CTX_set_cert_store(ctx, store); - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - ExpectIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile, - SSL_FILETYPE_PEM), SSL_SUCCESS); - ExpectIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, - SSL_FILETYPE_PEM), SSL_SUCCESS); - ExpectNotNull(ssl = SSL_new(ctx)); - if (i == 0) { - ExpectIntEQ(SSL_set0_verify_cert_store(ssl, store), - SSL_SUCCESS); - } - else { - ExpectIntEQ(SSL_set1_verify_cert_store(ssl, store), SSL_SUCCESS); - #ifdef OPENSSL_ALL - ExpectIntEQ(SSL_CTX_set1_verify_cert_store(ctx, store), SSL_SUCCESS); - #endif - } - if (EXPECT_FAIL() || (i == 1)) { - X509_STORE_free(store); - store = NULL; - } - SSL_free(ssl); - ssl = NULL; - SSL_CTX_free(ctx); - ctx = NULL; - } - #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ - } -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_load_locations(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ - !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) && \ - !defined(NO_TLS) - SSL_CTX *ctx = NULL; - X509_STORE *store = NULL; - - const char ca_file[] = "./certs/ca-cert.pem"; - const char client_pem_file[] = "./certs/client-cert.pem"; - const char client_der_file[] = "./certs/client-cert.der"; - const char ecc_file[] = "./certs/ecc-key.pem"; - const char certs_path[] = "./certs/"; - const char bad_path[] = "./bad-path/"; -#ifdef HAVE_CRL - const char crl_path[] = "./certs/crl/"; - const char crl_file[] = "./certs/crl/crl.pem"; -#endif - -#ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); -#else - ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); -#endif - ExpectNotNull(store = SSL_CTX_get_cert_store(ctx)); - ExpectIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), - WOLFSSL_SUCCESS); - - /* Test bad arguments */ - ExpectIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_STORE_load_locations(store, NULL, bad_path), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - -#ifdef HAVE_CRL - /* Test with CRL */ - ExpectIntEQ(X509_STORE_load_locations(store, crl_file, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_STORE_load_locations(store, NULL, crl_path), - WOLFSSL_SUCCESS); -#endif - - /* Test with CA */ - ExpectIntEQ(X509_STORE_load_locations(store, ca_file, NULL), - WOLFSSL_SUCCESS); - - /* Test with client_cert and certs path */ - ExpectIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_STORE_load_locations(store, NULL, certs_path), - WOLFSSL_SUCCESS); - -#if defined(XGETENV) && !defined(NO_GETENV) && defined(_POSIX_C_SOURCE) && \ - _POSIX_C_SOURCE >= 200112L - ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS); - /* Test with env vars */ - ExpectIntEQ(setenv("SSL_CERT_FILE", client_pem_file, 1), 0); - ExpectIntEQ(setenv("SSL_CERT_DIR", certs_path, 1), 0); - ExpectIntEQ(X509_STORE_set_default_paths(store), WOLFSSL_SUCCESS); -#endif - -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) - /* Clear nodes */ - ERR_clear_error(); -#endif - - SSL_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -static int test_X509_STORE_get0_objects(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_TLS) && \ - !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) - X509_STORE *store = NULL; - X509_STORE *store_cpy = NULL; - SSL_CTX *ctx = NULL; - X509_OBJECT *obj = NULL; -#ifdef HAVE_CRL - X509_OBJECT *objCopy = NULL; -#endif - STACK_OF(X509_OBJECT) *objs = NULL; - STACK_OF(X509_OBJECT) *objsCopy = NULL; - int i; - - /* Setup store */ -#ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); -#else - ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); -#endif - ExpectNotNull(store_cpy = X509_STORE_new()); - ExpectNotNull(store = SSL_CTX_get_cert_store(ctx)); - ExpectIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), - WOLFSSL_SUCCESS); -#ifdef HAVE_CRL - ExpectIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), - WOLFSSL_SUCCESS); -#endif - /* Store ready */ - - /* Similar to HaProxy ssl_set_cert_crl_file use case */ - ExpectNotNull(objs = X509_STORE_get0_objects(store)); -#ifdef HAVE_CRL -#ifdef WOLFSSL_SIGNER_DER_CERT - ExpectIntEQ(sk_X509_OBJECT_num(objs), 4); -#else - ExpectIntEQ(sk_X509_OBJECT_num(objs), 1); -#endif -#else -#ifdef WOLFSSL_SIGNER_DER_CERT - ExpectIntEQ(sk_X509_OBJECT_num(objs), 3); -#else - ExpectIntEQ(sk_X509_OBJECT_num(objs), 0); -#endif -#endif - ExpectIntEQ(sk_X509_OBJECT_num(NULL), 0); - ExpectNull(sk_X509_OBJECT_value(NULL, 0)); - ExpectNull(sk_X509_OBJECT_value(NULL, 1)); - ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs))); - ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs) + 1)); -#ifndef NO_WOLFSSL_STUB - ExpectNull(sk_X509_OBJECT_delete(objs, 0)); -#endif - ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL)); - ExpectIntEQ(sk_X509_OBJECT_num(objs), sk_X509_OBJECT_num(objsCopy)); - for (i = 0; i < sk_X509_OBJECT_num(objs) && EXPECT_SUCCESS(); i++) { - obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i); - #ifdef HAVE_CRL - objCopy = (X509_OBJECT*)sk_X509_OBJECT_value(objsCopy, i); - #endif - switch (X509_OBJECT_get_type(obj)) { - case X509_LU_X509: - { - X509* x509 = NULL; - X509_NAME *subj_name = NULL; - ExpectNull(X509_OBJECT_get0_X509_CRL(NULL)); - ExpectNull(X509_OBJECT_get0_X509_CRL(obj)); - ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj)); - ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS); - ExpectNotNull(subj_name = X509_get_subject_name(x509)); - ExpectPtrEq(obj, X509_OBJECT_retrieve_by_subject(objs, X509_LU_X509, - subj_name)); - - break; - } - case X509_LU_CRL: -#ifdef HAVE_CRL - { - X509_CRL* crl = NULL; - ExpectNull(X509_OBJECT_get0_X509(NULL)); - ExpectNull(X509_OBJECT_get0_X509(obj)); - ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj)); - ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS); - - ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy)); - break; - } -#endif - case X509_LU_NONE: - default: - Fail(("X509_OBJECT_get_type should return x509 or crl " - "(when built with crl support)"), - ("Unrecognized X509_OBJECT type or none")); - } - } - - X509_STORE_free(store_cpy); - SSL_CTX_free(ctx); - - wolfSSL_sk_X509_OBJECT_free(NULL); - objs = NULL; - wolfSSL_sk_pop_free(objsCopy, NULL); - objsCopy = NULL; - ExpectNotNull(objs = wolfSSL_sk_X509_OBJECT_new()); - ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(objs, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, obj), WOLFSSL_FAILURE); - ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL)); - wolfSSL_sk_X509_OBJECT_free(objsCopy); - wolfSSL_sk_X509_OBJECT_free(objs); -#endif - return EXPECT_RESULT(); -} - #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) #define TEST_ARG 0x1234 @@ -23226,43 +18841,6 @@ static int test_wolfSSL_set_tlsext_status_type(void) #ifndef NO_BIO -static int test_wolfSSL_PEM_read_bio(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - byte buff[6000]; - XFILE f = XBADFILE; - int bytes = 0; - X509* x509 = NULL; - BIO* bio = NULL; - BUF_MEM* buf = NULL; - - ExpectTrue((f = XFOPEN(cliCertFile, "rb")) != XBADFILE); - ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); - if (f != XBADFILE) - XFCLOSE(f); - - ExpectNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); - ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); - ExpectIntEQ(BIO_set_mem_eof_return(bio, -0xDEAD), 1); - ExpectNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); - ExpectIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1); - /* BIO should return the set EOF value */ - ExpectIntEQ(BIO_read(bio, buff, sizeof(buff)), -0xDEAD); - ExpectIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1); - ExpectIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1); - ExpectIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf)); - - BIO_free(bio); - BUF_MEM_free(buf); - X509_free(x509); -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && - * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ - return EXPECT_RESULT(); -} - - #if defined(OPENSSL_EXTRA) static long bioCallback(BIO *bio, int cmd, const char* argp, int argi, long argl, long ret) @@ -23587,1325 +19165,6 @@ static int test_wolfSSL_a2i_IPADDRESS(void) return EXPECT_RESULT(); } - -static int test_wolfSSL_X509_cmp_time(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ -&& !defined(USER_TIME) && !defined(TIME_OVERRIDES) - WOLFSSL_ASN1_TIME asn_time; - time_t t; - - ExpectIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t)); - XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME)); - ExpectIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t)); - - ExpectIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1); - ExpectIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL)); - ExpectIntEQ(-1, wolfSSL_X509_cmp_current_time(&asn_time)); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_time_adj(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \ - !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \ - defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \ - !defined(NO_ASN_TIME) - X509* x509 = NULL; - time_t t; - time_t not_before; - time_t not_after; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( - client_cert_der_2048, sizeof_client_cert_der_2048, - WOLFSSL_FILETYPE_ASN1)); - - t = 0; - not_before = wc_Time(0); - not_after = wc_Time(0) + (60 * 24 * 30); /* 30 days after */ - ExpectNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t)); - ExpectNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t)); - /* Check X509_gmtime_adj, too. */ - ExpectNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after)); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_bad_altname(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) - const unsigned char malformed_alt_name_cert[] = { - 0x30, 0x82, 0x02, 0xf9, 0x30, 0x82, 0x01, 0xe1, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x02, 0x10, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0f, 0x31, 0x0d, - 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, 0x31, - 0x31, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x32, 0x30, 0x37, 0x31, - 0x37, 0x32, 0x34, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, 0x30, 0x32, - 0x31, 0x34, 0x30, 0x36, 0x32, 0x36, 0x35, 0x33, 0x5a, 0x30, 0x0f, 0x31, - 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, - 0x61, 0x61, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8, - 0x8a, 0x5e, 0x26, 0x23, 0x1b, 0x31, 0xd3, 0x37, 0x1a, 0x70, 0xb2, 0xec, - 0x3f, 0x74, 0xd4, 0xb4, 0x44, 0xe3, 0x7a, 0xa5, 0xc0, 0xf5, 0xaa, 0x97, - 0x26, 0x9a, 0x04, 0xff, 0xda, 0xbe, 0xe5, 0x09, 0x03, 0x98, 0x3d, 0xb5, - 0xbf, 0x01, 0x2c, 0x9a, 0x0a, 0x3a, 0xfb, 0xbc, 0x3c, 0xe7, 0xbe, 0x83, - 0x5c, 0xb3, 0x70, 0xe8, 0x5c, 0xe3, 0xd1, 0x83, 0xc3, 0x94, 0x08, 0xcd, - 0x1a, 0x87, 0xe5, 0xe0, 0x5b, 0x9c, 0x5c, 0x6e, 0xb0, 0x7d, 0xe2, 0x58, - 0x6c, 0xc3, 0xb5, 0xc8, 0x9d, 0x11, 0xf1, 0x5d, 0x96, 0x0d, 0x66, 0x1e, - 0x56, 0x7f, 0x8f, 0x59, 0xa7, 0xa5, 0xe1, 0xc5, 0xe7, 0x81, 0x4c, 0x09, - 0x9d, 0x5e, 0x96, 0xf0, 0x9a, 0xc2, 0x8b, 0x70, 0xd5, 0xab, 0x79, 0x58, - 0x5d, 0xb7, 0x58, 0xaa, 0xfd, 0x75, 0x52, 0xaa, 0x4b, 0xa7, 0x25, 0x68, - 0x76, 0x59, 0x00, 0xee, 0x78, 0x2b, 0x91, 0xc6, 0x59, 0x91, 0x99, 0x38, - 0x3e, 0xa1, 0x76, 0xc3, 0xf5, 0x23, 0x6b, 0xe6, 0x07, 0xea, 0x63, 0x1c, - 0x97, 0x49, 0xef, 0xa0, 0xfe, 0xfd, 0x13, 0xc9, 0xa9, 0x9f, 0xc2, 0x0b, - 0xe6, 0x87, 0x92, 0x5b, 0xcc, 0xf5, 0x42, 0x95, 0x4a, 0xa4, 0x6d, 0x64, - 0xba, 0x7d, 0xce, 0xcb, 0x04, 0xd0, 0xf8, 0xe7, 0xe3, 0xda, 0x75, 0x60, - 0xd3, 0x8b, 0x6a, 0x64, 0xfc, 0x78, 0x56, 0x21, 0x69, 0x5a, 0xe8, 0xa7, - 0x8f, 0xfb, 0x8f, 0x82, 0xe3, 0xae, 0x36, 0xa2, 0x93, 0x66, 0x92, 0xcb, - 0x82, 0xa3, 0xbe, 0x84, 0x00, 0x86, 0xdc, 0x7e, 0x6d, 0x53, 0x77, 0x84, - 0x17, 0xb9, 0x55, 0x43, 0x0d, 0xf1, 0x16, 0x1f, 0xd5, 0x43, 0x75, 0x99, - 0x66, 0x19, 0x52, 0xd0, 0xac, 0x5f, 0x74, 0xad, 0xb2, 0x90, 0x15, 0x50, - 0x04, 0x74, 0x43, 0xdf, 0x6c, 0x35, 0xd0, 0xfd, 0x32, 0x37, 0xb3, 0x8d, - 0xf5, 0xe5, 0x09, 0x02, 0x01, 0x03, 0xa3, 0x61, 0x30, 0x5f, 0x30, 0x0c, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, - 0x04, 0x61, 0x2a, 0x00, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, - 0x04, 0x16, 0x04, 0x14, 0x92, 0x6a, 0x1e, 0x52, 0x3a, 0x1a, 0x57, 0x9f, - 0xc9, 0x82, 0x9a, 0xce, 0xc8, 0xc0, 0xa9, 0x51, 0x9d, 0x2f, 0xc7, 0x72, - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, - 0x14, 0x6b, 0xf9, 0xa4, 0x2d, 0xa5, 0xe9, 0x39, 0x89, 0xa8, 0x24, 0x58, - 0x79, 0x87, 0x11, 0xfc, 0x6f, 0x07, 0x91, 0xef, 0xa6, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0xd5, 0x37, 0x2f, 0xc7, 0xf8, 0x8b, - 0x39, 0x1c, 0xe3, 0xdf, 0x77, 0xee, 0xc6, 0x4b, 0x5f, 0x84, 0xcf, 0xfa, - 0x33, 0x2c, 0xb2, 0xb5, 0x4b, 0x09, 0xee, 0x56, 0xc0, 0xf2, 0xf0, 0xeb, - 0xad, 0x1c, 0x02, 0xef, 0xae, 0x09, 0x53, 0xc0, 0x06, 0xad, 0x4e, 0xfd, - 0x3e, 0x8c, 0x13, 0xb3, 0xbf, 0x80, 0x05, 0x36, 0xb5, 0x3f, 0x2b, 0xc7, - 0x60, 0x53, 0x14, 0xbf, 0x33, 0x63, 0x47, 0xc3, 0xc6, 0x28, 0xda, 0x10, - 0x12, 0xe2, 0xc4, 0xeb, 0xc5, 0x64, 0x66, 0xc0, 0xcc, 0x6b, 0x84, 0xda, - 0x0c, 0xe9, 0xf6, 0xe3, 0xf8, 0x8e, 0x3d, 0x95, 0x5f, 0xba, 0x9f, 0xe1, - 0xc7, 0xed, 0x6e, 0x97, 0xcc, 0xbd, 0x7d, 0xe5, 0x4e, 0xab, 0xbc, 0x1b, - 0xf1, 0x3a, 0x09, 0x33, 0x09, 0xe1, 0xcc, 0xec, 0x21, 0x16, 0x8e, 0xb1, - 0x74, 0x9e, 0xc8, 0x13, 0x7c, 0xdf, 0x07, 0xaa, 0xeb, 0x70, 0xd7, 0x91, - 0x5c, 0xc4, 0xef, 0x83, 0x88, 0xc3, 0xe4, 0x97, 0xfa, 0xe4, 0xdf, 0xd7, - 0x0d, 0xff, 0xba, 0x78, 0x22, 0xfc, 0x3f, 0xdc, 0xd8, 0x02, 0x8d, 0x93, - 0x57, 0xf9, 0x9e, 0x39, 0x3a, 0x77, 0x00, 0xd9, 0x19, 0xaa, 0x68, 0xa1, - 0xe6, 0x9e, 0x13, 0xeb, 0x37, 0x16, 0xf5, 0x77, 0xa4, 0x0b, 0x40, 0x04, - 0xd3, 0xa5, 0x49, 0x78, 0x35, 0xfa, 0x3b, 0xf6, 0x02, 0xab, 0x85, 0xee, - 0xcb, 0x9b, 0x62, 0xda, 0x05, 0x00, 0x22, 0x2f, 0xf8, 0xbd, 0x0b, 0xe5, - 0x2c, 0xb2, 0x53, 0x78, 0x0a, 0xcb, 0x69, 0xc0, 0xb6, 0x9f, 0x96, 0xff, - 0x58, 0x22, 0x70, 0x9c, 0x01, 0x2e, 0x56, 0x60, 0x5d, 0x37, 0xe3, 0x40, - 0x25, 0xc9, 0x90, 0xc8, 0x0f, 0x41, 0x68, 0xb4, 0xfd, 0x10, 0xe2, 0x09, - 0x99, 0x08, 0x5d, 0x7b, 0xc9, 0xe3, 0x29, 0xd4, 0x5a, 0xcf, 0xc9, 0x34, - 0x55, 0xa1, 0x40, 0x44, 0xd6, 0x88, 0x16, 0xbb, 0xdd - }; - - X509* x509 = NULL; - int certSize = (int)sizeof(malformed_alt_name_cert) / sizeof(unsigned char); - const char *name = "aaaaa"; - int nameLen = (int)XSTRLEN(name); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( - malformed_alt_name_cert, certSize, SSL_FILETYPE_ASN1)); - - /* malformed_alt_name_cert has a malformed alternative - * name of "a*\0*". Ensure that it does not match "aaaaa" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); - - /* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), 1); - - X509_free(x509); - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_name_match(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) - /* A certificate with the subject alternative name a* */ - const unsigned char cert_der[] = { - 0x30, 0x82, 0x03, 0xac, 0x30, 0x82, 0x02, 0x94, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x0f, 0xa5, 0x10, 0x85, 0xef, 0x58, 0x10, 0x59, 0xfc, - 0x0f, 0x20, 0x1f, 0x53, 0xf5, 0x30, 0x39, 0x34, 0x49, 0x54, 0x05, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, - 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, - 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, - 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, - 0x30, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x34, - 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x30, - 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, - 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, - 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, - 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, - 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, - 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf4, 0xca, 0x3d, - 0xd4, 0xbc, 0x9b, 0xea, 0x74, 0xfe, 0x73, 0xf4, 0x16, 0x23, 0x0b, 0x4a, - 0x09, 0x54, 0xf6, 0x7b, 0x10, 0x99, 0x11, 0x93, 0xb2, 0xdb, 0x4d, 0x7d, - 0x23, 0xab, 0xf9, 0xcd, 0xf6, 0x54, 0xd4, 0xf6, 0x39, 0x57, 0xee, 0x97, - 0xb2, 0xb9, 0xfc, 0x7e, 0x9c, 0xb3, 0xfb, 0x56, 0xb6, 0x84, 0xd6, 0x2d, - 0x59, 0x1c, 0xed, 0xda, 0x9b, 0x19, 0xf5, 0x8a, 0xa7, 0x8a, 0x89, 0xd6, - 0xa1, 0xc0, 0xe6, 0x16, 0xad, 0x04, 0xcf, 0x5a, 0x1f, 0xdf, 0x62, 0x6c, - 0x68, 0x45, 0xe9, 0x55, 0x2e, 0x42, 0xa3, 0x1b, 0x3b, 0x86, 0x23, 0x22, - 0xa1, 0x20, 0x48, 0xd1, 0x52, 0xc0, 0x8b, 0xab, 0xe2, 0x8a, 0x15, 0x68, - 0xbd, 0x89, 0x6f, 0x9f, 0x45, 0x75, 0xb4, 0x27, 0xc1, 0x72, 0x41, 0xfd, - 0x79, 0x89, 0xb0, 0x74, 0xa2, 0xe9, 0x61, 0x48, 0x4c, 0x54, 0xad, 0x6b, - 0x61, 0xbf, 0x0e, 0x27, 0x58, 0xb4, 0xf6, 0x9c, 0x2c, 0x9f, 0xc2, 0x3e, - 0x3b, 0xb3, 0x90, 0x41, 0xbc, 0x61, 0xcd, 0x01, 0x57, 0x90, 0x82, 0xec, - 0x46, 0xba, 0x4f, 0x89, 0x8e, 0x7f, 0x49, 0x4f, 0x46, 0x69, 0x37, 0x8b, - 0xa0, 0xba, 0x85, 0xe8, 0x42, 0xff, 0x9a, 0xa1, 0x53, 0x81, 0x5c, 0xf3, - 0x8e, 0x85, 0x1c, 0xd4, 0x90, 0x60, 0xa0, 0x37, 0x59, 0x04, 0x65, 0xa6, - 0xb5, 0x12, 0x00, 0xc3, 0x04, 0x51, 0xa7, 0x83, 0x96, 0x62, 0x3d, 0x49, - 0x97, 0xe8, 0x6b, 0x9a, 0x5d, 0x51, 0x24, 0xee, 0xad, 0x45, 0x18, 0x0f, - 0x3f, 0x97, 0xec, 0xdf, 0xcf, 0x42, 0x8a, 0x96, 0xc7, 0xd8, 0x82, 0x87, - 0x7f, 0x57, 0x70, 0x22, 0xfb, 0x29, 0x3e, 0x3c, 0xa3, 0xc1, 0xd5, 0x71, - 0xb3, 0x84, 0x06, 0x53, 0xa3, 0x86, 0x20, 0x35, 0xe3, 0x41, 0xb9, 0xd8, - 0x00, 0x22, 0x4f, 0x6d, 0xe6, 0xfd, 0xf0, 0xf4, 0xa2, 0x39, 0x0a, 0x1a, - 0x23, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x30, 0x30, 0x2e, 0x30, 0x0d, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x06, 0x30, 0x04, 0x82, 0x02, 0x61, - 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x45, 0x05, 0xf3, 0x4d, 0x3e, 0x7e, 0x9c, 0xf5, 0x08, 0xee, 0x2c, 0x13, - 0x32, 0xe3, 0xf2, 0x14, 0xe8, 0x0e, 0x71, 0x21, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0xa8, 0x28, 0xe5, 0x22, 0x65, 0xcf, 0x47, 0xfe, - 0x82, 0x17, 0x99, 0x20, 0xdb, 0xb1, 0x57, 0xd4, 0x91, 0x1a, 0x83, 0xde, - 0xc1, 0xaf, 0xc4, 0x1f, 0xfb, 0xa4, 0x6a, 0xad, 0xdc, 0x58, 0x72, 0xd9, - 0x9b, 0xab, 0xa5, 0xbb, 0xf4, 0x98, 0xd4, 0xdf, 0x36, 0xcb, 0xb5, 0x78, - 0xce, 0x4b, 0x25, 0x5b, 0x24, 0x92, 0xfe, 0xe8, 0xd4, 0xe4, 0xbd, 0x6f, - 0x71, 0x1a, 0x81, 0x2a, 0x6f, 0x35, 0x93, 0xf7, 0xcc, 0xed, 0xe5, 0x06, - 0xd2, 0x96, 0x41, 0xb5, 0xa9, 0x8a, 0xc0, 0xc9, 0x17, 0xe3, 0x13, 0x5e, - 0x94, 0x5e, 0xfa, 0xfc, 0xf0, 0x00, 0x2e, 0xe1, 0xd8, 0x1b, 0x23, 0x3f, - 0x7c, 0x4d, 0x9f, 0xfb, 0xb7, 0x95, 0xc1, 0x94, 0x7f, 0x7f, 0xb5, 0x4f, - 0x93, 0x6d, 0xc3, 0x2b, 0xb2, 0x28, 0x36, 0xd2, 0x7c, 0x01, 0x3c, 0xae, - 0x35, 0xdb, 0xc8, 0x95, 0x1b, 0x5f, 0x6c, 0x0f, 0x57, 0xb3, 0xcc, 0x97, - 0x98, 0x80, 0x06, 0xaa, 0xe4, 0x93, 0x1f, 0xb7, 0xa0, 0x54, 0xf1, 0x4f, - 0x6f, 0x11, 0xdf, 0xab, 0xd3, 0xbf, 0xf0, 0x3a, 0x81, 0x60, 0xaf, 0x7a, - 0xf7, 0x09, 0xd5, 0xae, 0x0c, 0x7d, 0xae, 0x8d, 0x47, 0x06, 0xbe, 0x11, - 0x6e, 0xf8, 0x7e, 0x49, 0xf8, 0xac, 0x24, 0x0a, 0x4b, 0xc2, 0xf6, 0xe8, - 0x2c, 0xec, 0x35, 0xef, 0xa9, 0x13, 0xb8, 0xd2, 0x9c, 0x92, 0x61, 0x91, - 0xec, 0x7b, 0x0c, 0xea, 0x9a, 0x71, 0x36, 0x15, 0x34, 0x2b, 0x7a, 0x25, - 0xac, 0xfe, 0xc7, 0x26, 0x89, 0x70, 0x3e, 0x64, 0x68, 0x97, 0x4b, 0xaa, - 0xc1, 0x24, 0x14, 0xbd, 0x45, 0x2f, 0xe0, 0xfe, 0xf4, 0x2b, 0x8e, 0x08, - 0x3e, 0xe4, 0xb5, 0x3d, 0x5d, 0xf4, 0xc3, 0xd6, 0x9c, 0xb5, 0x33, 0x1b, - 0x3b, 0xda, 0x6e, 0x99, 0x7b, 0x09, 0xd1, 0x30, 0x97, 0x23, 0x52, 0x6d, - 0x1b, 0x71, 0x3a, 0xf4, 0x54, 0xf0, 0xe5, 0x9e - }; - - WOLFSSL_X509* x509 = NULL; - int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); - const char *name1 = "aaaaa"; - int nameLen1 = (int)(XSTRLEN(name1)); - const char *name2 = "a"; - int nameLen2 = (int)(XSTRLEN(name2)); - const char *name3 = "abbbb"; - int nameLen3 = (int)(XSTRLEN(name3)); - const char *name4 = "bbb"; - int nameLen4 = (int)(XSTRLEN(name4)); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( - cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); - - /* Ensure that "a*" matches "aaaaa" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" matches "a" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" matches "abbbb" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" does not match "bbb" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); - - /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since - * 'a*' alt name does not have wildcard left-most */ - - /* Ensure that "a*" does not match "aaaaa" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" does not match "a" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" does not match "abbbb" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" does not match "bbb" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - - wolfSSL_X509_free(x509); - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_name_match2(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) - /* A certificate with the subject alternative name a*b* */ - const unsigned char cert_der[] = { - 0x30, 0x82, 0x03, 0xae, 0x30, 0x82, 0x02, 0x96, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x41, 0x8c, 0x8b, 0xaa, 0x0e, 0xd8, 0x5a, 0xc0, 0x52, - 0x46, 0x0e, 0xe5, 0xd8, 0xb9, 0x48, 0x93, 0x7e, 0x8a, 0x7c, 0x65, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, - 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, - 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, - 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, - 0x30, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, - 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x30, - 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, - 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, - 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, - 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, - 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, - 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x60, 0x80, - 0xf3, 0xee, 0x19, 0xd2, 0xe4, 0x15, 0x94, 0x54, 0x12, 0x88, 0xee, 0xda, - 0x11, 0x11, 0x87, 0x99, 0x88, 0xb3, 0x71, 0xc7, 0x97, 0x78, 0x1b, 0x57, - 0x37, 0x1d, 0x0b, 0x1f, 0x2f, 0x2c, 0x35, 0x13, 0x75, 0xd3, 0x31, 0x3e, - 0x6f, 0x80, 0x21, 0xa5, 0xa3, 0xad, 0x10, 0x81, 0xb6, 0x37, 0xd4, 0x55, - 0x2e, 0xc1, 0xb8, 0x37, 0xa3, 0x3c, 0xe8, 0x81, 0x03, 0x3c, 0xda, 0x5f, - 0x6f, 0x45, 0x32, 0x2b, 0x0e, 0x99, 0x27, 0xfd, 0xe5, 0x6c, 0x07, 0xd9, - 0x4e, 0x0a, 0x8b, 0x23, 0x74, 0x96, 0x25, 0x97, 0xae, 0x6d, 0x19, 0xba, - 0xbf, 0x0f, 0xc8, 0xa1, 0xe5, 0xea, 0xa8, 0x00, 0x09, 0xc3, 0x9a, 0xef, - 0x09, 0x33, 0xc1, 0x33, 0x2e, 0x7b, 0x6d, 0xa7, 0x66, 0x87, 0xb6, 0x3a, - 0xb9, 0xdb, 0x4c, 0x5e, 0xb5, 0x55, 0x69, 0x37, 0x17, 0x92, 0x1f, 0xe3, - 0x53, 0x1a, 0x2d, 0x25, 0xd0, 0xcf, 0x72, 0x37, 0xc2, 0x89, 0x83, 0x78, - 0xcf, 0xac, 0x2e, 0x46, 0x92, 0x5c, 0x4a, 0xba, 0x7d, 0xa0, 0x22, 0x34, - 0xb1, 0x22, 0x26, 0x99, 0xda, 0xe8, 0x97, 0xe2, 0x0c, 0xd3, 0xbc, 0x97, - 0x7e, 0xa8, 0xb9, 0xe3, 0xe2, 0x7f, 0x56, 0xef, 0x22, 0xee, 0x15, 0x95, - 0xa6, 0xd1, 0xf4, 0xa7, 0xac, 0x4a, 0xab, 0xc1, 0x1a, 0xda, 0xc5, 0x5f, - 0xa5, 0x5e, 0x2f, 0x15, 0x9c, 0x36, 0xbe, 0xd3, 0x47, 0xb6, 0x86, 0xb9, - 0xc6, 0x59, 0x39, 0x36, 0xad, 0x84, 0x53, 0x95, 0x72, 0x91, 0x89, 0x51, - 0x32, 0x77, 0xf1, 0xa5, 0x93, 0xfe, 0xf0, 0x41, 0x7c, 0x64, 0xf1, 0xb0, - 0x8b, 0x81, 0x8d, 0x3a, 0x2c, 0x9e, 0xbe, 0x2e, 0x8b, 0xf7, 0x80, 0x63, - 0x35, 0x32, 0xfa, 0x26, 0xe0, 0x63, 0xbf, 0x5e, 0xaf, 0xf0, 0x08, 0xe0, - 0x80, 0x65, 0x38, 0xfa, 0x21, 0xaa, 0x91, 0x34, 0x48, 0x3d, 0x32, 0x5c, - 0xbf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x32, 0x30, 0x30, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, 0x04, 0x61, - 0x2a, 0x62, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, - 0x04, 0x14, 0x3d, 0x55, 0x74, 0xf8, 0x3a, 0x26, 0x03, 0x8c, 0x6a, 0x2e, - 0x91, 0x0e, 0x18, 0x70, 0xb4, 0xa4, 0xcc, 0x04, 0x00, 0xd3, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0x3b, 0xff, 0x46, 0x0c, 0xb5, - 0x21, 0xdc, 0xcf, 0x61, 0x9a, 0x25, 0x93, 0x99, 0x68, 0x2f, 0x16, 0x71, - 0x15, 0x00, 0x5f, 0xb0, 0x9b, 0x43, 0x5c, 0x47, 0xe2, 0x8e, 0xc8, 0xea, - 0xb3, 0x30, 0x4d, 0x87, 0x90, 0xcf, 0x24, 0x37, 0x5c, 0xfd, 0xc8, 0xc6, - 0x09, 0x36, 0xb2, 0xfb, 0xfd, 0xc1, 0x82, 0x92, 0x77, 0x5b, 0x9d, 0xeb, - 0xac, 0x47, 0xbc, 0xda, 0x7c, 0x89, 0x19, 0x03, 0x9e, 0xcd, 0x96, 0x2a, - 0x90, 0x55, 0x23, 0x19, 0xac, 0x9d, 0x49, 0xfb, 0xa0, 0x31, 0x7d, 0x6b, - 0x1a, 0x16, 0x13, 0xb1, 0xa9, 0xc9, 0xc4, 0xaf, 0xf1, 0xb4, 0xa7, 0x9b, - 0x08, 0x64, 0x6a, 0x09, 0xcd, 0x4a, 0x03, 0x4c, 0x93, 0xb6, 0xcf, 0x29, - 0xdb, 0x56, 0x88, 0x8e, 0xed, 0x08, 0x6d, 0x8d, 0x76, 0xa3, 0xd7, 0xc6, - 0x69, 0xa1, 0xf5, 0xd2, 0xd0, 0x0a, 0x4b, 0xfa, 0x88, 0x66, 0x6c, 0xe5, - 0x4a, 0xee, 0x13, 0xad, 0xad, 0x22, 0x25, 0x73, 0x39, 0x56, 0x74, 0x0e, - 0xda, 0xcd, 0x35, 0x67, 0xe3, 0x81, 0x5c, 0xc5, 0xae, 0x3c, 0x4f, 0x47, - 0x3e, 0x97, 0xde, 0xac, 0xf6, 0xe1, 0x26, 0xe2, 0xe0, 0x66, 0x48, 0x20, - 0x7c, 0x02, 0x81, 0x3e, 0x7d, 0x34, 0xb7, 0x73, 0x3e, 0x2e, 0xd6, 0x20, - 0x1c, 0xdf, 0xf1, 0xae, 0x86, 0x8b, 0xb2, 0xc2, 0x9b, 0x68, 0x9c, 0xf6, - 0x1a, 0x5e, 0x30, 0x06, 0x39, 0x0a, 0x1f, 0x7b, 0xd7, 0x18, 0x4b, 0x06, - 0x9d, 0xff, 0x84, 0x57, 0xcc, 0x92, 0xad, 0x81, 0x0a, 0x19, 0x11, 0xc4, - 0xac, 0x59, 0x00, 0xe8, 0x5a, 0x70, 0x78, 0xd6, 0x9f, 0xe0, 0x82, 0x2a, - 0x1f, 0x09, 0x36, 0x1c, 0x52, 0x98, 0xf7, 0x95, 0x8f, 0xf9, 0x48, 0x4f, - 0x30, 0x52, 0xb5, 0xf3, 0x8d, 0x13, 0x93, 0x27, 0xbe, 0xb4, 0x75, 0x39, - 0x65, 0xc6, 0x48, 0x4e, 0x32, 0xd7, 0xf4, 0xc3, 0x26, 0x8d - }; - - WOLFSSL_X509* x509 = NULL; - int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); - const char *name1 = "ab"; - int nameLen1 = (int)(XSTRLEN(name1)); - const char *name2 = "acccbccc"; - int nameLen2 = (int)(XSTRLEN(name2)); - const char *name3 = "accb"; - int nameLen3 = (int)(XSTRLEN(name3)); - const char *name4 = "accda"; - int nameLen4 = (int)(XSTRLEN(name4)); - const char *name5 = "acc\0bcc"; - int nameLen5 = 7; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( - cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); - - /* Ensure that "a*b*" matches "ab" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*b*" matches "acccbccc" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*b*" matches "accb" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*b*" does not match "accda" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - - /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since - * 'a*b*' alt name does not have wildcard left-most */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_FAILURE); - - /* Ensure that "a*b*" matches "ab", testing openssl behavior replication - * on check len input handling, 0 for len is OK as it should then use - * strlen(name1) */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, 0, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Openssl also allows for len to include NULL terminator */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1 + 1, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that check string with NULL terminator in middle is - * rejected */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name5, nameLen5, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - - wolfSSL_X509_free(x509); - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_name_match3(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) - /* A certificate with the subject alternative name *.example.com */ - const unsigned char cert_der[] = { - 0x30, 0x82, 0x03, 0xb7, 0x30, 0x82, 0x02, 0x9f, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x59, 0xbb, 0xf6, 0xde, 0xb8, 0x3d, 0x0e, 0x8c, 0xe4, - 0xbd, 0x98, 0xa3, 0xbe, 0x3e, 0x8f, 0xdc, 0xbd, 0x7f, 0xcc, 0xae, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, - 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, - 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, - 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, - 0x31, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x34, - 0x30, 0x35, 0x32, 0x39, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x30, - 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, - 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, - 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, - 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, - 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, - 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x78, 0x16, - 0x05, 0x65, 0xf2, 0x85, 0xf2, 0x61, 0x7f, 0xb1, 0x4d, 0x73, 0xe2, 0x82, - 0xb5, 0x3d, 0xf7, 0x9d, 0x05, 0x65, 0xed, 0x9d, 0xc3, 0x29, 0x7a, 0x92, - 0x2c, 0x06, 0x5f, 0xc8, 0x13, 0x55, 0x42, 0x4e, 0xbd, 0xe2, 0x56, 0x2a, - 0x4b, 0xac, 0xe6, 0x1b, 0x10, 0xc9, 0xdb, 0x9a, 0x45, 0x36, 0xed, 0xf3, - 0x26, 0x8c, 0x22, 0x88, 0x1e, 0x6d, 0x2b, 0x41, 0xfa, 0x0d, 0x43, 0x88, - 0x88, 0xde, 0x8d, 0x2e, 0xca, 0x6e, 0x7c, 0x62, 0x66, 0x3e, 0xfa, 0x4e, - 0x71, 0xea, 0x7d, 0x3b, 0x32, 0x33, 0x5c, 0x7a, 0x7e, 0xea, 0x74, 0xbd, - 0xb6, 0x8f, 0x4c, 0x1c, 0x7a, 0x79, 0x94, 0xf1, 0xe8, 0x02, 0x67, 0x98, - 0x25, 0xb4, 0x31, 0x80, 0xc1, 0xae, 0xbf, 0xef, 0xf2, 0x6c, 0x78, 0x42, - 0xef, 0xb5, 0xc6, 0x01, 0x47, 0x79, 0x8d, 0x92, 0xce, 0xc1, 0xb5, 0x98, - 0x76, 0xf0, 0x84, 0xa2, 0x53, 0x90, 0xe5, 0x39, 0xc7, 0xbd, 0xf2, 0xbb, - 0xe3, 0x3f, 0x00, 0xf6, 0xf0, 0x46, 0x86, 0xee, 0x55, 0xbd, 0x2c, 0x1f, - 0x97, 0x24, 0x7c, 0xbc, 0xda, 0x2f, 0x1b, 0x53, 0xef, 0x26, 0x56, 0xcc, - 0xb7, 0xd8, 0xca, 0x17, 0x20, 0x4e, 0x62, 0x03, 0x66, 0x32, 0xb3, 0xd1, - 0x71, 0x26, 0x6c, 0xff, 0xd1, 0x9e, 0x44, 0x86, 0x2a, 0xae, 0xba, 0x43, - 0x00, 0x13, 0x7e, 0x50, 0xdd, 0x3e, 0x27, 0x39, 0x70, 0x1c, 0x0c, 0x0b, - 0xe8, 0xa2, 0xae, 0x03, 0x09, 0x2e, 0xd8, 0x71, 0xee, 0x7b, 0x1a, 0x09, - 0x2d, 0xe1, 0xd5, 0xde, 0xf5, 0xa3, 0x36, 0x77, 0x90, 0x97, 0x99, 0xd7, - 0x6c, 0xb7, 0x5c, 0x9d, 0xf7, 0x7e, 0x41, 0x89, 0xfe, 0xe4, 0x08, 0xc6, - 0x0b, 0xe4, 0x9b, 0x5f, 0x51, 0xa6, 0x08, 0xb8, 0x99, 0x81, 0xe9, 0xce, - 0xb4, 0x2d, 0xb2, 0x92, 0x9f, 0xe5, 0x1a, 0x98, 0x76, 0x20, 0x70, 0x54, - 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x18, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x11, 0x30, 0x0f, 0x82, 0x0d, 0x2a, - 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x60, - 0xd4, 0x26, 0xbb, 0xcc, 0x7c, 0x29, 0xa2, 0x88, 0x3c, 0x76, 0x7d, 0xb4, - 0x86, 0x8b, 0x47, 0x64, 0x5b, 0x87, 0xe0, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0xc3, 0x0d, 0x03, 0x67, 0xbb, 0x47, 0x8b, 0xf3, 0x20, - 0xdc, 0x7d, 0x2e, 0xe1, 0xd9, 0xf0, 0x01, 0xc4, 0x66, 0xc2, 0xe1, 0xcd, - 0xc3, 0x4a, 0x72, 0xf0, 0x6e, 0x38, 0xcf, 0x63, 0x01, 0x96, 0x9e, 0x84, - 0xb9, 0xce, 0x1d, 0xba, 0x4b, 0xe0, 0x70, 0x86, 0x2b, 0x5a, 0xab, 0xec, - 0xbf, 0xc2, 0xaa, 0x64, 0xa2, 0x6c, 0xd2, 0x42, 0x52, 0xd4, 0xbe, 0x8a, - 0xca, 0x9c, 0x03, 0xf3, 0xd6, 0x5f, 0xcd, 0x23, 0x9f, 0xf5, 0xa9, 0x04, - 0x40, 0x5b, 0x66, 0x78, 0xc0, 0xac, 0xa1, 0xdb, 0x5d, 0xd1, 0x94, 0xfc, - 0x47, 0x94, 0xf5, 0x45, 0xe3, 0x70, 0x13, 0x3f, 0x66, 0x6d, 0xdd, 0x73, - 0x68, 0x68, 0xe2, 0xd2, 0x89, 0xcb, 0x7f, 0xc6, 0xca, 0xd6, 0x96, 0x0b, - 0xcc, 0xdd, 0xa1, 0x74, 0xda, 0x33, 0xe8, 0x9e, 0xda, 0xb7, 0xd9, 0x12, - 0xab, 0x85, 0x9d, 0x0c, 0xde, 0xa0, 0x7d, 0x7e, 0xa1, 0x91, 0xed, 0xe5, - 0x32, 0x7c, 0xc5, 0xea, 0x1d, 0x4a, 0xb5, 0x38, 0x63, 0x17, 0xf3, 0x4f, - 0x2c, 0x4a, 0x58, 0x86, 0x09, 0x33, 0x86, 0xc4, 0xe7, 0x56, 0x6f, 0x32, - 0x71, 0xb7, 0xd0, 0x83, 0x12, 0x9e, 0x26, 0x0a, 0x3a, 0x45, 0xcb, 0xd7, - 0x4e, 0xab, 0xa4, 0xc3, 0xee, 0x4c, 0xc0, 0x38, 0xa1, 0xfa, 0xba, 0xfa, - 0xb7, 0x80, 0x69, 0x67, 0xa3, 0xef, 0x89, 0xba, 0xce, 0x89, 0x91, 0x3d, - 0x6a, 0x76, 0xe9, 0x3b, 0x32, 0x86, 0x76, 0x85, 0x6b, 0x4f, 0x7f, 0xbc, - 0x7a, 0x5b, 0x31, 0x92, 0x79, 0x35, 0xf8, 0xb9, 0xb1, 0xd7, 0xdb, 0xa9, - 0x6a, 0x8a, 0x91, 0x60, 0x65, 0xd4, 0x76, 0x54, 0x55, 0x57, 0xb9, 0x35, - 0xe0, 0xf5, 0xbb, 0x8f, 0xd4, 0x40, 0x75, 0xbb, 0x47, 0xa8, 0xf9, 0x0f, - 0xea, 0xc9, 0x6e, 0x84, 0xd5, 0xf5, 0x58, 0x2d, 0xe5, 0x76, 0x7b, 0xdf, - 0x97, 0x05, 0x5e, 0xaf, 0x50, 0xf5, 0x48 - }; - - WOLFSSL_X509* x509 = NULL; - int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); - const char *name1 = "foo.example.com"; - int nameLen1 = (int)(XSTRLEN(name1)); - const char *name2 = "x.y.example.com"; - int nameLen2 = (int)(XSTRLEN(name2)); - const char *name3 = "example.com"; - int nameLen3 = (int)(XSTRLEN(name3)); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( - cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); - - /* Ensure that "*.example.com" matches "foo.example.com" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "*.example.com" does NOT match "x.y.example.com" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "*.example.com" does NOT match "example.com" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - - /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "x.y.example.com" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - - wolfSSL_X509_free(x509); - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_max_altnames(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ - !defined(NO_RSA) - - /* Only test if max alt names has not been modified */ -#if WOLFSSL_MAX_ALT_NAMES <= 1024 - - WOLFSSL_CTX* ctx = NULL; - /* File contains a certificate encoded with 130 subject alternative names */ - const char* over_max_altnames_cert = \ - "./certs/test/cert-over-max-altnames.pem"; - -#ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); -#else - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); -#endif - - ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, - over_max_altnames_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), - WOLFSSL_SUCCESS); - wolfSSL_CTX_free(ctx); -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_max_name_constraints(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ - !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) - - /* Only test if max name constraints has not been modified */ -#if WOLFSSL_MAX_NAME_CONSTRAINTS == 128 - - WOLFSSL_CTX* ctx = NULL; - /* File contains a certificate with 130 name constraints */ - const char* over_max_nc = "./certs/test/cert-over-max-nc.pem"; - -#ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); -#else - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); -#endif - - ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_nc, - NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); - wolfSSL_CTX_free(ctx); -#endif - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) - X509* x509 = NULL; -#ifndef NO_BIO - BIO* bio = NULL; - X509_STORE_CTX* ctx = NULL; - X509_STORE* store = NULL; -#endif - char der[] = "certs/ca-cert.der"; - XFILE fp = XBADFILE; - int derSz = 0; - -#ifndef NO_BIO - ExpectNotNull(bio = BIO_new(BIO_s_mem())); -#endif - - ExpectNotNull(x509 = X509_new()); - ExpectNull(wolfSSL_X509_get_der(x509, &derSz)); -#if !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN) - ExpectIntEQ(i2d_X509_bio(bio, x509), WOLFSSL_FAILURE); -#endif - ExpectNull(wolfSSL_X509_dup(x509)); - X509_free(x509); - x509 = NULL; - -#ifndef NO_BIO - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - -#ifdef WOLFSSL_CERT_GEN - ExpectIntEQ(i2d_X509_bio(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(i2d_X509_bio(bio, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(i2d_X509_bio(NULL, x509), WOLFSSL_FAILURE); - ExpectIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS); -#endif - - ExpectNotNull(ctx = X509_STORE_CTX_new()); - - ExpectIntEQ(X509_verify_cert(ctx), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectNotNull(wolfSSL_X509_verify_cert_error_string(CRL_MISSING)); - - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS); - ExpectIntEQ(X509_verify_cert(ctx), SSL_SUCCESS); - -#ifndef NO_WOLFSSL_STUB - ExpectNull(X509_get_default_cert_file_env()); - ExpectNull(X509_get_default_cert_file()); - ExpectNull(X509_get_default_cert_dir_env()); - ExpectNull(X509_get_default_cert_dir()); -#endif - - ExpectNull(wolfSSL_X509_get_der(NULL, NULL)); - ExpectNull(wolfSSL_X509_get_der(x509, NULL)); - ExpectNull(wolfSSL_X509_get_der(NULL, &derSz)); - - ExpectIntEQ(wolfSSL_X509_version(NULL), 0); - ExpectIntEQ(wolfSSL_X509_version(x509), 3); - - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - X509_free(x509); - x509 = NULL; - BIO_free(bio); - bio = NULL; -#endif - - /** d2i_X509_fp test **/ - ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE); - ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL)); - ExpectNotNull(x509); - -#ifdef HAVE_EX_DATA_CRYPTO - ExpectIntEQ(wolfSSL_X509_get_ex_new_index(1, NULL, NULL, NULL, NULL), 0); -#endif - ExpectNull(wolfSSL_X509_get_ex_data(NULL, 1)); - ExpectNull(wolfSSL_X509_get_ex_data(x509, 1)); -#ifdef HAVE_EX_DATA - ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0); - ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 1); - ExpectPtrEq(wolfSSL_X509_get_ex_data(x509, 1), der); -#else - ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0); - ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 0); - ExpectNull(wolfSSL_X509_get_ex_data(x509, 1)); -#endif - - X509_free(x509); - x509 = NULL; - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE); - ExpectNull((X509 *)d2i_X509_fp(XBADFILE, (X509 **)&x509)); - ExpectNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509)); - ExpectNotNull(x509); - X509_free(x509); - x509 = NULL; - if (fp != XBADFILE) - XFCLOSE(fp); - -#ifndef NO_BIO - ExpectNotNull(bio = BIO_new_file(der, "rb")); - ExpectNull(d2i_X509_bio(NULL, &x509)); - ExpectNotNull(x509 = d2i_X509_bio(bio, NULL)); - ExpectNotNull(x509); - X509_free(x509); - BIO_free(bio); - bio = NULL; -#endif - - /* X509_up_ref test */ - ExpectIntEQ(X509_up_ref(NULL), 0); - ExpectNotNull(x509 = X509_new()); /* refCount = 1 */ - ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */ - ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */ - X509_free(x509); /* refCount = 2 */ - X509_free(x509); /* refCount = 1 */ - X509_free(x509); /* refCount = 0, free */ - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_ext_count(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) - int ret = 0; - WOLFSSL_X509* x509 = NULL; - const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem"; - XFILE f = XBADFILE; - - /* NULL parameter check */ - ExpectIntEQ(X509_get_ext_count(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM)); - ExpectIntEQ(X509_get_ext_count(x509), 5); - wolfSSL_X509_free(x509); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile, - SSL_FILETYPE_PEM)); - ExpectIntEQ(X509_get_ext_count(x509), 5); - wolfSSL_X509_free(x509); - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - /* wolfSSL_X509_get_ext_count() valid input */ - ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - - -/* Tests X509v3_get_ext_count, X509v3_get_ext_by_NID, and X509v3_get_ext - * working with a stack retrieved from wolfSSL_X509_get0_extensions(). - */ -static int test_wolfSSL_X509_stack_extensions(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) - WOLFSSL_X509* x509 = NULL; - const WOLFSSL_STACK* ext_stack = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - int idx = -1; - int count = 0; - XFILE f = XBADFILE; - - /* Load a certificate */ - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - /* Get the stack of extensions */ - ExpectNotNull(ext_stack = wolfSSL_X509_get0_extensions(x509)); - - /* Test X509v3_get_ext_count */ - ExpectIntGT((count = X509v3_get_ext_count(ext_stack)), 0); - - /* Test X509v3_get_ext_by_NID - find Basic Constraints extension */ - ExpectIntGE((idx = X509v3_get_ext_by_NID(ext_stack, NID_basic_constraints, - -1)), 0); - - /* Test X509v3_get_ext - get extension by index */ - ExpectNotNull(ext = X509v3_get_ext(ext_stack, idx)); - - /* Verify that the extension is the correct one */ - ExpectIntEQ(wolfSSL_OBJ_obj2nid(wolfSSL_X509_EXTENSION_get_object(ext)), - NID_basic_constraints); - - /* Test negative cases */ - ExpectIntEQ(X509v3_get_ext_by_NID(NULL, NID_basic_constraints, -1), - WOLFSSL_FATAL_ERROR); - ExpectNull(X509v3_get_ext(NULL, 0)); - ExpectNull(X509v3_get_ext(ext_stack, -1)); - ExpectNull(X509v3_get_ext(ext_stack, count)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_sign2(void) -{ - EXPECT_DECLS; - /* test requires WOLFSSL_AKID_NAME to match expected output */ -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_AKID_NAME) && \ - (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_IP_ALT_NAME)) - WOLFSSL_X509 *x509 = NULL; - WOLFSSL_X509 *ca = NULL; - const unsigned char *der = NULL; - const unsigned char *pt = NULL; - WOLFSSL_EVP_PKEY *priv = NULL; - WOLFSSL_X509_NAME *name = NULL; - int derSz; -#ifndef NO_ASN_TIME - WOLFSSL_ASN1_TIME *notBefore = NULL; - WOLFSSL_ASN1_TIME *notAfter = NULL; - - const int year = 365*24*60*60; - const int day = 24*60*60; - const int hour = 60*60; - const int mini = 60; - time_t t; -#endif - - const unsigned char expected[] = { - 0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x6B, 0x61, 0x49, 0x45, 0xFF, 0x4A, 0xD1, 0x54, 0x16, - 0xB4, 0x35, 0x37, 0xC4, 0x98, 0x5D, 0xA9, 0xF6, 0x67, 0x60, 0x91, 0x30, - 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, - 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, - 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, - 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, - 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, - 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, - 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30, - 0x30, 0x5A, 0x17, 0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30, - 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, - 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, - 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, - 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, - 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, - 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, - 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, - 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, - 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, - 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, - 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, - 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, - 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, - 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, - 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, - 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5, - 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, - 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, - 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, - 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, - 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, - 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, - 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, - 0x24, 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, - 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, - 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9, - 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, - 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, - 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, - 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, - 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, 0x30, 0x82, 0x01, 0x4B, - 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, - 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, - 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, - 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, - 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, - 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDE, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, - 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, - 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, - 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, - 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, - 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, - 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, - 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, - 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, - 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, - 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x82, 0x14, 0x6B, 0x61, 0x49, 0x45, 0xFF, 0x4A, 0xD1, 0x54, - 0x16, 0xB4, 0x35, 0x37, 0xC4, 0x98, 0x5D, 0xA9, 0xF6, 0x67, 0x60, 0x91, - 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, - 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0x2F, 0x9F, 0x83, 0x05, 0x15, 0x1E, 0x5D, 0x7C, 0x22, - 0x12, 0x20, 0xEE, 0x07, 0x35, 0x25, 0x39, 0xDD, 0x34, 0x06, 0xD3, 0x89, - 0x31, 0x51, 0x8B, 0x9A, 0xE5, 0xE8, 0x60, 0x30, 0x07, 0x7A, 0xBB, 0x17, - 0xB9, 0x54, 0x72, 0x83, 0xA2, 0x1F, 0x62, 0xE0, 0x18, 0xAC, 0x93, 0x5E, - 0x63, 0xC7, 0xDD, 0x12, 0x58, 0x96, 0xC7, 0x90, 0x8B, 0x12, 0x50, 0xD2, - 0x60, 0x0E, 0x24, 0x07, 0x53, 0x55, 0xD7, 0x8E, 0xC9, 0x56, 0x12, 0x28, - 0xD8, 0xFD, 0x47, 0xE3, 0x13, 0xFB, 0x3C, 0xD6, 0x3D, 0x82, 0x09, 0x7E, - 0x10, 0x19, 0xE1, 0xCD, 0xCC, 0x4C, 0x78, 0xDF, 0xE5, 0xFB, 0x2C, 0x8C, - 0x88, 0xF7, 0x5B, 0x99, 0x93, 0xC6, 0xC7, 0x22, 0xA5, 0xFA, 0x76, 0x6C, - 0xE9, 0xBC, 0x69, 0xBA, 0x02, 0x82, 0x18, 0xAF, 0x47, 0xD0, 0x9C, 0x5F, - 0xED, 0xAE, 0x5A, 0x95, 0x59, 0x78, 0x86, 0x24, 0x22, 0xB6, 0x81, 0x03, - 0x58, 0x9A, 0x14, 0x93, 0xDC, 0x24, 0x58, 0xF3, 0xD2, 0x6C, 0x8E, 0xD2, - 0x6D, 0x8B, 0xE8, 0x4E, 0xC6, 0xA0, 0x2B, 0x0D, 0xDB, 0x1A, 0x76, 0x28, - 0xA9, 0x8D, 0xFB, 0x51, 0xA6, 0xF0, 0x82, 0x30, 0xEE, 0x78, 0x1C, 0x71, - 0xA8, 0x11, 0x8A, 0xA5, 0xC3, 0x91, 0xAB, 0x9A, 0x46, 0xFF, 0x8D, 0xCD, - 0x82, 0x3F, 0x5D, 0xB6, 0x28, 0x46, 0x6D, 0x66, 0xE2, 0xEE, 0x1E, 0x82, - 0x0D, 0x1A, 0x74, 0x87, 0xFB, 0xFD, 0x96, 0x26, 0x50, 0x09, 0xEC, 0xA7, - 0x73, 0x89, 0x43, 0x3B, 0x42, 0x2D, 0xA9, 0x6B, 0x0F, 0x61, 0x81, 0x97, - 0x11, 0x71, 0xF9, 0xDB, 0x9B, 0x69, 0x4B, 0x6E, 0xD3, 0x7D, 0xDA, 0xC6, - 0x61, 0x9F, 0x39, 0x87, 0x53, 0x52, 0xA8, 0x4D, 0xAD, 0x80, 0x29, 0x6C, - 0x19, 0xF0, 0x8D, 0xB1, 0x0D, 0x4E, 0xFB, 0x1B, 0xB7, 0xF1, 0x85, 0x49, - 0x08, 0x2A, 0x94, 0xD0, 0x4E, 0x0B, 0x8F - }; - - pt = ca_key_der_2048; - ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, - sizeof_ca_key_der_2048)); - - pt = client_cert_der_2048; - ExpectNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt, - sizeof_client_cert_der_2048)); - - pt = ca_cert_der_2048; - ExpectNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - -#ifndef NO_ASN_TIME - t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; - ExpectNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); - ExpectNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); - ExpectIntEQ(notAfter->length, 13); - - ExpectTrue(wolfSSL_X509_set_notBefore(x509, notBefore)); - ExpectTrue(wolfSSL_X509_set1_notBefore(x509, notBefore)); - ExpectTrue(wolfSSL_X509_set_notAfter(x509, notAfter)); - ExpectTrue(wolfSSL_X509_set1_notAfter(x509, notAfter)); -#endif - - ExpectNull(wolfSSL_X509_notBefore(NULL)); - ExpectNotNull(wolfSSL_X509_notBefore(x509)); - ExpectNull(wolfSSL_X509_notAfter(NULL)); - ExpectNotNull(wolfSSL_X509_notAfter(x509)); - - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); - - ExpectIntEQ(derSz, sizeof(expected)); -#ifndef NO_ASN_TIME - ExpectIntEQ(XMEMCMP(der, expected, derSz), 0); -#endif - - wolfSSL_X509_free(ca); - wolfSSL_X509_free(x509); - wolfSSL_EVP_PKEY_free(priv); -#ifndef NO_ASN_TIME - wolfSSL_ASN1_TIME_free(notBefore); - wolfSSL_ASN1_TIME_free(notAfter); -#endif -#endif - return EXPECT_RESULT(); -} - - -static int test_wolfSSL_X509_sign(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN_TIME) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) - int ret = 0; - char *cn = NULL; - word32 cnSz = 0; - X509_NAME *name = NULL; - X509_NAME *emptyName = NULL; - X509 *x509 = NULL; - X509 *ca = NULL; - DecodedCert dCert; - EVP_PKEY *pub = NULL; - EVP_PKEY *priv = NULL; - EVP_MD_CTX *mctx = NULL; -#if defined(USE_CERT_BUFFERS_1024) - const unsigned char* rsaPriv = client_key_der_1024; - const unsigned char* rsaPub = client_keypub_der_1024; - const unsigned char* certIssuer = client_cert_der_1024; - long clientKeySz = (long)sizeof_client_key_der_1024; - long clientPubKeySz = (long)sizeof_client_keypub_der_1024; - long certIssuerSz = (long)sizeof_client_cert_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - const unsigned char* rsaPriv = client_key_der_2048; - const unsigned char* rsaPub = client_keypub_der_2048; - const unsigned char* certIssuer = client_cert_der_2048; - long clientKeySz = (long)sizeof_client_key_der_2048; - long clientPubKeySz = (long)sizeof_client_keypub_der_2048; - long certIssuerSz = (long)sizeof_client_cert_der_2048; -#endif - byte sn[16]; - int snSz = sizeof(sn); - int sigSz = 0; -#ifndef NO_WOLFSSL_STUB - const WOLFSSL_ASN1_BIT_STRING* sig = NULL; - const WOLFSSL_X509_ALGOR* alg = NULL; -#endif - - /* Set X509_NAME fields */ - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS); - - /* Get private and public keys */ - ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, - clientKeySz)); - ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz)); - ExpectNotNull(x509 = X509_new()); - ExpectIntEQ(X509_sign(x509, priv, EVP_sha256()), 0); - /* Set version 3 */ - ExpectIntNE(X509_set_version(x509, 2L), 0); - /* Set subject name, add pubkey, and sign certificate */ - ExpectIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - ExpectIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS); -#ifdef WOLFSSL_ALT_NAMES - ExpectNull(wolfSSL_X509_get_next_altname(NULL)); - ExpectNull(wolfSSL_X509_get_next_altname(x509)); - - /* Add some subject alt names */ - ExpectIntNE(wolfSSL_X509_add_altname(NULL, - "ipsum", ASN_DNS_TYPE), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname(x509, - NULL, ASN_DNS_TYPE), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname(x509, - "sphygmomanometer", - ASN_DNS_TYPE), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname(x509, - "supercalifragilisticexpialidocious", - ASN_DNS_TYPE), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname(x509, - "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch", - ASN_DNS_TYPE), SSL_SUCCESS); -#ifdef WOLFSSL_IP_ALT_NAME - { - unsigned char ip4_type[] = {127,128,0,255}; - unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab, - 0xff, 0xee, 0x99, 0x88, - 0x77, 0x66, 0x55, 0x44, - 0x00, 0x33, 0x22, 0x11}; - ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type, - sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type, - sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS); - } -#endif - - { - int i; - - if (x509 != NULL) { - x509->altNamesNext = x509->altNames; - } -#ifdef WOLFSSL_IP_ALT_NAME - /* No names in IP address. */ - ExpectNull(wolfSSL_X509_get_next_altname(x509)); - ExpectNull(wolfSSL_X509_get_next_altname(x509)); -#endif - for (i = 0; i < 3; i++) { - ExpectNotNull(wolfSSL_X509_get_next_altname(x509)); - } - ExpectNull(wolfSSL_X509_get_next_altname(x509)); -#ifdef WOLFSSL_MULTICIRCULATE_ALTNAMELIST - ExpectNotNull(wolfSSL_X509_get_next_altname(x509)); -#endif - } -#endif /* WOLFSSL_ALT_NAMES */ - - { - ASN1_UTCTIME* infinite_past = NULL; - ExpectNotNull(infinite_past = ASN1_UTCTIME_set(NULL, 0)); - ExpectIntEQ(X509_set1_notBefore(x509, infinite_past), 1); - ASN1_UTCTIME_free(infinite_past); - } - - /* test valid sign case */ - ExpectIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0); - /* test getting signature */ -#ifndef NO_WOLFSSL_STUB - wolfSSL_X509_get0_signature(&sig, &alg, x509); -#endif - ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, &sigSz), - WOLFSSL_SUCCESS); - ExpectIntGT(sigSz, 0); - ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, NULL), - WOLFSSL_FATAL_ERROR); - ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, NULL), - WOLFSSL_FATAL_ERROR); - ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, &sigSz), - WOLFSSL_FATAL_ERROR); - sigSz = 0; - ExpectIntEQ(wolfSSL_X509_get_signature(x509, sn, &sigSz), - WOLFSSL_FATAL_ERROR); - - /* test valid X509_sign_ctx case */ - ExpectNotNull(mctx = EVP_MD_CTX_new()); - ExpectIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1); - ExpectIntGT(X509_sign_ctx(x509, mctx), 0); - -#if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES) - ExpectIntEQ(X509_get_ext_count(x509), 1); -#endif -#if defined(WOLFSSL_ALT_NAMES) && defined(WOLFSSL_IP_ALT_NAME) - ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1); - ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1); -#endif - - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz), - WOLFSSL_SUCCESS); - DEBUG_WRITE_CERT_X509(x509, "signed.pem"); - - /* Variation in size depends on ASN.1 encoding when MSB is set. - * WOLFSSL_ASN_TEMPLATE code does not generate a serial number - * with the MSB set. See GenerateInteger in asn.c */ -#ifndef USE_CERT_BUFFERS_1024 -#ifndef WOLFSSL_ALT_NAMES - /* Valid case - size should be 781-786 with 16 byte serial number */ - ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz)); -#elif defined(WOLFSSL_IP_ALT_NAME) - /* Valid case - size should be 955-960 with 16 byte serial number */ - ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz)); -#else - /* Valid case - size should be 926-931 with 16 byte serial number */ - ExpectTrue((910 + snSz <= ret) && (ret <= 910 + 5 + snSz)); -#endif -#else -#ifndef WOLFSSL_ALT_NAMES - /* Valid case - size should be 537-542 with 16 byte serial number */ - ExpectTrue((521 + snSz <= ret) && (ret <= 521 + 5 + snSz)); -#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) - /* Valid case - size should be 695-670 with 16 byte serial number */ - ExpectTrue((679 + snSz <= ret) && (ret <= 679 + 5 + snSz)); -#else - /* Valid case - size should be 666-671 with 16 byte serial number */ - ExpectTrue((650 + snSz <= ret) && (ret <= 650 + 5 + snSz)); -#endif -#endif - /* check that issuer name is as expected after signature */ - InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0); - ExpectIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0); - - ExpectNotNull(emptyName = X509_NAME_new()); - ExpectNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz)); - ExpectIntEQ(wolfSSL_X509_get_isCA(NULL), 0); - ExpectIntEQ(wolfSSL_X509_get_isCA(ca), 1); - ExpectNotNull(name = X509_get_subject_name(ca)); - ExpectIntEQ(X509_NAME_get_sz(NULL), WOLFSSL_FATAL_ERROR); - ExpectIntGT(cnSz = X509_NAME_get_sz(name), 0); - ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); - ExpectNull(X509_NAME_oneline(NULL, cn, (int)cnSz)); - ExpectPtrEq(X509_NAME_oneline(name, cn, 0), cn); - ExpectPtrEq(X509_NAME_oneline(emptyName, cn, (int)cnSz), cn); - ExpectNull(X509_NAME_oneline(emptyName, NULL, 0)); - ExpectPtrEq(X509_NAME_oneline(name, cn, (int)cnSz), cn); - ExpectIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn))); - XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); - cn = NULL; - -#if defined(XSNPRINTF) - ExpectNull(wolfSSL_X509_get_name_oneline(NULL, NULL, 0)); - ExpectNotNull(cn = wolfSSL_X509_get_name_oneline(name, NULL, 0)); - ExpectIntGT((int)(cnSz = (word32)XSTRLEN(cn) + 1), 0); - ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn); - ExpectNull(wolfSSL_X509_get_name_oneline(NULL, cn, (int)cnSz)); - ExpectNull(wolfSSL_X509_get_name_oneline(name, cn, cnSz - 1)); - ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn); - ExpectPtrEq(wolfSSL_X509_get_name_oneline(emptyName, cn, (int)cnSz), cn); - XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); - cn = NULL; -#endif - X509_NAME_free(emptyName); - -#ifdef WOLFSSL_MULTI_ATTRIB - /* test adding multiple OU's to the signer */ - ExpectNotNull(name = X509_get_subject_name(ca)); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, - (byte*)"OU1", 3, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, - (byte*)"OU2", 3, -1, 0), SSL_SUCCESS); - ExpectIntGT(X509_sign(ca, priv, EVP_sha256()), 0); -#endif - - ExpectNotNull(name = X509_get_subject_name(ca)); - ExpectIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS); - - ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); - ExpectNotNull(name = X509_get_issuer_name(x509)); - cnSz = X509_NAME_get_sz(name); - ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); - ExpectNotNull(cn = X509_NAME_oneline(name, cn, (int)cnSz)); - /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */ - ExpectIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer))); - XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); - cn = NULL; - - FreeDecodedCert(&dCert); - - /* Test invalid parameters */ - ExpectIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0); - ExpectIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0); - ExpectIntEQ(X509_sign(x509, priv, NULL), 0); - - ExpectIntEQ(X509_sign_ctx(NULL, mctx), 0); - EVP_MD_CTX_free(mctx); - mctx = NULL; - ExpectNotNull(mctx = EVP_MD_CTX_new()); - ExpectIntEQ(X509_sign_ctx(x509, mctx), 0); - ExpectIntEQ(X509_sign_ctx(x509, NULL), 0); - - /* test invalid version number */ -#if defined(OPENSSL_ALL) - ExpectIntNE(X509_set_version(x509, 6L), 0); - ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); - - /* uses ParseCert which fails on bad version number */ - ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif - - EVP_MD_CTX_free(mctx); - EVP_PKEY_free(priv); - EVP_PKEY_free(pub); - X509_free(x509); - X509_free(ca); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get0_tbs_sigalg(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) - X509* x509 = NULL; - const X509_ALGOR* alg; - - ExpectNotNull(x509 = X509_new()); - - ExpectNull(alg = X509_get0_tbs_sigalg(NULL)); - ExpectNotNull(alg = X509_get0_tbs_sigalg(x509)); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_X509_ALGOR_get0(void) { EXPECT_DECLS; @@ -24961,139 +19220,6 @@ static int test_wolfSSL_X509_ALGOR_get0(void) } -static int test_wolfSSL_X509_VERIFY_PARAM(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - X509_VERIFY_PARAM *paramTo = NULL; - X509_VERIFY_PARAM *paramFrom = NULL; - char testIPv4[] = "127.0.0.1"; - char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32"; - char testhostName1[] = "foo.hoge.com"; - char testhostName2[] = "foobar.hoge.com"; - - ExpectNotNull(paramTo = X509_VERIFY_PARAM_new()); - ExpectNotNull(XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM))); - - ExpectNotNull(paramFrom = X509_VERIFY_PARAM_new()); - ExpectNotNull(XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM))); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1, - (int)XSTRLEN(testhostName1)), 1); - ExpectIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1, - (int)XSTRLEN(testhostName1))); - - X509_VERIFY_PARAM_set_hostflags(NULL, 0x00); - - X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01); - ExpectIntEQ(0x01, paramFrom->hostFlags); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4), 0); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4), 1); - ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL), 1); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6), 1); - ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); - - /* null pointer */ - ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, paramFrom), 0); - /* in the case of "from" null, returns success */ - ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, NULL), 1); - - ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, NULL), 0); - - /* inherit flags test : VPARAM_DEFAULT */ - ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); - ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, - (int)XSTRLEN(testhostName1))); - ExpectIntEQ(0x01, paramTo->hostFlags); - ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); - - /* inherit flags test : VPARAM OVERWRITE */ - ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, - (int)XSTRLEN(testhostName2)), 1); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); - X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); - - if (paramTo != NULL) { - paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE; - } - - ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); - ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, - (int)XSTRLEN(testhostName1))); - ExpectIntEQ(0x01, paramTo->hostFlags); - ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); - - /* inherit flags test : VPARAM_RESET_FLAGS */ - ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, - (int)XSTRLEN(testhostName2)), 1); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); - X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10); - - if (paramTo != NULL) { - paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS; - } - - ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); - ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, - (int)XSTRLEN(testhostName1))); - ExpectIntEQ(0x01, paramTo->hostFlags); - ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); - - /* inherit flags test : VPARAM_LOCKED */ - ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, - (int)XSTRLEN(testhostName2)), 1); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); - X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); - - if (paramTo != NULL) { - paramTo->inherit_flags = X509_VP_FLAG_LOCKED; - } - - ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); - ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2, - (int)XSTRLEN(testhostName2))); - ExpectIntEQ(0x00, paramTo->hostFlags); - ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); - - /* test for incorrect parameters */ - ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL), - 0); - - ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, 0), 0); - - /* inherit flags test : VPARAM_ONCE, not testable yet */ - - ExpectIntEQ(X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL), - 1); - - ExpectIntEQ(X509_VERIFY_PARAM_get_flags(NULL), 0); - ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), - X509_V_FLAG_CRL_CHECK_ALL); - - ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL), - WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(paramTo, - X509_V_FLAG_CRL_CHECK_ALL), 1); - - ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), 0); - - ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(NULL)); - ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup("")); - ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_client")); - ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_server")); - - X509_VERIFY_PARAM_free(paramTo); - X509_VERIFY_PARAM_free(paramFrom); - X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */ -#endif - return EXPECT_RESULT(); -} - #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ !defined(WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY) @@ -25212,205 +19338,6 @@ static int test_wolfSSL_check_domain_basic(void) } #endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ -static int test_wolfSSL_X509_get_X509_PUBKEY(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) - X509* x509 = NULL; - X509_PUBKEY* pubKey; - - ExpectNotNull(x509 = X509_new()); - - ExpectNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL)); - ExpectNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509)); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_PUBKEY_RSA(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ - !defined(NO_SHA256) && !defined(NO_RSA) - X509* x509 = NULL; - ASN1_OBJECT* obj = NULL; - const ASN1_OBJECT* pa_oid = NULL; - X509_PUBKEY* pubKey = NULL; - X509_PUBKEY* pubKey2 = NULL; - EVP_PKEY* evpKey = NULL; - byte buf[1024]; - byte* tmp; - - const unsigned char *pk = NULL; - int ppklen; - int pptype; - X509_ALGOR *pa = NULL; - const void *pval; - - ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - - ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509)); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); - ExpectNotNull(pk); - ExpectNotNull(pa); - ExpectNotNull(pubKey); - ExpectIntGT(ppklen, 0); - - tmp = buf; - ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, NULL), WOLFSSL_FATAL_ERROR); - ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, &tmp), WOLFSSL_FATAL_ERROR); - ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, NULL), 294); - ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, &tmp), 294); - - ExpectIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption); - - ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey)); - ExpectNotNull(pubKey2 = X509_PUBKEY_new()); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, NULL), 0); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 0); - ExpectIntEQ(X509_PUBKEY_set(NULL, NULL), 0); - ExpectIntEQ(X509_PUBKEY_set(&pubKey2, NULL), 0); - ExpectIntEQ(X509_PUBKEY_set(NULL, evpKey), 0); - ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); - ExpectIntEQ(X509_PUBKEY_get0_param(NULL, NULL, NULL, NULL, pubKey2), 1); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); - ExpectNotNull(pk); - ExpectNotNull(pa); - ExpectIntGT(ppklen, 0); - X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); - ExpectNotNull(pa_oid); - ExpectNull(pval); - ExpectIntEQ(pptype, V_ASN1_NULL); - ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA); - - X509_PUBKEY_free(NULL); - X509_PUBKEY_free(pubKey2); - X509_free(x509); - EVP_PKEY_free(evpKey); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_PUBKEY_EC(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC) - X509* x509 = NULL; - ASN1_OBJECT* obj = NULL; - ASN1_OBJECT* poid = NULL; - const ASN1_OBJECT* pa_oid = NULL; - X509_PUBKEY* pubKey = NULL; - X509_PUBKEY* pubKey2 = NULL; - EVP_PKEY* evpKey = NULL; - - const unsigned char *pk = NULL; - int ppklen; - int pptype; - X509_ALGOR *pa = NULL; - const void *pval; - char buf[50]; - - ExpectNotNull(x509 = X509_load_certificate_file(cliEccCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509)); - ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey)); - ExpectNotNull(pubKey2 = X509_PUBKEY_new()); - ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); - ExpectNotNull(pk); - ExpectNotNull(pa); - ExpectIntGT(ppklen, 0); - X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); - ExpectNotNull(pa_oid); - ExpectNotNull(pval); - ExpectIntEQ(pptype, V_ASN1_OBJECT); - ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC); - poid = (ASN1_OBJECT *)pval; - ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0); - ExpectIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1); - - X509_PUBKEY_free(pubKey2); - X509_free(x509); - EVP_PKEY_free(evpKey); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_PUBKEY_DSA(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA) - word32 bytes; -#ifdef USE_CERT_BUFFERS_1024 - byte tmp[ONEK_BUF]; -#elif defined(USE_CERT_BUFFERS_2048) - byte tmp[TWOK_BUF]; -#else - byte tmp[TWOK_BUF]; -#endif /* END USE_CERT_BUFFERS_1024 */ - const unsigned char* dsaKeyDer = tmp; - - ASN1_OBJECT* obj = NULL; - ASN1_STRING* str; - const ASN1_OBJECT* pa_oid = NULL; - X509_PUBKEY* pubKey = NULL; - EVP_PKEY* evpKey = NULL; - - const unsigned char *pk = NULL; - int ppklen, pptype; - X509_ALGOR *pa = NULL; - const void *pval; - -#ifdef USE_CERT_BUFFERS_1024 - XMEMSET(tmp, 0, sizeof(tmp)); - XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); - bytes = sizeof_dsa_key_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMSET(tmp, 0, sizeof(tmp)); - XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); - bytes = sizeof_dsa_key_der_2048; -#else - { - XFILE fp = XBADFILE; - XMEMSET(tmp, 0, sizeof(tmp)); - ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); - ExpectIntGT(bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0); - if (fp != XBADFILE) - XFCLOSE(fp); - } -#endif - - /* Initialize pkey with der format dsa key */ - ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes)); - - ExpectNotNull(pubKey = X509_PUBKEY_new()); - ExpectIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); - ExpectNotNull(pk); - ExpectNotNull(pa); - ExpectIntGT(ppklen, 0); - X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); - ExpectNotNull(pa_oid); - ExpectNotNull(pval); - ExpectIntEQ(pptype, V_ASN1_SEQUENCE); - ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA); - str = (ASN1_STRING *)pval; - DEBUG_WRITE_DER(ASN1_STRING_data(str), ASN1_STRING_length(str), "str.der"); -#ifdef USE_CERT_BUFFERS_1024 - ExpectIntEQ(ASN1_STRING_length(str), 291); -#else - ExpectIntEQ(ASN1_STRING_length(str), 549); -#endif /* END USE_CERT_BUFFERS_1024 */ - - X509_PUBKEY_free(pubKey); - EVP_PKEY_free(evpKey); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_BUF(void) { EXPECT_DECLS; @@ -26706,329 +20633,6 @@ static int test_wolfSSL_OBJ_txt2obj(void) return EXPECT_RESULT(); } -static int test_wolfSSL_PEM_write_bio_X509(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) && \ - defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_EXT) && \ - defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) - /* This test contains the hard coded expected - * lengths. Update if necessary */ - XFILE fp = XBADFILE; - WOLFSSL_EVP_PKEY *priv = NULL; - - BIO* input = NULL; - BIO* output = NULL; - X509* x509a = NULL; - X509* x509b = NULL; - X509* empty = NULL; - - ASN1_TIME* notBeforeA = NULL; - ASN1_TIME* notAfterA = NULL; -#ifndef NO_ASN_TIME - ASN1_TIME* notBeforeB = NULL; - ASN1_TIME* notAfterB = NULL; -#endif - int expectedLen; - - ExpectTrue((fp = XFOPEN("certs/server-key.pem", "rb")) != XBADFILE); - ExpectNotNull(priv = wolfSSL_PEM_read_PrivateKey(fp, NULL, NULL, NULL)); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - - ExpectNotNull(input = BIO_new_file("certs/test/cert-ext-multiple.pem", - "rb")); - ExpectIntEQ(wolfSSL_BIO_get_len(input), 2000); - - /* read PEM into X509 struct, get notBefore / notAfter to verify against */ - ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); - ExpectNotNull(notBeforeA = X509_get_notBefore(x509a)); - ExpectNotNull(notAfterA = X509_get_notAfter(x509a)); - - /* write X509 back to PEM BIO; no need to sign as nothing changed. */ - ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); - ExpectNotNull(empty = wolfSSL_X509_new()); - ExpectIntEQ(PEM_write_bio_X509(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509(output, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509(NULL, x509a), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509(output, empty), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); - /* compare length against expected */ - expectedLen = 2000; - ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen); - wolfSSL_X509_free(empty); - -#ifndef NO_ASN_TIME - /* read exported X509 PEM back into struct, sanity check on export, - * make sure notBefore/notAfter are the same and certs are identical. */ - ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); - ExpectNotNull(notBeforeB = X509_get_notBefore(x509b)); - ExpectNotNull(notAfterB = X509_get_notAfter(x509b)); - ExpectIntEQ(ASN1_TIME_compare(notBeforeA, notBeforeB), 0); - ExpectIntEQ(ASN1_TIME_compare(notAfterA, notAfterB), 0); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); - X509_free(x509b); - x509b = NULL; -#endif - - /* Reset output buffer */ - BIO_free(output); - output = NULL; - ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); - - /* Test forcing the AKID to be generated just from KeyIdentifier */ - if (EXPECT_SUCCESS() && x509a->authKeyIdSrc != NULL) { - XMEMMOVE(x509a->authKeyIdSrc, x509a->authKeyId, x509a->authKeyIdSz); - x509a->authKeyId = x509a->authKeyIdSrc; - x509a->authKeyIdSrc = NULL; - x509a->authKeyIdSrcSz = 0; - } - - /* Resign to re-generate the der */ - ExpectIntGT(wolfSSL_X509_sign(x509a, priv, EVP_sha256()), 0); - - ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); - - /* Check that we generate a smaller output since the AKID will - * only contain the KeyIdentifier without any additional - * information */ - - /* Here we copy the validity struct from the original */ - expectedLen = 1688; - ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen); - - /* Reset buffers and x509 */ - BIO_free(input); - input = NULL; - BIO_free(output); - output = NULL; - X509_free(x509a); - x509a = NULL; - - /* test CA and basicConstSet values are encoded when - * the cert is a CA */ - ExpectNotNull(input = BIO_new_file("certs/server-cert.pem", "rb")); - - /* read PEM into X509 struct */ - ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); - - /* write X509 back to PEM BIO; no need to sign as nothing changed */ - ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); - - /* read exported X509 PEM back into struct, ensure isCa and basicConstSet - * values are maintained and certs are identical.*/ - ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); - ExpectIntEQ(x509b->isCa, 1); - ExpectIntEQ(x509b->basicConstSet, 1); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); - - X509_free(x509a); - x509a = NULL; - X509_free(x509b); - x509b = NULL; - BIO_free(input); - input = NULL; - BIO_free(output); - output = NULL; - - /* test CA and basicConstSet values are encoded when - * the cert is not CA */ - ExpectNotNull(input = BIO_new_file("certs/client-uri-cert.pem", "rb")); - - /* read PEM into X509 struct */ - ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); - - /* write X509 back to PEM BIO; no need to sign as nothing changed */ - ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); - - /* read exported X509 PEM back into struct, ensure isCa and - * basicConstSet values are maintained and certs are identical */ - ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); - ExpectIntEQ(x509b->isCa, 0); - ExpectIntEQ(x509b->basicConstSet, 1); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); - - wolfSSL_EVP_PKEY_free(priv); - X509_free(x509a); - X509_free(x509b); - BIO_free(input); - BIO_free(output); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_NAME_ENTRY(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) - X509* x509 = NULL; -#ifndef NO_BIO - X509* empty = NULL; - BIO* bio = NULL; -#endif - X509_NAME* nm = NULL; - X509_NAME_ENTRY* entry = NULL; - WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries = NULL; - unsigned char cn[] = "another name to add"; -#ifdef OPENSSL_ALL - int i; - int names_len = 0; -#endif - - ExpectNotNull(x509 = - wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); -#ifndef NO_BIO - ExpectNotNull(empty = wolfSSL_X509_new()); - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_AUX(bio, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, x509), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_AUX(bio, empty), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS); - wolfSSL_X509_free(empty); -#endif - -#ifdef WOLFSSL_CERT_REQ - { - X509_REQ* req = NULL; -#ifndef NO_BIO - X509_REQ* emptyReq = NULL; - BIO* bReq = NULL; -#endif - - ExpectNotNull(req = - wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); -#ifndef NO_BIO - ExpectNotNull(emptyReq = wolfSSL_X509_REQ_new()); - ExpectNotNull(bReq = BIO_new(BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, req), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, emptyReq), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS); - - BIO_free(bReq); - X509_REQ_free(emptyReq); -#endif - X509_free(req); - } -#endif - - ExpectNotNull(nm = X509_get_subject_name(x509)); - - /* Test add entry */ - ExpectNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, - 0x0c, cn, (int)sizeof(cn))); - ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); - - /* @TODO the internal name entry set value needs investigated for matching - * behavior with OpenSSL. At the moment the getter function for the set - * value is being tested only in that it succeeds in getting the internal - * value. */ - ExpectIntGT(X509_NAME_ENTRY_set(X509_NAME_get_entry(nm, 1)), 0); - -#ifdef WOLFSSL_CERT_EXT - ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, NULL, MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, NULL, MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, "emailAddress", MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS); - ExpectNull(wolfSSL_X509_NAME_delete_entry(NULL, -1)); - ExpectNull(wolfSSL_X509_NAME_delete_entry(nm, -1)); - ExpectNotNull(wolfSSL_X509_NAME_delete_entry(nm, 0)); -#endif - X509_NAME_ENTRY_free(entry); - entry = NULL; - -#ifdef WOLFSSL_CERT_REQ - { - unsigned char srv_pkcs9p[] = "Server"; - unsigned char rfc822Mlbx[] = "support@wolfssl.com"; - unsigned char fvrtDrnk[] = "tequila"; - unsigned char* der = NULL; - char* subject = NULL; - - ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType, - MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS); - - ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_rfc822Mailbox, - MBSTRING_ASC, rfc822Mlbx, -1, -1, 0), SSL_SUCCESS); - - ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_favouriteDrink, - MBSTRING_ASC, fvrtDrnk, -1, -1, 0), SSL_SUCCESS); - - ExpectIntEQ(wolfSSL_i2d_X509_NAME(NULL, &der), BAD_FUNC_ARG); - ExpectIntGT(wolfSSL_i2d_X509_NAME(nm, &der), 0); - ExpectNotNull(der); - - ExpectNotNull(subject = X509_NAME_oneline(nm, NULL, 0)); - ExpectNotNull(XSTRSTR(subject, "rfc822Mailbox=support@wolfssl.com")); - ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila")); - ExpectNotNull(XSTRSTR(subject, "contentType=Server")); - #ifdef DEBUG_WOLFSSL - if (subject != NULL) { - fprintf(stderr, "\n\t%s\n", subject); - } - #endif - XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); - XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); - } -#endif - - ExpectNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, NULL, 0x0c, cn, - (int)sizeof(cn))); - /* Test add entry by text */ - ExpectNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName", - 0x0c, cn, (int)sizeof(cn))); - ExpectPtrEq(X509_NAME_ENTRY_create_by_txt(&entry, "commonName", - 0x0c, cn, (int)sizeof(cn)), entry); - #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \ - || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) - ExpectNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown", - V_ASN1_UTF8STRING, cn, (int)sizeof(cn))); - #endif - ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); - X509_NAME_ENTRY_free(entry); - entry = NULL; - - /* Test add entry by NID */ - ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8, - cn, -1, -1, 0), SSL_SUCCESS); - -#ifdef OPENSSL_ALL - /* stack of name entry */ - ExpectIntGT((names_len = sk_X509_NAME_ENTRY_num(nm->entries)), 0); - for (i = 0; i < names_len; i++) { - ExpectNotNull(entry = sk_X509_NAME_ENTRY_value(nm->entries, i)); - } -#endif - - ExpectNotNull(entries = wolfSSL_sk_X509_NAME_ENTRY_new(NULL)); - ExpectIntEQ(sk_X509_NAME_ENTRY_num(NULL), BAD_FUNC_ARG); - ExpectIntEQ(sk_X509_NAME_ENTRY_num(entries), 0); - ExpectNull(sk_X509_NAME_ENTRY_value(NULL, 0)); - ExpectNull(sk_X509_NAME_ENTRY_value(entries, 0)); - wolfSSL_sk_X509_NAME_ENTRY_free(entries); - -#ifndef NO_BIO - BIO_free(bio); -#endif - X509_free(x509); /* free's nm */ -#endif - return EXPECT_RESULT(); -} - /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */ static int test_GENERAL_NAME_set0_othername(void) { @@ -27316,192 +20920,6 @@ static int test_othername_and_SID_ext(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_set_name(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) - X509* x509 = NULL; - X509_NAME* name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, 0, 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, - 1), WOLFSSL_SUCCESS); - ExpectNotNull(x509 = X509_new()); - - ExpectIntEQ(X509_set_subject_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_subject_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_subject_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - - ExpectIntEQ(X509_set_issuer_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_issuer_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_issuer_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - - X509_free(x509); - X509_NAME_free(name); -#endif /* OPENSSL_ALL && !NO_CERTS */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_set_notAfter(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ - && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ - !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\ - !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO) - /* Generalized time will overflow time_t if not long */ - X509* x = NULL; - BIO* bio = NULL; - ASN1_TIME *asn_time = NULL; - ASN1_TIME *time_check = NULL; - const int year = 365*24*60*60; - const int day = 24*60*60; - const int hour = 60*60; - const int mini = 60; - int offset_day; - unsigned char buf[25]; - time_t t; - - /* - * Setup asn_time. APACHE HTTPD uses time(NULL) - */ - t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day; - offset_day = 7; - /* - * Free these. - */ - asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); - ExpectNotNull(asn_time); - ExpectNotNull(x = X509_new()); - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - /* - * Tests - */ - ExpectTrue(wolfSSL_X509_set_notAfter(x, asn_time)); - /* time_check is simply (ANS1_TIME*)x->notAfter */ - ExpectNotNull(time_check = X509_get_notAfter(x)); - /* ANS1_TIME_check validates by checking if argument can be parsed */ - ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); - /* Convert to human readable format and compare to intended date */ - ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1); - ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); - ExpectIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0); - - ExpectFalse(wolfSSL_X509_set_notAfter(NULL, NULL)); - ExpectFalse(wolfSSL_X509_set_notAfter(x, NULL)); - ExpectFalse(wolfSSL_X509_set_notAfter(NULL, asn_time)); - - /* - * Cleanup - */ - XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); - X509_free(x); - BIO_free(bio); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_set_notBefore(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ - && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ - !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) - X509* x = NULL; - BIO* bio = NULL; - ASN1_TIME *asn_time = NULL; - ASN1_TIME *time_check = NULL; - const int year = 365*24*60*60; - const int day = 24*60*60; - const int hour = 60*60; - const int mini = 60; - int offset_day; - unsigned char buf[25]; - time_t t; - - /* - * Setup asn_time. APACHE HTTPD uses time(NULL) - */ - t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day; - offset_day = 7; - - /* - * Free these. - */ - asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); - ExpectNotNull(asn_time); - ExpectNotNull(x = X509_new()); - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ExpectIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS); - - /* - * Main Tests - */ - ExpectTrue(wolfSSL_X509_set_notBefore(x, asn_time)); - /* time_check == (ANS1_TIME*)x->notBefore */ - ExpectNotNull(time_check = X509_get_notBefore(x)); - /* ANS1_TIME_check validates by checking if argument can be parsed */ - ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); - /* Convert to human readable format and compare to intended date */ - ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1); - ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); - ExpectIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0); - - ExpectFalse(wolfSSL_X509_set_notBefore(NULL, NULL)); - ExpectFalse(wolfSSL_X509_set_notBefore(x, NULL)); - ExpectFalse(wolfSSL_X509_set_notBefore(NULL, asn_time)); - - ExpectNull(X509_get_notBefore(NULL)); - ExpectNull(X509_get_notAfter(NULL)); - - /* - * Cleanup - */ - XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); - X509_free(x); - BIO_free(bio); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_set_version(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ - !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) - X509* x509 = NULL; - long v = 2L; - long maxInt = INT_MAX; - - ExpectNotNull(x509 = X509_new()); - /* These should pass. */ - ExpectTrue(wolfSSL_X509_set_version(x509, v)); - ExpectIntEQ(0, wolfSSL_X509_get_version(NULL)); - ExpectIntEQ(v, wolfSSL_X509_get_version(x509)); - /* Fail Case: When v(long) is greater than x509->version(int). */ - v = maxInt+1; - ExpectFalse(wolfSSL_X509_set_version(x509, v)); - - ExpectIntEQ(wolfSSL_X509_set_version(NULL, -1), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_set_version(NULL, 1), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_set_version(x509, -1), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_set_version(NULL, maxInt+1), WOLFSSL_FAILURE); - - /* Cleanup */ - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) /* test that the callback arg is correct */ @@ -27713,7 +21131,7 @@ static int test_wolfSSL_cert_cb_dyn_ciphers(void) "ECDSA+SHA256", caEccCertFile, wolfTLSv1_3_server_method}, #endif #endif -#ifndef WOLFSSL_NO_TLS12 +#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_HARDEN_TLS) #if !defined(NO_RSA) && defined(WC_RSA_PSS) && !defined(NO_DH) {wolfTLSv1_2_client_method, "DHE-RSA-AES128-GCM-SHA256", @@ -29527,167 +22945,6 @@ static int test_wolfSSL_EVP_Cipher_extra(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_get_serialNumber(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) - ASN1_INTEGER* a = NULL; - BIGNUM* bn = NULL; - X509* x509 = NULL; - X509* empty = NULL; - char *serialHex = NULL; - byte serial[3]; - int serialSz; - - ExpectNotNull(empty = wolfSSL_X509_new()); - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM)); - ExpectNull(X509_get_serialNumber(NULL)); - ExpectNotNull(X509_get_serialNumber(empty)); - ExpectNotNull(a = X509_get_serialNumber(x509)); - - /* check on value of ASN1 Integer */ - ExpectNotNull(bn = ASN1_INTEGER_to_BN(a, NULL)); - a = NULL; - - /* test setting serial number and then retrieving it */ - ExpectNotNull(a = ASN1_INTEGER_new()); - ExpectIntEQ(ASN1_INTEGER_set(a, 3), 1); - ExpectIntEQ(X509_set_serialNumber(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(X509_set_serialNumber(NULL, a), WOLFSSL_FAILURE); - ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, NULL), - BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, &serialSz), - BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, NULL), - BAD_FUNC_ARG); - serialSz = 0; - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), - BUFFER_E); - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, NULL, &serialSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(serialSz, 1); - serialSz = sizeof(serial); - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(serialSz, 1); - ExpectIntEQ(serial[0], 3); - ASN1_INTEGER_free(a); - a = NULL; - - /* test setting serial number with 0's in it */ - serial[0] = 0x01; - serial[1] = 0x00; - serial[2] = 0x02; - - ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new()); - if (a != NULL) { - a->data[0] = ASN_INTEGER; - a->data[1] = sizeof(serial); - XMEMCPY(&a->data[2], serial, sizeof(serial)); - a->length = sizeof(serial) + 2; - } - ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); - - XMEMSET(serial, 0, sizeof(serial)); - serialSz = sizeof(serial); - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(serialSz, 3); - ExpectIntEQ(serial[0], 0x01); - ExpectIntEQ(serial[1], 0x00); - ExpectIntEQ(serial[2], 0x02); - ASN1_INTEGER_free(a); - a = NULL; - - X509_free(x509); /* free's a */ - X509_free(empty); - - ExpectNotNull(serialHex = BN_bn2hex(bn)); -#ifndef WC_DISABLE_RADIX_ZERO_PAD - ExpectStrEQ(serialHex, "01"); -#else - ExpectStrEQ(serialHex, "1"); -#endif - OPENSSL_free(serialHex); - ExpectIntEQ(BN_get_word(bn), 1); - BN_free(bn); - - /* hard test free'ing with dynamic buffer to make sure there is no leaks */ - ExpectNotNull(a = ASN1_INTEGER_new()); - if (a != NULL) { - ExpectNotNull(a->data = (unsigned char*)XMALLOC(100, NULL, - DYNAMIC_TYPE_OPENSSL)); - a->isDynamic = 1; - ASN1_INTEGER_free(a); - } -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_ext_get_critical_by_NID(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) - WOLFSSL_X509* x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(NULL, - WC_NID_basic_constraints), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_basic_constraints), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_subject_alt_name), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_authority_key_identifier), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_subject_key_identifier), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_key_usage), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_crl_distribution_points), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_ext_key_usage), 0); -#ifdef WOLFSSL_SEP - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_certificate_policies), 0); -#endif - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_info_access), 0); - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_CRL_distribution_points(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) - WOLFSSL_X509* x509 = NULL; - const char* file = "./certs/client-crl-dist.pem"; - - ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(NULL, - WC_NID_crl_distribution_points), 0); - - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, - WC_NID_crl_distribution_points), 0); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(file, - WOLFSSL_FILETYPE_PEM)); - ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, - WC_NID_crl_distribution_points), 1); - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_X509_SEP(void) { EXPECT_DECLS; @@ -29811,326 +23068,6 @@ static int test_wolfSSL_OPENSSL_hexstr2buf(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_CA_num(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - defined(HAVE_ECC) && !defined(NO_RSA) - WOLFSSL_X509_STORE *store = NULL; - WOLFSSL_X509 *x509_1 = NULL; - WOLFSSL_X509 *x509_2 = NULL; - int ca_num = 0; - - ExpectNotNull(store = wolfSSL_X509_STORE_new()); - ExpectNotNull(x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_1), 1); - ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 1); - - ExpectNotNull(x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_2), 1); - ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 2); - - wolfSSL_X509_free(x509_1); - wolfSSL_X509_free(x509_2); - wolfSSL_X509_STORE_free(store); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_check_ca(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - WOLFSSL_X509 *x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectIntEQ(wolfSSL_X509_check_ca(NULL), 0); - ExpectIntEQ(wolfSSL_X509_check_ca(x509), 1); - wolfSSL_X509_free(x509); - - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(wolfSSL_X509_check_ca(x509), 0); - if (x509 != NULL) { - x509->extKeyUsageCrit = 1; - } - ExpectIntEQ(wolfSSL_X509_check_ca(x509), 4); - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_check_ip_asc(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - WOLFSSL_X509 *x509 = NULL; - WOLFSSL_X509 *empty = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(empty = wolfSSL_X509_new()); - -#if 0 - /* TODO: add cert gen for testing positive case */ - ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1); -#endif - ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0); - ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0); - ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, NULL, 0), 0); - ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0); - ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0); - - wolfSSL_X509_free(empty); - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_make_cert(void) -{ - EXPECT_DECLS; -#if !defined(NO_RSA) && !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && \ - defined(WOLFSSL_CERT_EXT) - int ret = 0; - Cert cert; - CertName name; - RsaKey key; - WC_RNG rng; - byte der[FOURK_BUF]; - word32 idx = 0; - const byte mySerial[8] = {1,2,3,4,5,6,7,8}; - -#ifdef OPENSSL_EXTRA - const unsigned char* pt = NULL; - int certSz = 0; - X509* x509 = NULL; - X509_NAME* x509name = NULL; - X509_NAME_ENTRY* entry = NULL; - ASN1_STRING* entryValue = NULL; -#endif - - XMEMSET(&name, 0, sizeof(CertName)); - - /* set up cert name */ - XMEMCPY(name.country, "US", sizeof("US")); - name.countryEnc = CTC_PRINTABLE; - XMEMCPY(name.state, "Oregon", sizeof("Oregon")); - name.stateEnc = CTC_UTF8; - XMEMCPY(name.locality, "Portland", sizeof("Portland")); - name.localityEnc = CTC_UTF8; - XMEMCPY(name.sur, "Test", sizeof("Test")); - name.surEnc = CTC_UTF8; - XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL")); - name.orgEnc = CTC_UTF8; - XMEMCPY(name.unit, "Development", sizeof("Development")); - name.unitEnc = CTC_UTF8; - XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); - name.commonNameEnc = CTC_UTF8; - XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); - name.serialDevEnc = CTC_PRINTABLE; - XMEMCPY(name.userId, "TestUserID", sizeof("TestUserID")); - name.userIdEnc = CTC_PRINTABLE; -#ifdef WOLFSSL_MULTI_ATTRIB - #if CTC_MAX_ATTRIB > 2 - { - NameAttrib* n; - n = &name.name[0]; - n->id = ASN_DOMAIN_COMPONENT; - n->type = CTC_UTF8; - n->sz = sizeof("com"); - XMEMCPY(n->value, "com", sizeof("com")); - - n = &name.name[1]; - n->id = ASN_DOMAIN_COMPONENT; - n->type = CTC_UTF8; - n->sz = sizeof("wolfssl"); - XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); - } - #endif -#endif /* WOLFSSL_MULTI_ATTRIB */ - - ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); -#ifndef HAVE_FIPS - ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); -#else - ExpectIntEQ(wc_InitRng(&rng), 0); -#endif - - /* load test RSA key */ - idx = 0; -#if defined(USE_CERT_BUFFERS_1024) - ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key, - sizeof_server_key_der_1024), 0); -#elif defined(USE_CERT_BUFFERS_2048) - ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, - sizeof_server_key_der_2048), 0); -#else - /* error case, no RSA key loaded, happens later */ - (void)idx; -#endif - - XMEMSET(&cert, 0 , sizeof(Cert)); - ExpectIntEQ(wc_InitCert(&cert), 0); - - XMEMCPY(&cert.subject, &name, sizeof(CertName)); - XMEMCPY(cert.serial, mySerial, sizeof(mySerial)); - cert.serialSz = (int)sizeof(mySerial); - cert.isCA = 1; -#ifndef NO_SHA256 - cert.sigType = CTC_SHA256wRSA; -#else - cert.sigType = CTC_SHAwRSA; -#endif - - /* add SKID from the Public Key */ - ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0); - - /* add AKID from the Public Key */ - ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0); - - ret = 0; - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng); - } - } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); - ExpectIntGT(ret, 0); - -#ifdef OPENSSL_EXTRA - /* der holds a certificate with DC's now check X509 parsing of it */ - certSz = ret; - pt = der; - ExpectNotNull(x509 = d2i_X509(NULL, &pt, certSz)); - ExpectNotNull(x509name = X509_get_subject_name(x509)); -#ifdef WOLFSSL_MULTI_ATTRIB - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - -1)), 5); - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - (int)idx)), 6); - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - (int)idx)), -1); -#endif /* WOLFSSL_MULTI_ATTRIB */ - - /* compare DN at index 0 */ - ExpectNotNull(entry = X509_NAME_get_entry(x509name, 0)); - ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); - ExpectIntEQ(ASN1_STRING_length(entryValue), 2); - ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "US"); - -#ifndef WOLFSSL_MULTI_ATTRIB - /* compare Serial Number */ - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_serialNumber, - -1)), 7); - ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx)); - ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); - ExpectIntEQ(ASN1_STRING_length(entryValue), XSTRLEN("wolfSSL12345")); - ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "wolfSSL12345"); -#endif - -#ifdef WOLFSSL_MULTI_ATTRIB - /* get first and second DC and compare result */ - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - -1)), 5); - ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); - ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); - ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "com"); - - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - (int)idx)), 6); - ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); - ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); - ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl"); -#endif /* WOLFSSL_MULTI_ATTRIB */ - - ExpectNull(X509_NAME_get_entry(NULL, 0)); - /* try invalid index locations for regression test and sanity check */ - ExpectNull(X509_NAME_get_entry(x509name, 11)); - ExpectNull(X509_NAME_get_entry(x509name, 20)); - - X509_free(x509); -#endif /* OPENSSL_EXTRA */ - - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); -#endif - return EXPECT_RESULT(); -} - -static int test_x509_get_key_id(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509 *x509 = NULL; - const ASN1_STRING* str = NULL; - byte* keyId = NULL; - byte keyIdData[32]; - int len; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - len = (int)sizeof(keyIdData); - ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL)); - ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len)); - ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL)); - ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len)); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - - ExpectNotNull(str = X509_get0_subject_key_id(x509)); - ExpectNull(wolfSSL_X509_get_subjectKeyID(NULL, NULL, NULL)); - ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL)); - ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), - ASN1_STRING_length(str)); - ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, keyIdData, NULL)); - ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), - ASN1_STRING_length(str)); - len = (int)sizeof(keyIdData); - ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, &len)); - ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), - ASN1_STRING_length(str)); - ExpectNotNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len)); - ExpectIntEQ(len, ASN1_STRING_length(str)); - ExpectBufEQ(keyIdData, ASN1_STRING_data((ASN1_STRING*)str), - ASN1_STRING_length(str)); - ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), - ASN1_STRING_length(str)); - - ExpectNull(wolfSSL_X509_get_authorityKeyID(NULL, NULL, NULL)); - ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL)); - ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, NULL)); - len = (int)sizeof(keyIdData); - ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, &len)); - ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len)); - ExpectIntEQ(len, 20); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - - -static int test_wolfSSL_X509_get_version(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - WOLFSSL_X509 *x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectIntEQ((int)wolfSSL_X509_get_version(x509), 2); - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - #if defined(OPENSSL_ALL) static int test_wolfSSL_sk_CIPHER_description(void) { @@ -30228,120 +23165,6 @@ static int test_wolfSSL_get_ciphers_compat(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_PUBKEY_get(void) -{ - EXPECT_DECLS; - WOLFSSL_X509_PUBKEY pubkey; - WOLFSSL_X509_PUBKEY* key; - WOLFSSL_EVP_PKEY evpkey ; - WOLFSSL_EVP_PKEY* evpPkey; - WOLFSSL_EVP_PKEY* retEvpPkey; - - XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY)); - XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY)); - - key = &pubkey; - evpPkey = &evpkey; - - evpPkey->type = WOLFSSL_SUCCESS; - key->pkey = evpPkey; - - ExpectNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); - ExpectIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS); - - ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL)); - - key->pkey = NULL; - ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_set_pubkey(void) -{ - EXPECT_DECLS; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_EVP_PKEY* pkey = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - -#if !defined(NO_RSA) - { - WOLFSSL_RSA* rsa = NULL; - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - if (pkey != NULL) { - pkey->type = WC_EVP_PKEY_RSA; - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); - ExpectNotNull(rsa = wolfSSL_RSA_new()); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa), - WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_RSA_free(rsa); - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS); - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - } -#endif -#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ - defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA) - { - WOLFSSL_DSA* dsa = NULL; - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - if (pkey != NULL) { - pkey->type = WC_EVP_PKEY_DSA; - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); - ExpectNotNull(dsa = wolfSSL_DSA_new()); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_DSA, dsa), - WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_DSA_free(dsa); - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - } -#endif -#if defined(HAVE_ECC) - { - WOLFSSL_EC_KEY* ec = NULL; - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - if (pkey != NULL) { - pkey->type = WC_EVP_PKEY_EC; - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); - ExpectNotNull(ec = wolfSSL_EC_KEY_new()); - ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ec), 1); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_EC, ec), - WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_EC_KEY_free(ec); - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS); - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - } -#endif -#if !defined(NO_DH) - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - if (pkey != NULL) { - pkey->type = WC_EVP_PKEY_DH; - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; -#endif - - wolfSSL_X509_free(x509); - - return EXPECT_RESULT(); -} - static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) { EXPECT_DECLS; @@ -32325,1473 +25148,6 @@ static int test_wolfSSL_NCONF(void) } #endif /* OPENSSL_ALL */ -static int test_wolfSSL_X509V3_set_ctx(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ - defined(HAVE_CRL) - WOLFSSL_X509V3_CTX ctx; - WOLFSSL_X509* issuer = NULL; - WOLFSSL_X509* subject = NULL; - WOLFSSL_X509 req; - WOLFSSL_X509_CRL crl; - - XMEMSET(&ctx, 0, sizeof(ctx)); - ExpectNotNull(issuer = wolfSSL_X509_new()); - ExpectNotNull(subject = wolfSSL_X509_new()); - XMEMSET(&req, 0, sizeof(req)); - XMEMSET(&crl, 0, sizeof(crl)); - - wolfSSL_X509V3_set_ctx(NULL, NULL, NULL, NULL, NULL, 0); - wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - wolfSSL_X509V3_set_ctx(&ctx, issuer, NULL, NULL, NULL, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - wolfSSL_X509V3_set_ctx(&ctx, NULL, subject, NULL, NULL, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, &req, NULL, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, &crl, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 1); - /* X509 allocated in context results in 'failure' (but not return). */ - wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - - wolfSSL_X509_free(subject); - wolfSSL_X509_free(issuer); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_get(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - XFILE f = XBADFILE; - int numOfExt =0; - int extNid = 0; - int i = 0; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - const WOLFSSL_v3_ext_method* method = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - /* No object in extension. */ - ExpectNull(wolfSSL_X509V3_EXT_get(ext)); - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - /* NID is zero. */ - ExpectNull(wolfSSL_X509V3_EXT_get(ext)); - /* NID is not known. */ - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = 1; - } - ExpectNull(wolfSSL_X509V3_EXT_get(ext)); - - /* NIDs not in certificate. */ - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = NID_certificate_policies; - } - ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); - ExpectIntEQ(method->ext_nid, NID_certificate_policies); - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = NID_crl_distribution_points; - } - ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); - ExpectIntEQ(method->ext_nid, NID_crl_distribution_points); - - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - ext = NULL; - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - /* wolfSSL_X509V3_EXT_get() return struct and nid test */ - ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); - for (i = 0; i < numOfExt; i++) { - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectIntNE((extNid = ext->obj->nid), NID_undef); - ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); - ExpectIntEQ(method->ext_nid, extNid); - if (EXPECT_SUCCESS()) { - if (method->ext_nid == NID_subject_key_identifier) { - ExpectNotNull(method->i2s); - } - } - } - - /* wolfSSL_X509V3_EXT_get() NULL argument test */ - ExpectNull(method = wolfSSL_X509V3_EXT_get(NULL)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_nconf(void) -{ - EXPECT_DECLS; -#ifdef OPENSSL_ALL - const char *ext_names[] = { - "subjectKeyIdentifier", - "authorityKeyIdentifier", - "subjectAltName", - "keyUsage", - "extendedKeyUsage", - }; - size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names); - int ext_nids[] = { - NID_subject_key_identifier, - NID_authority_key_identifier, - NID_subject_alt_name, - NID_key_usage, - NID_ext_key_usage, - }; - size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids); - const char *ext_values[] = { - "hash", - "hash", - "DNS:example.com, IP:127.0.0.1", - "digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment," - "keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly", - "serverAuth,clientAuth,codeSigning,emailProtection,timeStamping," - "OCSPSigning", - }; - size_t i; - X509_EXTENSION* ext = NULL; - X509* x509 = NULL; - unsigned int keyUsageFlags; - unsigned int extKeyUsageFlags; - WOLFSSL_CONF conf; - WOLFSSL_X509V3_CTX ctx; -#ifndef NO_WOLFSSL_STUB - WOLFSSL_LHASH lhash; -#endif - - ExpectNotNull(x509 = X509_new()); - ExpectNull(X509V3_EXT_nconf(NULL, NULL, ext_names[0], NULL)); - ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[0], NULL)); - ExpectNull(X509V3_EXT_nconf(NULL, NULL, "", ext_values[0])); - ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, 0, ext_values[0])); - - /* conf and ctx ignored. */ - ExpectNull(X509V3_EXT_nconf_nid(&conf, NULL, 0, ext_values[0])); - ExpectNull(X509V3_EXT_nconf_nid(NULL , &ctx, 0, ext_values[0])); - ExpectNull(X509V3_EXT_nconf_nid(&conf, &ctx, 0, ext_values[0])); - - /* keyUsage / extKeyUsage should match string above */ - keyUsageFlags = KU_DIGITAL_SIGNATURE - | KU_NON_REPUDIATION - | KU_KEY_ENCIPHERMENT - | KU_DATA_ENCIPHERMENT - | KU_KEY_AGREEMENT - | KU_KEY_CERT_SIGN - | KU_CRL_SIGN - | KU_ENCIPHER_ONLY - | KU_DECIPHER_ONLY; - extKeyUsageFlags = XKU_SSL_CLIENT - | XKU_SSL_SERVER - | XKU_CODE_SIGN - | XKU_SMIME - | XKU_TIMESTAMP - | XKU_OCSP_SIGN; - - for (i = 0; i < ext_names_count; i++) { - ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], - ext_values[i])); - X509_EXTENSION_free(ext); - ext = NULL; - } - - for (i = 0; i < ext_nids_count; i++) { - ExpectNotNull(ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i], - ext_values[i])); - X509_EXTENSION_free(ext); - ext = NULL; - } - - /* Test adding extension to X509 */ - for (i = 0; i < ext_nids_count; i++) { - ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], - ext_values[i])); - ExpectIntEQ(X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - - if (ext_nids[i] == NID_key_usage) { - ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); - } - else if (ext_nids[i] == NID_ext_key_usage) { - ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); - } - X509_EXTENSION_free(ext); - ext = NULL; - } - X509_free(x509); - -#ifndef NO_WOLFSSL_STUB - ExpectIntEQ(wolfSSL_X509V3_EXT_add_nconf(NULL, NULL, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectNull(wolfSSL_X509V3_EXT_conf_nid(NULL, NULL, 0, NULL)); - ExpectNull(wolfSSL_X509V3_EXT_conf_nid(&lhash, NULL, 0, NULL)); - wolfSSL_X509V3_set_ctx_nodb(NULL); -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_bc(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; - WOLFSSL_ASN1_INTEGER* pathLen = NULL; - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new()); - if (pathLen != NULL) { - pathLen->length = 2; - } - - if (obj != NULL) { - obj->type = NID_basic_constraints; - obj->nid = NID_basic_constraints; - } - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); - /* No pathlen set. */ - ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); - wolfSSL_BASIC_CONSTRAINTS_free(bc); - bc = NULL; - - if ((ext != NULL) && (ext->obj != NULL)) { - ext->obj->pathlen = pathLen; - pathLen = NULL; - } - /* pathlen set. */ - ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); - - wolfSSL_ASN1_INTEGER_free(pathLen); - wolfSSL_BASIC_CONSTRAINTS_free(bc); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_san(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_STACK* sk = NULL; - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - - if (obj != NULL) { - obj->type = NID_subject_alt_name; - obj->nid = NID_subject_alt_name; - } - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); - /* No extension stack set. */ - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - - ExpectNotNull(sk = wolfSSL_sk_new_null()); - if (ext != NULL) { - ext->ext_sk = sk; - sk = NULL; - } - /* Extension stack set. */ - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - - wolfSSL_sk_free(sk); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_aia(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_STACK* sk = NULL; - WOLFSSL_STACK* node = NULL; - WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL; - WOLFSSL_ASN1_OBJECT* entry = NULL; - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - - if (obj != NULL) { - obj->type = NID_info_access; - obj->nid = NID_info_access; - } - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); - /* No extension stack set. */ - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - - ExpectNotNull(sk = wolfSSL_sk_new_null()); - if (ext != NULL) { - ext->ext_sk = sk; - sk = NULL; - } - /* Extension stack set but empty. */ - ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext)); - wolfSSL_AUTHORITY_INFO_ACCESS_free(aia); - aia = NULL; - - ExpectNotNull(entry = wolfSSL_ASN1_OBJECT_new()); - if (entry != NULL) { - entry->nid = WC_NID_ad_OCSP; - entry->obj = (const unsigned char*)"http://127.0.0.1"; - entry->objSz = 16; - } - ExpectNotNull(node = wolfSSL_sk_new_node(NULL)); - if ((node != NULL) && (ext != NULL)) { - node->type = STACK_TYPE_OBJ; - node->data.obj = entry; - entry = NULL; - ExpectIntEQ(wolfSSL_sk_push_node(&ext->ext_sk, node), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) { - node = NULL; - } - } - ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext)); - wolfSSL_ACCESS_DESCRIPTION_free(NULL); - - wolfSSL_AUTHORITY_INFO_ACCESS_pop_free(aia, - wolfSSL_ACCESS_DESCRIPTION_free); - wolfSSL_ASN1_OBJECT_free(entry); - wolfSSL_sk_free(node); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - XFILE f = XBADFILE; - int numOfExt = 0, nid = 0, i = 0, expected, actual = 0; - char* str = NULL; - unsigned char* data = NULL; - const WOLFSSL_v3_ext_method* method = NULL; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_X509_EXTENSION* ext2 = NULL; - WOLFSSL_ASN1_OBJECT *obj = NULL; - WOLFSSL_ASN1_OBJECT *adObj = NULL; - WOLFSSL_ASN1_STRING* asn1str = NULL; - WOLFSSL_AUTHORITY_KEYID* aKeyId = NULL; - WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL; - WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; - WOLFSSL_ACCESS_DESCRIPTION* ad = NULL; - WOLFSSL_GENERAL_NAME* gn = NULL; - - /* Check NULL argument */ - ExpectNull(wolfSSL_X509V3_EXT_d2i(NULL)); - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = ext->obj->type = NID_ext_key_usage; - } - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = ext->obj->type = NID_certificate_policies; - } - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = ext->obj->type = NID_crl_distribution_points; - } - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = ext->obj->type = NID_subject_alt_name; - } - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - - wolfSSL_ASN1_OBJECT_free(obj); - obj = NULL; - wolfSSL_X509_EXTENSION_free(ext); - ext = NULL; - - /* Using OCSP cert with X509V3 extensions */ - ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); - - /* Basic Constraints */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints); - ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); - - ExpectIntEQ(bc->ca, 1); - ExpectNull(bc->pathlen); - wolfSSL_BASIC_CONSTRAINTS_free(bc); - bc = NULL; - i++; - - /* Subject Key Identifier */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier); - - ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); - ExpectNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0, - asn1str)); - X509_EXTENSION_free(ext2); - ext2 = NULL; - ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); - ExpectNotNull(method->i2s); - ExpectNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str)); - wolfSSL_ASN1_STRING_free(asn1str); - asn1str = NULL; - if (str != NULL) { - actual = strcmp(str, - "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); - } - ExpectIntEQ(actual, 0); - XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); - str = NULL; - i++; - - /* Authority Key Identifier */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier); - - ExpectNotNull(aKeyId = (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i( - ext)); - ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); - ExpectNotNull(asn1str = aKeyId->keyid); - ExpectNotNull(str = wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, - asn1str)); - asn1str = NULL; - if (str != NULL) { - actual = strcmp(str, - "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); - } - ExpectIntEQ(actual, 0); - XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); - str = NULL; - wolfSSL_AUTHORITY_KEYID_free(aKeyId); - aKeyId = NULL; - i++; - - /* Key Usage */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage); - - ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); -#if defined(WOLFSSL_QT) - ExpectNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str)); -#else - ExpectNotNull(data = wolfSSL_ASN1_STRING_data(asn1str)); -#endif - expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN; - if (data != NULL) { - #ifdef BIG_ENDIAN_ORDER - actual = data[1]; - #else - actual = data[0]; - #endif - } - ExpectIntEQ(actual, expected); - wolfSSL_ASN1_STRING_free(asn1str); - asn1str = NULL; - ExpectIntEQ(wolfSSL_X509_get_keyUsage(NULL), 0); - ExpectIntEQ(wolfSSL_X509_get_keyUsage(x509), expected); - i++; - - /* Authority Info Access */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access); - ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i( - ext)); -#if defined(WOLFSSL_QT) - ExpectIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ -#else - ExpectIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ -#endif - /* URI entry is an ACCESS_DESCRIPTION type */ -#if defined(WOLFSSL_QT) - ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0)); -#else - ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0)); -#endif - ExpectNotNull(adObj = ad->method); - /* Make sure nid is OCSP */ - ExpectIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP); - - /* GENERAL_NAME stores URI as an ASN1_STRING */ - ExpectNotNull(gn = ad->location); - ExpectIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */ - ExpectNotNull(asn1str = gn->d.uniformResourceIdentifier); - ExpectIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22); -#if defined(WOLFSSL_QT) - ExpectNotNull(str = (char*)ASN1_STRING_get0_data(asn1str)); -#else - ExpectNotNull(str = (char*)wolfSSL_ASN1_STRING_data(asn1str)); -#endif - if (str != NULL) { - actual = strcmp(str, "http://127.0.0.1:22220"); - } - ExpectIntEQ(actual, 0); - - ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(NULL), WOLFSSL_FATAL_ERROR); - ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(aia), 1); - ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(NULL, 0)); - ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 1)); - ExpectNotNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 0)); - wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL); - aia = NULL; - -#ifndef NO_WOLFSSL_STUB - ExpectNull(wolfSSL_X509_delete_ext(x509, 0)); -#endif - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_extension_flags(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - XFILE f = XBADFILE; - X509* x509 = NULL; - unsigned int extFlags; - unsigned int keyUsageFlags; - unsigned int extKeyUsageFlags; - - ExpectIntEQ(X509_get_extension_flags(NULL), 0); - ExpectIntEQ(X509_get_key_usage(NULL), 0); - ExpectIntEQ(X509_get_extended_key_usage(NULL), 0); - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(X509_get_extension_flags(x509), 0); - ExpectIntEQ(X509_get_key_usage(x509), -1); - ExpectIntEQ(X509_get_extended_key_usage(x509), 0); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* client-int-cert.pem has the following extension flags. */ - extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE; - /* and the following key usage flags. */ - keyUsageFlags = KU_DIGITAL_SIGNATURE - | KU_NON_REPUDIATION - | KU_KEY_ENCIPHERMENT; - /* and the following extended key usage flags. */ - extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME; - - ExpectTrue((f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb")) != - XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) { - XFCLOSE(f); - f = XBADFILE; - } - ExpectIntEQ(X509_get_extension_flags(x509), extFlags); - ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); - ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); - X509_free(x509); - x509 = NULL; - - /* client-cert-ext.pem has the following extension flags. */ - extFlags = EXFLAG_KUSAGE; - /* and the following key usage flags. */ - keyUsageFlags = KU_DIGITAL_SIGNATURE - | KU_KEY_CERT_SIGN - | KU_CRL_SIGN; - - ExpectTrue((f = fopen("./certs/client-cert-ext.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - ExpectIntEQ(X509_get_extension_flags(x509), extFlags); - ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); - X509_free(x509); -#endif /* OPENSSL_ALL */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_ext(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - int ret = 0; - XFILE f = XBADFILE; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* foundExtension; - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); - - /* wolfSSL_X509_get_ext() valid input */ - ExpectNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0)); - - /* wolfSSL_X509_get_ext() valid x509, idx out of bounds */ - ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, -1)); - ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, 100)); - - /* wolfSSL_X509_get_ext() NULL x509, idx out of bounds */ - ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1)); - ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100)); - - /* wolfSSL_X509_get_ext() NULL x509, valid idx */ - ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0)); - - ExpectNull(wolfSSL_X509_get0_extensions(NULL)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_ext_by_NID(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - int rc = 0; - XFILE f = XBADFILE; - WOLFSSL_X509* x509 = NULL; - ASN1_OBJECT* obj = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1), - WOLFSSL_FATAL_ERROR); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, - -1), 0); - ExpectIntGE(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, 20), - -1); - - /* Start search from last location (should fail) */ - ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, - rc), -1); - - ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, - -2), -1); - - ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, - -1), -1); - - ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1), -1); - - /* NID_ext_key_usage, check also its nid and oid */ - ExpectIntGT(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_ext_key_usage, -1), - -1); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(wolfSSL_X509_get_ext( - x509, rc))); - ExpectIntEQ(obj->nid, NID_ext_key_usage); - ExpectIntEQ(obj->type, EXT_KEY_USAGE_OID); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_ext_subj_alt_name(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - int rc = 0; - XFILE f = XBADFILE; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_STRING* sanString = NULL; - byte* sanDer = NULL; - - const byte expectedDer[] = { - 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, - 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01}; - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - ExpectIntNE(rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1), -1); - ExpectNotNull(ext = X509_get_ext(x509, rc)); - ExpectNotNull(sanString = X509_EXTENSION_get_data(ext)); - ExpectIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer)); - ExpectNotNull(sanDer = ASN1_STRING_data(sanString)); - ExpectIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_set_ext(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509* x509 = NULL; - XFILE f = XBADFILE; - int loc; - - ExpectNull(wolfSSL_X509_set_ext(NULL, 0)); - - ExpectNotNull(x509 = wolfSSL_X509_new()); - /* Location too small. */ - ExpectNull(wolfSSL_X509_set_ext(x509, -1)); - /* Location too big. */ - ExpectNull(wolfSSL_X509_set_ext(x509, 1)); - /* No DER encoding. */ - ExpectNull(wolfSSL_X509_set_ext(x509, 0)); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) { - XFCLOSE(f); - } - for (loc = 0; loc < wolfSSL_X509_get_ext_count(x509); loc++) { - ExpectNotNull(wolfSSL_X509_set_ext(x509, loc)); - } - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -#if defined(OPENSSL_ALL) -static int test_X509_add_basic_constraints(WOLFSSL_X509* x509) -{ - EXPECT_DECLS; - const byte basicConsObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x13 }; - const byte* p; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - ASN1_INTEGER* pathLen = NULL; - - p = basicConsObj; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, - sizeof(basicConsObj))); - if (obj != NULL) { - obj->type = NID_basic_constraints; - } - ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new()); - if (pathLen != NULL) { - pathLen->length = 2; - } - if (obj != NULL) { - obj->ca = 0; - } - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - if (ext != NULL && ext->obj != NULL) { - ext->obj->ca = 0; - ext->obj->pathlen = pathLen; - } - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->isCa, 0); - ExpectIntEQ(x509->pathLength, 2); - if (ext != NULL && ext->obj != NULL) { - /* Add second time to without path length. */ - ext->obj->ca = 1; - ext->obj->pathlen = NULL; - } - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->isCa, 1); - ExpectIntEQ(x509->pathLength, 2); - ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(NULL), 0); - ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(x509), 1); - ExpectIntEQ(wolfSSL_X509_get_pathLength(NULL), 0); - ExpectIntEQ(wolfSSL_X509_get_pathLength(x509), 2); - - wolfSSL_ASN1_INTEGER_free(pathLen); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - - return EXPECT_RESULT(); -} - -static int test_X509_add_key_usage(WOLFSSL_X509* x509) -{ - EXPECT_DECLS; - const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f }; - const byte data[] = { 0x04, 0x02, 0x01, 0x80 }; - const byte emptyData[] = { 0x04, 0x00 }; - const char* strData = "digitalSignature,keyCertSign"; - const byte* p; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_ASN1_STRING* str = NULL; - - p = objData; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); - if (obj != NULL) { - obj->type = NID_key_usage; - } - p = data; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - /* No Data - no change. */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->keyUsage, KEYUSE_DECIPHER_ONLY | KEYUSE_ENCIPHER_ONLY); - - /* Add second time with string to interpret. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); - ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->keyUsage, KEYUSE_DIGITAL_SIG | KEYUSE_KEY_CERT_SIGN); - - /* Empty data. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - p = emptyData; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, - (long)sizeof(emptyData))); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); - - /* Invalid string to parse. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); - ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); - - wolfSSL_ASN1_STRING_free(str); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - - return EXPECT_RESULT(); -} - -static int test_X509_add_ext_key_usage(WOLFSSL_X509* x509) -{ - EXPECT_DECLS; - const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 }; - const byte data[] = { 0x04, 0x01, 0x01 }; - const byte emptyData[] = { 0x04, 0x00 }; - const char* strData = "serverAuth,codeSigning"; - const byte* p; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_ASN1_STRING* str = NULL; - - p = objData; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); - if (obj != NULL) { - obj->type = NID_ext_key_usage; - } - p = data; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - /* No Data - no change. */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_ANY); - - /* Add second time with string to interpret. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); - ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_SERVER_AUTH | EXTKEYUSE_CODESIGN); - - /* Empty data. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - p = emptyData; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, - (long)sizeof(emptyData))); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); - - /* Invalid string to parse. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); - ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); - - wolfSSL_ASN1_STRING_free(str); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - - return EXPECT_RESULT(); -} - -static int test_x509_add_auth_key_id(WOLFSSL_X509* x509) -{ - EXPECT_DECLS; - const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 }; - const byte data[] = { - 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80, 0x14, - 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, - 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, - 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a, 0xa4, - 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, - 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, - 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, - 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, - 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, - 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, - 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, - 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x14, 0x33, 0x44, 0x1a, 0xa8, 0x6c, - 0x01, 0xec, 0xf6, 0x60, 0xf2, 0x70, 0x51, 0x0a, - 0x4c, 0xd1, 0x14, 0xfa, 0xbc, 0xe9, 0x44 - }; - const byte* p; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_ASN1_STRING* str = NULL; - - p = objData; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); - if (obj != NULL) { - obj->type = NID_authority_key_identifier; - } - p = data; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - - /* Add second time with string to interpret. */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - - wolfSSL_ASN1_STRING_free(str); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - - return EXPECT_RESULT(); -} - -static int test_x509_add_subj_key_id(WOLFSSL_X509* x509) -{ - EXPECT_DECLS; - const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e }; - const byte data[] = { - 0x04, 0x16, 0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9, - 0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8, 0xd0, 0x3b, - 0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c - }; - const byte* p; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_ASN1_STRING* str = NULL; - - p = objData; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); - if (obj != NULL) { - obj->type = NID_subject_key_identifier; - } - p = data; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - /* Add second time with string to interpret. */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - - wolfSSL_ASN1_STRING_free(str); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - - return EXPECT_RESULT(); -} -#endif - -static int test_wolfSSL_X509_add_ext(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext_empty = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_ASN1_STRING* data = NULL; - const byte* p; - const byte subjAltNameObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 }; - const byte subjAltName[] = { - 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, - 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01 - }; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - - /* Create extension: Subject Alternative Name */ - ExpectNotNull(ext_empty = wolfSSL_X509_EXTENSION_new()); - p = subjAltName; - ExpectNotNull(data = d2i_ASN1_OCTET_STRING(NULL, &p, - (long)sizeof(subjAltName))); - p = subjAltNameObj; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, - sizeof(subjAltNameObj))); - if (obj != NULL) { - obj->type = NID_subject_alt_name; - } - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, data), WOLFSSL_SUCCESS); - - /* Failure cases. */ - ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, -1), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, -1), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, -1), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext_empty, -1), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Add: Subject Alternative Name */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - /* Add second time to ensure no memory leaks. */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - - wolfSSL_X509_EXTENSION_free(ext); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_ASN1_STRING_free(data); - wolfSSL_X509_EXTENSION_free(ext_empty); - - EXPECT_TEST(test_X509_add_basic_constraints(x509)); - EXPECT_TEST(test_X509_add_key_usage(x509)); - EXPECT_TEST(test_X509_add_ext_key_usage(x509)); - EXPECT_TEST(test_x509_add_auth_key_id(x509)); - EXPECT_TEST(test_x509_add_subj_key_id(x509)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_new(void) -{ - EXPECT_DECLS; -#if defined (OPENSSL_ALL) - WOLFSSL_X509_EXTENSION* ext = NULL; - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new()); - - wolfSSL_X509_EXTENSION_free(NULL); - wolfSSL_X509_EXTENSION_free(ext); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_dup(void) -{ - EXPECT_DECLS; -#if defined (OPENSSL_ALL) - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_X509_EXTENSION* dup = NULL; - - ExpectNull(wolfSSL_X509_EXTENSION_dup(NULL)); - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext)); - - wolfSSL_X509_EXTENSION_free(dup); - wolfSSL_X509_EXTENSION_free(ext); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_get_object(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_X509_EXTENSION* dup = NULL; - WOLFSSL_ASN1_OBJECT* o = NULL; - XFILE file = XBADFILE; - - ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - - /* wolfSSL_X509_EXTENSION_get_object() testing ext idx 0 */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); - ExpectNull(wolfSSL_X509_EXTENSION_get_object(NULL)); - ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ(o->nid, SUBJ_KEY_OID); - ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext)); - wolfSSL_X509_EXTENSION_free(dup); - - /* wolfSSL_X509_EXTENSION_get_object() NULL argument */ - ExpectNull(o = wolfSSL_X509_EXTENSION_get_object(NULL)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_get_data(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_STRING* str = NULL; - XFILE file = XBADFILE; -#ifndef WOLFSSL_OLD_EXTDATA_FMT - const byte ext_data[] = { - 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, - 0x84, 0xE2, 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, - 0x42, 0xCA, 0x1F, 0x0E, 0x8E, 0x3C, - }; -#endif - - ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); - - ExpectNull(str = wolfSSL_X509_EXTENSION_get_data(NULL)); - ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); - -#ifndef WOLFSSL_OLD_EXTDATA_FMT - ExpectIntEQ(str->length, sizeof (ext_data)); - ExpectBufEQ(str->data, ext_data, sizeof (ext_data)); -#endif - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_get_critical(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - XFILE file = XBADFILE; - int crit = 0; - - ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); - - ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_create_by_OBJ(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - XFILE file = XBADFILE; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509* empty = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_X509_EXTENSION* ext2 = NULL; - WOLFSSL_X509_EXTENSION* ext3 = NULL; - WOLFSSL_ASN1_OBJECT* o = NULL; - int crit = 0; - WOLFSSL_ASN1_STRING* str = NULL; - - ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); - - ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0); - ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); - - ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, NULL)); - ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, 0, NULL)); - ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, str)); - ExpectNotNull(ext2 = wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, crit, - str)); - ExpectNotNull(ext3 = wolfSSL_X509_EXTENSION_create_by_OBJ(ext2, o, crit, - str)); - if (ext3 == NULL) { - wolfSSL_X509_EXTENSION_free(ext2); - } - wolfSSL_X509_EXTENSION_free(ext3); - - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, NULL, -1), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, o, -1), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectNotNull(empty = wolfSSL_X509_new()); - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, NULL, -1), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, o, -1), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - wolfSSL_X509_free(empty); - empty = NULL; - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, -2), 0); - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, 0), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_print(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \ - !defined(NO_RSA) - - { - XFILE f = XBADFILE; - WOLFSSL_X509* x509 = NULL; - X509_EXTENSION * ext = NULL; - int loc = 0; - BIO *bio = NULL; - - ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - fclose(f); - - ExpectNotNull(bio = wolfSSL_BIO_new(BIO_s_mem())); - - ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, - NID_basic_constraints, -1), -1); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); - - /* Failure cases. */ - ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, NULL, 0, 0), - WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio , NULL, 0, 0), - WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, ext , 0, 0), - WOLFSSL_FAILURE); - /* Good case. */ - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); - - ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, - NID_subject_key_identifier, -1), -1); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); - - ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, - NID_authority_key_identifier, -1), -1); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); - - wolfSSL_BIO_free(bio); - wolfSSL_X509_free(x509); - } - - { - X509 *x509 = NULL; - BIO *bio = NULL; - X509_EXTENSION *ext = NULL; - unsigned int i = 0; - unsigned int idx = 0; - /* Some NIDs to test with */ - int nids[] = { - /* NID_key_usage, currently X509_get_ext returns this as a bit - * string, which messes up X509V3_EXT_print */ - /* NID_ext_key_usage, */ - NID_subject_alt_name, - }; - int* n = NULL; - - ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt, - WOLFSSL_FILETYPE_PEM)); - - ExpectIntGT(fprintf(stderr, "\nPrinting extension values:\n"), 0); - - for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) { - /* X509_get_ext_by_NID should return 3 for now. If that changes then - * update the index */ - ExpectIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3); - ExpectNotNull(ext = X509_get_ext(x509, (int)idx)); - ExpectIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1); - ExpectIntGT(fprintf(stderr, "\n"), 0); - } - - BIO_free(bio); - X509_free(x509); - } - - { - BIO* bio = NULL; - X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - - ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); - ExpectNotNull(ext = X509_EXTENSION_new()); - - /* No object. */ - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_FAILURE); - - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), - WOLFSSL_SUCCESS); - - /* NID not supported yet - just doesn't write anything. */ - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = AUTH_INFO_OID; - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), - WOLFSSL_SUCCESS); - ext->obj->nid = CERT_POLICY_OID; - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), - WOLFSSL_SUCCESS); - ext->obj->nid = CRL_DIST_OID; - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), - WOLFSSL_SUCCESS); - ext->obj->nid = KEY_USAGE_OID; - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), - WOLFSSL_SUCCESS); - - ext->obj->nid = EXT_KEY_USAGE_OID; - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), - WOLFSSL_SUCCESS); - } - - wolfSSL_ASN1_OBJECT_free(obj); - X509_EXTENSION_free(ext); - BIO_free(bio); - } -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_cmp(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - XFILE file1 = XBADFILE; - XFILE file2 = XBADFILE; - WOLFSSL_X509* cert1 = NULL; - WOLFSSL_X509* cert2 = NULL; - WOLFSSL_X509* empty = NULL; - - ExpectTrue((file1 = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectTrue((file2 = XFOPEN("./certs/3072/client-cert.pem", "rb")) != - XBADFILE); - - ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); - ExpectNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL)); - if (file1 != XBADFILE) - fclose(file1); - if (file2 != XBADFILE) - fclose(file2); - - ExpectNotNull(empty = wolfSSL_X509_new()); - - /* wolfSSL_X509_cmp() testing matching certs */ - ExpectIntEQ(0, wolfSSL_X509_cmp(cert1, cert1)); - - /* wolfSSL_X509_cmp() testing mismatched certs */ - ExpectIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2)); - - /* wolfSSL_X509_cmp() testing NULL, valid args */ - ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, cert2)); - - /* wolfSSL_X509_cmp() testing valid, NULL args */ - ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(cert1, NULL)); - - /* wolfSSL_X509_cmp() testing NULL, NULL args */ - ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, NULL)); - - /* wolfSSL_X509_cmp() testing empty cert */ - ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(empty, cert2)); - ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(cert1, empty)); - - wolfSSL_X509_free(empty); - wolfSSL_X509_free(cert2); - wolfSSL_X509_free(cert1); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_EVP_PKEY_up_ref(void) { EXPECT_DECLS; @@ -33815,10 +25171,10 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey(void) EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) EVP_PKEY* pkey = NULL; - const unsigned char* p; + const unsigned char* p = NULL; unsigned char *der = NULL; unsigned char *tmp = NULL; - int derLen; + int derLen = 0; p = client_keypub_der_2048; /* Check that key can be successfully decoded. */ @@ -34143,9 +25499,9 @@ static int test_wolfSSL_d2i_OCSP_CERTID(void) { EXPECT_DECLS; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) - WOLFSSL_OCSP_CERTID* certIdGood; - WOLFSSL_OCSP_CERTID* certIdBad; - const unsigned char* rawCertIdPtr; + WOLFSSL_OCSP_CERTID* certIdGood = NULL; + WOLFSSL_OCSP_CERTID* certIdBad = NULL; + const unsigned char* rawCertIdPtr = NULL; const unsigned char rawCertId[] = { 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, @@ -36379,21 +27735,6 @@ static int test_sk_X509_CRL(void) return EXPECT_RESULT(); } -static int test_X509_get_signature_nid(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509* x509 = NULL; - - ExpectIntEQ(X509_get_signature_nid(NULL), 0); - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM)); - ExpectIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption); - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - static int test_X509_REQ(void) { EXPECT_DECLS; @@ -37489,197 +28830,6 @@ static int test_wolfSSL_SMIME_write_PKCS7(void) #endif /* HAVE_SMIME */ #endif /* !NO_BIO */ -/* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS - * returns 0) */ -static int test_X509_STORE_No_SSL_CTX(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ - !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ - (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ - defined(HAVE_CRL) && !defined(NO_RSA) - - X509_STORE * store = NULL; - X509_STORE_CTX * storeCtx = NULL; - X509_CRL * crl = NULL; - X509 * ca = NULL; - X509 * cert = NULL; - const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; - const char srvCert[] = "./certs/server-cert.pem"; - const char caCert[] = "./certs/ca-cert.pem"; - const char caDir[] = "./certs/crl/hash_pem"; - XFILE fp = XBADFILE; - X509_LOOKUP * lookup = NULL; - - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - - /* Set up store with CA */ - ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); - - /* Add CRL lookup directory to store - * NOTE: test uses ./certs/crl/hash_pem/0fdb2da4.r0, which is a copy - * of crl.pem */ - ExpectNotNull((lookup = X509_STORE_add_lookup(store, - X509_LOOKUP_hash_dir()))); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir, - X509_FILETYPE_PEM, NULL), SSL_SUCCESS); - - ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), - SSL_SUCCESS); - - /* Add CRL to store NOT containing the verified certificate, which - * forces use of the CRL lookup directory */ - ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); - ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, - NULL, NULL)); - if (fp != XBADFILE) - XFCLOSE(fp); - ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); - - /* Create verification context outside of an SSL session */ - ExpectNotNull((storeCtx = X509_STORE_CTX_new())); - ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); - - /* Perform verification, which should NOT indicate CRL missing due to the - * store CM's X509 store pointer being NULL */ - ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING)); - - X509_CRL_free(crl); - X509_STORE_free(store); - X509_STORE_CTX_free(storeCtx); - X509_free(cert); - X509_free(ca); -#endif - return EXPECT_RESULT(); -} - -/* Test of X509 store use outside of SSL context w/ CRL lookup, but - * with X509_LOOKUP_add_dir and X509_FILETYPE_ASN1. */ -static int test_X509_LOOKUP_add_dir(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ - !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ - (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ - defined(HAVE_CRL) && !defined(NO_RSA) - - X509_STORE * store = NULL; - X509_STORE_CTX * storeCtx = NULL; - X509_CRL * crl = NULL; - X509 * ca = NULL; - X509 * cert = NULL; - const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; - const char srvCert[] = "./certs/server-cert.pem"; - const char caCert[] = "./certs/ca-cert.pem"; - const char caDir[] = "./certs/crl/hash_der"; - XFILE fp = XBADFILE; - X509_LOOKUP * lookup = NULL; - - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - - /* Set up store with CA */ - ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); - - /* Add CRL lookup directory to store. - * Test uses ./certs/crl/hash_der/0fdb2da4.r0, which is a copy - * of crl.der */ - ExpectNotNull((lookup = X509_STORE_add_lookup(store, - X509_LOOKUP_hash_dir()))); - - ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_ASN1), - SSL_SUCCESS); - - ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), - SSL_SUCCESS); - - /* Add CRL to store NOT containing the verified certificate, which - * forces use of the CRL lookup directory */ - ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); - ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, - NULL, NULL)); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); - - /* Create verification context outside of an SSL session */ - ExpectNotNull((storeCtx = X509_STORE_CTX_new())); - ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); - - /* Perform verification, which should NOT return CRL missing */ - ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING)); - - X509_CRL_free(crl); - crl = NULL; - X509_STORE_free(store); - store = NULL; - X509_STORE_CTX_free(storeCtx); - storeCtx = NULL; - X509_free(cert); - cert = NULL; - X509_free(ca); - ca = NULL; - - /* Now repeat the same, but look for X509_FILETYPE_PEM. - * We should get CRL_MISSING at the end, because the lookup - * dir has only ASN1 CRLs. */ - - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - - ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); - - ExpectNotNull((lookup = X509_STORE_add_lookup(store, - X509_LOOKUP_hash_dir()))); - - ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_PEM), - SSL_SUCCESS); - - ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), - SSL_SUCCESS); - - ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); - ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, - NULL, NULL)); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); - - ExpectNotNull((storeCtx = X509_STORE_CTX_new())); - ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); - - /* Now we SHOULD get CRL_MISSING, because we looked for PEM - * in dir containing only ASN1/DER. */ - ExpectIntEQ(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), - X509_V_ERR_UNABLE_TO_GET_CRL); - - X509_CRL_free(crl); - X509_STORE_free(store); - X509_STORE_CTX_free(storeCtx); - X509_free(cert); - X509_free(ca); -#endif - return EXPECT_RESULT(); -} - - /*----------------------------------------------------------------------------* | Certificate Failure Checks @@ -38059,146 +29209,6 @@ static int test_wolfSSL_X509_CRL(void) return EXPECT_RESULT(); } -static int test_wolfSSL_X509_load_crl_file(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) && \ - !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) - int i; - char pem[][100] = { - "./certs/crl/crl.pem", - "./certs/crl/crl2.pem", - "./certs/crl/caEccCrl.pem", - "./certs/crl/eccCliCRL.pem", - "./certs/crl/eccSrvCRL.pem", - #ifdef WC_RSA_PSS - "./certs/crl/crl_rsapss.pem", - #endif - "" - }; - char der[][100] = { - "./certs/crl/crl.der", - "./certs/crl/crl2.der", - "" - }; - WOLFSSL_X509_STORE* store = NULL; - WOLFSSL_X509_LOOKUP* lookup = NULL; - - ExpectNotNull(store = wolfSSL_X509_STORE_new()); - ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); - - ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", - X509_FILETYPE_PEM), 1); -#ifdef WC_RSA_PSS - ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/rsapss/ca-rsapss.pem", - X509_FILETYPE_PEM), 1); -#endif - ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", - X509_FILETYPE_PEM), 1); - if (store) { - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, - WOLFSSL_FILETYPE_PEM), 1); - /* since store hasn't yet known the revoked cert*/ - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, - "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); - } - - ExpectIntEQ(X509_load_crl_file(lookup, pem[0], 0), 0); - for (i = 0; pem[i][0] != '\0'; i++) { - ExpectIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), - 1); - } - - if (store) { - /* since store knows crl list */ - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, - "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), - WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); -#ifdef WC_RSA_PSS - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, - "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM), - WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); -#endif - } - /* once feeing store */ - X509_STORE_free(store); - store = NULL; - - ExpectNotNull(store = wolfSSL_X509_STORE_new()); - ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); - - ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", - X509_FILETYPE_PEM), 1); - ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", - X509_FILETYPE_PEM), 1); - if (store) { - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, - WOLFSSL_FILETYPE_PEM), 1); - /* since store hasn't yet known the revoked cert*/ - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, - "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); - } - - for (i = 0; der[i][0] != '\0'; i++) { - ExpectIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), - 1); - } - - if (store) { - /* since store knows crl list */ - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, - "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), - WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); - } - - /* test for incorrect parameter */ - ExpectIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0); - ExpectIntEQ(X509_load_crl_file(lookup, NULL, 0), 0); - ExpectIntEQ(X509_load_crl_file(NULL, NULL, 0), 0); - - X509_STORE_free(store); - store = NULL; -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_i2d_X509(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) - const unsigned char* cert_buf = server_cert_der_2048; - unsigned char* out = NULL; - unsigned char* tmp = NULL; - const unsigned char* nullPtr = NULL; - const unsigned char notCert[2] = { 0x30, 0x00 }; - const unsigned char* notCertPtr = notCert; - X509* cert = NULL; - - ExpectNull(d2i_X509(NULL, NULL, sizeof_server_cert_der_2048)); - ExpectNull(d2i_X509(NULL, &nullPtr, sizeof_server_cert_der_2048)); - ExpectNull(d2i_X509(NULL, &cert_buf, 0)); - ExpectNull(d2i_X509(NULL, ¬CertPtr, sizeof(notCert))); - ExpectNotNull(d2i_X509(&cert, &cert_buf, sizeof_server_cert_der_2048)); - /* Pointer should be advanced */ - ExpectPtrGT(cert_buf, server_cert_der_2048); - ExpectIntGT(i2d_X509(cert, &out), 0); - ExpectNotNull(out); - tmp = out; - ExpectIntGT(i2d_X509(cert, &tmp), 0); - ExpectPtrGT(tmp, out); -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) - ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, NULL), 0); - ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, cert), 0); - ExpectIntEQ(wolfSSL_PEM_write_X509(stderr, cert), 1); -#endif - - XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL); - X509_free(cert); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_d2i_X509_REQ(void) { EXPECT_DECLS; @@ -38389,23 +29399,6 @@ static int test_wolfSSL_d2i_X509_REQ(void) return EXPECT_RESULT(); } -static int test_wolfSSL_PEM_read_X509(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) - X509 *x509 = NULL; - XFILE fp = XBADFILE; - - ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); - ExpectNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL)); - X509_free(x509); - if (fp != XBADFILE) - XFCLOSE(fp); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_PEM_read(void) { EXPECT_DECLS; @@ -39997,328 +30990,6 @@ static int test_wolfSSL_EVP_PKEY_hkdf(void) return EXPECT_RESULT(); } -#ifndef NO_BIO -static int test_wolfSSL_PEM_X509_INFO_read_bio(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - BIO* bio = NULL; - X509_INFO* info = NULL; - STACK_OF(X509_INFO)* sk = NULL; - STACK_OF(X509_INFO)* sk2 = NULL; - char* subject = NULL; - char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/" - "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; - char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/" - "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; - - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); - ExpectIntEQ(sk_X509_INFO_num(sk), 2); - - /* using dereference to maintain testing for Apache port*/ - ExpectNull(sk_X509_INFO_pop(NULL)); - ExpectNotNull(info = sk_X509_INFO_pop(sk)); - ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), - 0, 0)); - - ExpectIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1))); - XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); - subject = NULL; - X509_INFO_free(info); - info = NULL; - - ExpectNotNull(info = sk_X509_INFO_pop(sk)); - ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), - 0, 0)); - - ExpectIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2))); - XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); - subject = NULL; - X509_INFO_free(info); - ExpectNull(info = sk_X509_INFO_pop(sk)); - - sk_X509_INFO_pop_free(sk, X509_INFO_free); - sk = NULL; - BIO_free(bio); - bio = NULL; - - ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(sk2 = PEM_X509_INFO_read_bio(bio, sk, NULL, NULL)); - ExpectPtrEq(sk, sk2); - if (sk2 != sk) { - sk_X509_INFO_pop_free(sk, X509_INFO_free); - } - sk = NULL; - BIO_free(bio); - sk_X509_INFO_pop_free(sk2, X509_INFO_free); - - ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); - sk_X509_INFO_free(sk); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_X509_INFO_read(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - XFILE fp = XBADFILE; - STACK_OF(X509_INFO)* sk = NULL; - - ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); - ExpectNull(wolfSSL_PEM_X509_INFO_read(XBADFILE, NULL, NULL, NULL)); - ExpectNotNull(sk = wolfSSL_PEM_X509_INFO_read(fp, NULL, NULL, NULL)); - - sk_X509_INFO_pop_free(sk, X509_INFO_free); - if (fp != XBADFILE) - XFCLOSE(fp); -#endif - return EXPECT_RESULT(); -} -#endif /* !NO_BIO */ - -static int test_wolfSSL_X509_NAME_ENTRY_get_object(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509 *x509 = NULL; - X509_NAME* name = NULL; - int idx = 0; - X509_NAME_ENTRY *ne = NULL; - ASN1_OBJECT *object = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = X509_get_subject_name(x509)); - ExpectIntGE(X509_NAME_get_index_by_NID(NULL, NID_commonName, -1), - BAD_FUNC_ARG); - ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); - ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -2), 0); - - ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); - ExpectNull(X509_NAME_ENTRY_get_object(NULL)); - ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_get1_certs(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509_STORE_CTX *storeCtx = NULL; - X509_STORE *store = NULL; - X509 *caX509 = NULL; - X509 *svrX509 = NULL; - X509_NAME *subject = NULL; - WOLF_STACK_OF(WOLFSSL_X509) *certs = NULL; - - ExpectNotNull(caX509 = X509_load_certificate_file(caCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull((svrX509 = wolfSSL_X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM))); - ExpectNotNull(storeCtx = X509_STORE_CTX_new()); - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(subject = X509_get_subject_name(caX509)); - - /* Errors */ - ExpectNull(X509_STORE_get1_certs(storeCtx, subject)); - ExpectNull(X509_STORE_get1_certs(NULL, subject)); - ExpectNull(X509_STORE_get1_certs(storeCtx, NULL)); - - ExpectIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), - SSL_SUCCESS); - - /* Should find the cert */ - ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); - ExpectIntEQ(1, wolfSSL_sk_X509_num(certs)); - - sk_X509_pop_free(certs, NULL); - certs = NULL; - - /* Should not find the cert */ - ExpectNotNull(subject = X509_get_subject_name(svrX509)); - ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); - ExpectIntEQ(0, wolfSSL_sk_X509_num(certs)); - - sk_X509_pop_free(certs, NULL); - certs = NULL; - - X509_STORE_free(store); - X509_STORE_CTX_free(storeCtx); - X509_free(svrX509); - X509_free(caX509); -#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ - return EXPECT_RESULT(); -} - -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ - defined(WOLFSSL_LOCAL_X509_STORE) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) -static int test_wolfSSL_X509_STORE_set_get_crl_provider(X509_STORE_CTX* ctx, - X509_CRL** crl_out, X509* cert) { - X509_CRL *crl = NULL; - XFILE fp = XBADFILE; - char* cert_issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); - int ret = 0; - - (void)ctx; - - if (cert_issuer == NULL) - return 0; - - if ((fp = XFOPEN("certs/crl/crl.pem", "rb")) != XBADFILE) { - PEM_read_X509_CRL(fp, &crl, NULL, NULL); - XFCLOSE(fp); - if (crl != NULL) { - char* crl_issuer = X509_NAME_oneline( - X509_CRL_get_issuer(crl), NULL, 0); - if ((crl_issuer != NULL) && - (XSTRCMP(cert_issuer, crl_issuer) == 0)) { - *crl_out = X509_CRL_dup(crl); - if (*crl_out != NULL) - ret = 1; - } - OPENSSL_free(crl_issuer); - } - } - - X509_CRL_free(crl); - OPENSSL_free(cert_issuer); - return ret; -} - -static int test_wolfSSL_X509_STORE_set_get_crl_provider2(X509_STORE_CTX* ctx, - X509_CRL** crl_out, X509* cert) { - (void)ctx; - (void)cert; - *crl_out = NULL; - return 1; -} - -#ifndef NO_WOLFSSL_STUB -static int test_wolfSSL_X509_STORE_set_get_crl_check(X509_STORE_CTX* ctx, - X509_CRL* crl) { - (void)ctx; - (void)crl; - return 1; -} -#endif - -static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok, - X509_STORE_CTX* ctx) { - int cert_error = X509_STORE_CTX_get_error(ctx); - X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx); - int flags = X509_VERIFY_PARAM_get_flags(param); - if ((flags & (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) != - (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) { - /* Make sure the flags are set */ - return 0; - } - /* Ignore CRL missing error */ -#ifndef OPENSSL_COMPATIBLE_DEFAULTS - if (cert_error == WC_NO_ERR_TRACE(CRL_MISSING)) -#else - if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL) -#endif - return 1; - return ok; -} - -static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready(WOLFSSL_CTX* ctx) -{ - EXPECT_DECLS; - X509_STORE* cert_store = NULL; - - ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), - WOLFSSL_SUCCESS); - ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); - X509_STORE_set_get_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_provider); -#ifndef NO_WOLFSSL_STUB - X509_STORE_set_check_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_check); -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx) -{ - EXPECT_DECLS; - X509_STORE* cert_store = NULL; - X509_VERIFY_PARAM* param = NULL; - - SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); - ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), - WOLFSSL_SUCCESS); - ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); - X509_STORE_set_get_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_provider2); -#ifndef NO_WOLFSSL_STUB - X509_STORE_set_check_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_check); -#endif - X509_STORE_set_verify_cb(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_verify); - ExpectNotNull(X509_STORE_get0_param(cert_store)); - ExpectNotNull(param = X509_VERIFY_PARAM_new()); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(NULL, NULL) , WOLFSSL_SUCCESS); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, NULL) , WOLFSSL_SUCCESS); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, - X509_STORE_get0_param(cert_store)), WOLFSSL_SUCCESS); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, - X509_STORE_get0_param(cert_store)), 1); - ExpectIntEQ(X509_VERIFY_PARAM_set_flags( - param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); - ExpectIntEQ(X509_STORE_set1_param(cert_store, param), 1); - ExpectIntEQ(X509_STORE_set_flags(cert_store, - X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); - - - X509_VERIFY_PARAM_free(param); - return EXPECT_RESULT(); -} -#endif - -/* This test mimics the usage of the CRL provider in gRPC */ -static int test_wolfSSL_X509_STORE_set_get_crl(void) -{ - EXPECT_DECLS; -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ - defined(WOLFSSL_LOCAL_X509_STORE) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) - test_ssl_cbf func_cb_client; - test_ssl_cbf func_cb_server; - - XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); - XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); - - func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready; - - ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), TEST_SUCCESS); - - XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); - XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); - - func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2; - - ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), TEST_SUCCESS); -#endif - return EXPECT_RESULT(); -} - - static int test_wolfSSL_dup_CA_list(void) { int res = TEST_SKIPPED; @@ -42550,8 +33221,8 @@ static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args) char msg[] = "hello wolfssl server!"; int len = (int) XSTRLEN(msg); char input[1024]; - int idx; - int ret, err; + int idx = 0; + int ret = 0, err = 0; if (!args) WOLFSSL_RETURN_FROM_THREAD(0); @@ -50890,31 +41561,16 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_lhash), +#ifndef NO_BIO + TEST_DECL(test_wolfSSL_BIO), + TEST_DECL(test_wolfSSL_BIO_BIO_ring_read), +#endif + TEST_DECL(test_wolfSSL_certs), TEST_DECL(test_wolfSSL_X509_ext_d2i), TEST_DECL(test_wolfSSL_private_keys), - TEST_DECL(test_wolfSSL_PEM_def_callback), - TEST_DECL(test_wolfSSL_PEM_read_PrivateKey), - TEST_DECL(test_wolfSSL_PEM_read_RSA_PUBKEY), - TEST_DECL(test_wolfSSL_PEM_read_PUBKEY), - TEST_DECL(test_wolfSSL_PEM_PrivateKey_rsa), - TEST_DECL(test_wolfSSL_PEM_PrivateKey_ecc), - TEST_DECL(test_wolfSSL_PEM_PrivateKey_dsa), - TEST_DECL(test_wolfSSL_PEM_PrivateKey_dh), - TEST_DECL(test_wolfSSL_PEM_PrivateKey), - TEST_DECL(test_wolfSSL_PEM_file_RSAKey), - TEST_DECL(test_wolfSSL_PEM_file_RSAPrivateKey), -#ifndef NO_BIO - TEST_DECL(test_wolfSSL_BIO), - TEST_DECL(test_wolfSSL_BIO_BIO_ring_read), - TEST_DECL(test_wolfSSL_PEM_read_bio), - TEST_DECL(test_wolfSSL_PEM_bio_RSAKey), - TEST_DECL(test_wolfSSL_PEM_bio_DSAKey), - TEST_DECL(test_wolfSSL_PEM_bio_ECKey), - TEST_DECL(test_wolfSSL_PEM_bio_RSAPrivateKey), - TEST_DECL(test_wolfSSL_PEM_PUBKEY), -#endif + TEST_SSL_PEM_DECLS, /* EVP API testing */ TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_new), @@ -51069,133 +41725,29 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_OtherName), TEST_DECL(test_wolfSSL_FPKI), TEST_DECL(test_wolfSSL_URI), - TEST_DECL(test_wolfSSL_TBS), - - TEST_DECL(test_wolfSSL_X509_STORE_CTX), - TEST_DECL(test_wolfSSL_X509_STORE_CTX_ex), - TEST_DECL(test_X509_STORE_untrusted), -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - TEST_DECL(test_X509_STORE_InvalidCa), -#endif - TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup), - TEST_DECL(test_wolfSSL_X509_STORE_CTX_get_issuer), - TEST_DECL(test_wolfSSL_X509_STORE_set_flags), - TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file), - TEST_DECL(test_wolfSSL_X509_Name_canon), - TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_file), - TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_hash_dir), - TEST_DECL(test_wolfSSL_X509_NID), - TEST_DECL(test_wolfSSL_X509_STORE_CTX_set_time), - TEST_DECL(test_wolfSSL_get0_param), - TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_host), - TEST_DECL(test_wolfSSL_set1_host), - TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_ip), - TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_store), - TEST_DECL(test_wolfSSL_X509_STORE), - TEST_DECL(test_wolfSSL_X509_STORE_load_locations), - TEST_DECL(test_X509_STORE_get0_objects), - TEST_DECL(test_wolfSSL_X509_load_crl_file), - TEST_DECL(test_wolfSSL_X509_STORE_get1_certs), - TEST_DECL(test_wolfSSL_X509_STORE_set_get_crl), - TEST_DECL(test_wolfSSL_X509_NAME_ENTRY_get_object), - TEST_DECL(test_wolfSSL_X509_cmp_time), - TEST_DECL(test_wolfSSL_X509_time_adj), /* X509 tests */ - TEST_DECL(test_wolfSSL_X509_subject_name_hash), - TEST_DECL(test_wolfSSL_X509_issuer_name_hash), - TEST_DECL(test_wolfSSL_X509_check_host), - TEST_DECL(test_wolfSSL_X509_check_email), - TEST_DECL(test_wolfSSL_X509_check_private_key), - TEST_DECL(test_wolfSSL_X509), - TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM), - TEST_DECL(test_wolfSSL_X509_sign), - TEST_DECL(test_wolfSSL_X509_sign2), - TEST_DECL(test_wolfSSL_X509_verify), - TEST_DECL(test_wolfSSL_X509_get0_tbs_sigalg), + TEST_OSSL_X509_DECLS, + TEST_OSSL_X509_NAME_DECLS, + TEST_OSSL_X509_EXT_DECLS, + TEST_OSSL_X509_PK_DECLS, + TEST_OSSL_X509_VFY_PARAMS_DECLS, + TEST_OSSL_X509_IO_DECLS, + TEST_OSSL_X509_CRYPTO_DECLS, + TEST_OSSL_X509_ACERT_DECLS, + TEST_OSSL_X509_INFO_DECLS, + TEST_DECL(test_wolfSSL_X509_ALGOR_get0), - TEST_DECL(test_wolfSSL_X509_get_X509_PUBKEY), - TEST_DECL(test_wolfSSL_X509_PUBKEY_RSA), - TEST_DECL(test_wolfSSL_X509_PUBKEY_EC), - TEST_DECL(test_wolfSSL_X509_PUBKEY_DSA), - TEST_DECL(test_wolfSSL_PEM_write_bio_X509), - TEST_DECL(test_wolfSSL_X509_NAME_get_entry), - TEST_DECL(test_wolfSSL_X509_NAME), - TEST_DECL(test_wolfSSL_X509_NAME_hash), - TEST_DECL(test_wolfSSL_X509_NAME_print_ex), - TEST_DECL(test_wolfSSL_X509_NAME_ENTRY), - TEST_DECL(test_wolfSSL_X509_set_name), - TEST_DECL(test_wolfSSL_X509_set_notAfter), - TEST_DECL(test_wolfSSL_X509_set_notBefore), - TEST_DECL(test_wolfSSL_X509_set_version), - TEST_DECL(test_wolfSSL_X509_get_serialNumber), - TEST_DECL(test_wolfSSL_X509_ext_get_critical_by_NID), - TEST_DECL(test_wolfSSL_X509_CRL_distribution_points), TEST_DECL(test_wolfSSL_X509_SEP), TEST_DECL(test_wolfSSL_X509_CRL), - TEST_DECL(test_wolfSSL_i2d_X509), - TEST_DECL(test_wolfSSL_PEM_read_X509), - TEST_DECL(test_wolfSSL_X509_check_ca), - TEST_DECL(test_wolfSSL_X509_check_ip_asc), - TEST_DECL(test_wolfSSL_X509_bad_altname), - TEST_DECL(test_wolfSSL_X509_name_match), - TEST_DECL(test_wolfSSL_X509_name_match2), - TEST_DECL(test_wolfSSL_X509_name_match3), - TEST_DECL(test_wolfSSL_X509_max_altnames), - TEST_DECL(test_wolfSSL_X509_max_name_constraints), - TEST_DECL(test_wolfSSL_make_cert), - - /* X509 ACERT tests */ - TEST_DECL(test_wolfSSL_X509_ACERT_verify), - TEST_DECL(test_wolfSSL_X509_ACERT_misc_api), - TEST_DECL(test_wolfSSL_X509_ACERT_buffer), - TEST_DECL(test_wolfSSL_X509_ACERT_new_and_sign), - TEST_DECL(test_wolfSSL_X509_ACERT_asn), - -#ifndef NO_BIO - TEST_DECL(test_wolfSSL_X509_INFO_multiple_info), - TEST_DECL(test_wolfSSL_X509_INFO), - TEST_DECL(test_wolfSSL_PEM_X509_INFO_read_bio), - TEST_DECL(test_wolfSSL_PEM_X509_INFO_read), -#endif - -#ifdef OPENSSL_ALL - TEST_DECL(test_wolfSSL_X509_PUBKEY_get), - TEST_DECL(test_wolfSSL_X509_set_pubkey), -#endif - - TEST_DECL(test_wolfSSL_X509_CA_num), - TEST_DECL(test_x509_get_key_id), - TEST_DECL(test_wolfSSL_X509_get_version), #ifndef NO_BIO TEST_DECL(test_wolfSSL_X509_print), TEST_DECL(test_wolfSSL_X509_CRL_print), #endif - TEST_DECL(test_X509_get_signature_nid), - /* X509 extension testing. */ - TEST_DECL(test_wolfSSL_X509_get_extension_flags), - TEST_DECL(test_wolfSSL_X509_get_ext), - TEST_DECL(test_wolfSSL_X509_get_ext_by_NID), - TEST_DECL(test_wolfSSL_X509_get_ext_subj_alt_name), - TEST_DECL(test_wolfSSL_X509_get_ext_count), - TEST_DECL(test_wolfSSL_X509_stack_extensions), - TEST_DECL(test_wolfSSL_X509_set_ext), - TEST_DECL(test_wolfSSL_X509_add_ext), - TEST_DECL(test_wolfSSL_X509_EXTENSION_new), - TEST_DECL(test_wolfSSL_X509_EXTENSION_dup), - TEST_DECL(test_wolfSSL_X509_EXTENSION_get_object), - TEST_DECL(test_wolfSSL_X509_EXTENSION_get_data), - TEST_DECL(test_wolfSSL_X509_EXTENSION_get_critical), - TEST_DECL(test_wolfSSL_X509_EXTENSION_create_by_OBJ), - TEST_DECL(test_wolfSSL_X509V3_set_ctx), - TEST_DECL(test_wolfSSL_X509V3_EXT_get), - TEST_DECL(test_wolfSSL_X509V3_EXT_nconf), - TEST_DECL(test_wolfSSL_X509V3_EXT), - TEST_DECL(test_wolfSSL_X509V3_EXT_bc), - TEST_DECL(test_wolfSSL_X509V3_EXT_san), - TEST_DECL(test_wolfSSL_X509V3_EXT_aia), - TEST_DECL(test_wolfSSL_X509V3_EXT_print), - TEST_DECL(test_wolfSSL_X509_cmp), + + /* X509 Store tests */ + TEST_OSSL_X509_STORE_DECLS, + TEST_OSSL_X509_LOOKUP_DECLS, TEST_DECL(test_GENERAL_NAME_set0_othername), TEST_DECL(test_othername_and_SID_ext), @@ -51210,10 +41762,6 @@ TEST_CASE testCases[] = { TEST_DECL(test_X509_REQ), TEST_DECL(test_wolfSSL_X509_REQ_print), - /* OpenSSL compatibility outside SSL context w/ CRL lookup directory */ - TEST_DECL(test_X509_STORE_No_SSL_CTX), - TEST_DECL(test_X509_LOOKUP_add_dir), - /* RAND compatibility API */ TEST_DECL(test_wolfSSL_RAND_set_rand_method), TEST_DECL(test_wolfSSL_RAND_bytes), @@ -51400,6 +41948,9 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_tmp_dh), TEST_DECL(test_wolfSSL_ctrl), + TEST_DECL(test_wolfSSL_get0_param), + TEST_DECL(test_wolfSSL_set1_host), + #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ @@ -51742,9 +42293,19 @@ void ApiTest_StopOnFail(void) void ApiTest_PrintTestCases(void) { int i; + const char* lastGroup = NULL; printf("All Test Cases:\n"); for (i = 0; i < TEST_CASE_CNT; i++) { + if ((lastGroup != NULL) && ((testCases[i].group == NULL) || + XSTRCMP(testCases[i].group, lastGroup) != 0)) { + printf("End Group : %s\n", lastGroup); + } + if ((testCases[i].group != NULL) && ((lastGroup == NULL) || + XSTRCMP(testCases[i].group, lastGroup) != 0)) { + printf("Begin Group: %s\n", testCases[i].group); + } + lastGroup = testCases[i].group; printf("%3d: %s\n", i + 1, testCases[i].name); } } @@ -51980,11 +42541,11 @@ int ApiTest(void) if ((lastGroup != NULL) && ((testCases[i].group == NULL) || XSTRCMP(testCases[i].group, lastGroup) != 0)) { - printf(" Group %s DONE\n", lastGroup); + printf(" End Group : %s\n", lastGroup); } if ((testCases[i].group != NULL) && ((lastGroup == NULL) || XSTRCMP(testCases[i].group, lastGroup) != 0)) { - printf(" Group %s START\n", testCases[i].group); + printf(" Begin Group: %s\n", testCases[i].group); } lastGroup = testCases[i].group; @@ -52029,7 +42590,7 @@ int ApiTest(void) } } if (lastGroup != NULL) { - printf(" Group %s DONE\n", lastGroup); + printf(" End Group : %s\n", lastGroup); } } diff --git a/tests/api/include.am b/tests/api/include.am index d6274cbff..79d15c0ef 100644 --- a/tests/api/include.am +++ b/tests/api/include.am @@ -78,6 +78,21 @@ tests_unit_test_SOURCES += tests/api/test_ossl_ec.c tests_unit_test_SOURCES += tests/api/test_ossl_ecx.c tests_unit_test_SOURCES += tests/api/test_ossl_dsa.c tests_unit_test_SOURCES += tests/api/test_ossl_sk.c +# OpenSSL X509 +tests_unit_test_SOURCES += tests/api/test_ossl_x509.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_ext.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_name.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_pk.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_vp.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_io.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_crypto.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_acert.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_info.c +# OpenSSL X509 Store +tests_unit_test_SOURCES += tests/api/test_ossl_x509_str.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_lu.c +# SSL PEM +tests_unit_test_SOURCES += tests/api/test_ossl_pem.c # TLS 1.3 specific tests_unit_test_SOURCES += tests/api/test_tls13.c endif @@ -147,5 +162,17 @@ EXTRA_DIST += tests/api/test_ossl_ec.h EXTRA_DIST += tests/api/test_ossl_ecx.h EXTRA_DIST += tests/api/test_ossl_dsa.h EXTRA_DIST += tests/api/test_ossl_sk.h +EXTRA_DIST += tests/api/test_ossl_x509.h +EXTRA_DIST += tests/api/test_ossl_x509_ext.h +EXTRA_DIST += tests/api/test_ossl_x509_name.h +EXTRA_DIST += tests/api/test_ossl_x509_pk.h +EXTRA_DIST += tests/api/test_ossl_x509_vp.h +EXTRA_DIST += tests/api/test_ossl_x509_io.h +EXTRA_DIST += tests/api/test_ossl_x509_crypto.h +EXTRA_DIST += tests/api/test_ossl_x509_acert.h +EXTRA_DIST += tests/api/test_ossl_x509_info.h +EXTRA_DIST += tests/api/test_ossl_x509_str.h +EXTRA_DIST += tests/api/test_ossl_x509_lu.h +EXTRA_DIST += tests/api/test_ossl_pem.h EXTRA_DIST += tests/api/test_tls13.h diff --git a/tests/api/test_aes.c b/tests/api/test_aes.c index 97186ecfc..fd56d2658 100644 --- a/tests/api/test_aes.c +++ b/tests/api/test_aes.c @@ -289,7 +289,7 @@ int test_wc_AesEncryptDecryptDirect(void) #if !defined(NO_AES) && defined(HAVE_AES_ECB) /* Assembly code doing 8 iterations at a time. */ -#define ECB_LEN (9 * WC_AES_BLOCK_SIZE) +#define ECB_LEN (15 * WC_AES_BLOCK_SIZE) static int test_wc_AesEcbEncryptDecrypt_BadArgs(Aes* aes, byte* key, word32 keyLen) @@ -1993,7 +1993,7 @@ int test_wc_AesCtrSetKey(void) #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) /* Assembly code doing 8 iterations at a time. */ -#define CTR_LEN (9 * WC_AES_BLOCK_SIZE) +#define CTR_LEN (15 * WC_AES_BLOCK_SIZE) static int test_wc_AesCtrEncrypt_BadArgs(Aes* aes, byte* key, word32 keyLen, byte* iv) @@ -2237,6 +2237,18 @@ int test_wc_AesCtrEncryptDecrypt(void) 0x86, 0x8f, 0x83, 0xff, 0x3d, 0xbe, 0x6e, 0xfa, 0xd2, 0x2b, 0x3e, 0x70, 0x21, 0x1c, 0xe8, 0x7b, 0xe4, 0x01, 0x2c, 0xd0, 0x82, 0xe2, 0x7a, 0x4a, + 0xcf, 0x67, 0x82, 0x1c, 0x80, 0x79, 0x85, 0x5e, + 0xe5, 0xf9, 0x3a, 0x0d, 0x1a, 0xa7, 0x89, 0x29, + 0xee, 0xe7, 0x2b, 0xd6, 0x29, 0xac, 0xfa, 0xca, + 0xc8, 0xcb, 0x4e, 0x6c, 0x1f, 0x30, 0x5e, 0x95, + 0xa5, 0xa2, 0x17, 0xe2, 0x93, 0xd3, 0xe6, 0xbe, + 0x91, 0x37, 0x84, 0x01, 0xdb, 0x44, 0x4c, 0x60, + 0x1c, 0x2c, 0x64, 0x7d, 0xb7, 0x73, 0x12, 0x11, + 0xc2, 0x6a, 0xfd, 0xac, 0x6d, 0x85, 0xd8, 0xeb, + 0x0e, 0x70, 0xd3, 0x82, 0x93, 0x65, 0xff, 0x18, + 0x4e, 0x22, 0x07, 0x8a, 0xf6, 0xfd, 0x36, 0x9d, + 0x5c, 0x15, 0x1c, 0x84, 0x69, 0x13, 0x68, 0x78, + 0xf1, 0x04, 0x02, 0x66, 0xec, 0x37, 0xcc, 0x0d, }; #elif defined(WOLFSSL_AES_192) byte expected24[CTR_LEN] = { @@ -2258,6 +2270,18 @@ int test_wc_AesCtrEncryptDecrypt(void) 0x8d, 0x3b, 0xa9, 0x17, 0x4c, 0x2a, 0xc7, 0x97, 0x99, 0xb7, 0xaf, 0x86, 0x17, 0xf9, 0xe4, 0x2c, 0x5a, 0x4d, 0x6d, 0x7f, 0xfe, 0xb8, 0xaa, 0x9b, + 0xf8, 0xb6, 0xcb, 0x6f, 0x2f, 0xa4, 0x57, 0x61, + 0x88, 0x6c, 0x94, 0xaa, 0xf7, 0x97, 0xcf, 0xcd, + 0x19, 0x29, 0x9e, 0xf3, 0x30, 0xb8, 0xaa, 0x56, + 0x49, 0xcb, 0xf0, 0x56, 0xdd, 0xac, 0x4b, 0x41, + 0x00, 0xb3, 0x19, 0xdd, 0xef, 0x69, 0xd0, 0x9c, + 0xd1, 0x67, 0x48, 0x62, 0x9f, 0x56, 0x21, 0x2d, + 0x05, 0xb3, 0x4d, 0x0b, 0xac, 0xb6, 0x63, 0xf4, + 0x44, 0xfc, 0x43, 0xc0, 0xa9, 0x8c, 0x37, 0xd6, + 0xc3, 0x8c, 0xa4, 0x42, 0x68, 0x08, 0x2c, 0x1e, + 0xe7, 0xcc, 0xe4, 0x1f, 0x82, 0x9a, 0xe0, 0xfb, + 0x18, 0x84, 0x55, 0xaf, 0x02, 0xcc, 0x55, 0x13, + 0x7e, 0xc7, 0x05, 0xb8, 0xb9, 0x5e, 0x90, 0xc3, }; #else byte expected32[CTR_LEN] = { @@ -2279,6 +2303,18 @@ int test_wc_AesCtrEncryptDecrypt(void) 0xf1, 0x7b, 0x2b, 0x87, 0xe4, 0xcd, 0x93, 0x22, 0x07, 0xdc, 0x35, 0x46, 0x8a, 0x1d, 0xf5, 0xe4, 0x23, 0x01, 0x67, 0x00, 0x66, 0x7b, 0xd6, 0x56, + 0x0d, 0x57, 0x4f, 0x6f, 0x45, 0x82, 0x91, 0x58, + 0x81, 0x37, 0xcc, 0xb4, 0xa4, 0xa3, 0x3c, 0x57, + 0x42, 0x05, 0x95, 0xa3, 0x04, 0x1f, 0xfd, 0x32, + 0xb7, 0xc8, 0xbb, 0x14, 0xe7, 0xf1, 0xc1, 0x1f, + 0xe9, 0x33, 0x6a, 0xb0, 0x10, 0x0d, 0xfb, 0x91, + 0x88, 0xca, 0x20, 0x29, 0xeb, 0xcd, 0x9c, 0x71, + 0x07, 0xfd, 0x3f, 0x6b, 0x1f, 0xb3, 0x76, 0xb7, + 0x6b, 0xa1, 0xad, 0xbe, 0xd3, 0x45, 0xb5, 0xe9, + 0x04, 0x9a, 0xfd, 0x6a, 0x85, 0xa2, 0xbc, 0x4e, + 0xca, 0xdb, 0x84, 0xbc, 0x0e, 0x0c, 0x96, 0x65, + 0xc9, 0x95, 0x2b, 0xcb, 0x98, 0x8c, 0xd2, 0x78, + 0x85, 0x7e, 0x1a, 0xa2, 0x6a, 0x73, 0x90, 0x80, }; #endif byte iv[] = "1234567890abcdef"; @@ -3407,6 +3443,275 @@ int test_wc_AesCcmEncryptDecrypt(void) return EXPECT_RESULT(); } /* END test_wc_AesCcmEncryptDecrypt */ +/******************************************************************************* + * AES-XTS + ******************************************************************************/ + +/* + * test function for wc_AesXtsSetKey() + */ +int test_wc_AesXtsSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_XTS) + XtsAes aes; +#ifdef WOLFSSL_AES_128 + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + }; +#endif +#if defined(WOLFSSL_AES_192) && !defined(HAVE_FIPS) + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif + byte badKey16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte badKey24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 + }; + byte badKey32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte* key; + word32 keyLen; + +#ifdef WOLFSSL_AES_128 + key = key16; + keyLen = sizeof(key16)/sizeof(byte); +#elif defined(WOLFSSL_AES_192) + key = key24; + keyLen = sizeof(key24)/sizeof(byte); +#else + key = key32; + keyLen = sizeof(key32)/sizeof(byte); +#endif + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_AesXtsSetKey(&aes, key16, sizeof(key16)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + wc_AesXtsFree(&aes); +#endif +#if defined(WOLFSSL_AES_192) && !defined(HAVE_FIPS) + ExpectIntEQ(wc_AesXtsSetKey(&aes, key24, sizeof(key24)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + wc_AesXtsFree(&aes); +#endif +#ifdef WOLFSSL_AES_256 + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + wc_AesXtsFree(&aes); +#endif + + /* Pass in bad args. */ + ExpectIntEQ(wc_AesXtsSetKey(NULL, NULL, keyLen, AES_ENCRYPTION, NULL, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsSetKey(NULL, key, keyLen, AES_ENCRYPTION, NULL, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsSetKey(&aes, NULL, keyLen, AES_ENCRYPTION, NULL, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + ExpectIntEQ(wc_AesXtsSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + ExpectIntEQ(wc_AesXtsSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + ExpectIntEQ(wc_AesXtsSetKey(&aes, key, keyLen, -2, NULL, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesXtsSetKey */ + +int test_wc_AesXtsEncryptDecrypt_Sizes(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_XTS) && \ + defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG) && \ + !defined(WOLFSSL_KCAPI) + #define XTS_LEN (WC_AES_BLOCK_SIZE * 16) + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte tweak[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + }; + XtsAes aes; + word32 tweakLen = (word32)sizeof(tweak)/sizeof(byte); + int sz; + WC_DECLARE_VAR(plain, byte, XTS_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, XTS_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_DECLARE_VAR(decrypted, byte, XTS_LEN, NULL); +#endif + + WC_ALLOC_VAR(plain, byte, XTS_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, XTS_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_ALLOC_VAR(decrypted, byte, XTS_LEN, NULL); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#ifdef HAVE_AES_DECRYPT + ExpectNotNull(decrypted); +#endif +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + XMEMSET(plain, 0xa5, XTS_LEN); + + for (sz = WC_AES_BLOCK_SIZE; sz <= XTS_LEN; sz *= 2) { + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + XMEMSET(cipher, 0, XTS_LEN); + ExpectIntEQ(wc_AesXtsEncrypt(&aes, cipher, plain, sz, tweak, tweakLen), + 0); + wc_AesXtsFree(&aes); + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_DECRYPTION, NULL, INVALID_DEVID), 0); + XMEMSET(decrypted, 0xff, XTS_LEN); + ExpectIntEQ(wc_AesXtsDecrypt(&aes, decrypted, cipher, sz, tweak, + tweakLen), 0); + ExpectBufEQ(decrypted, plain, sz); + wc_AesXtsFree(&aes); +#endif + } + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); +#ifdef HAVE_AES_DECRYPT + WC_FREE_VAR(decrypted, NULL); +#endif +#endif + return EXPECT_RESULT(); +} + +/* + * test function for wc_AesXtsEncrypt and wc_AesXtsDecrypt + */ +int test_wc_AesXtsEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_XTS) && \ + defined(WOLFSSL_AES_256) + XtsAes aes; + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector[] = { /* Now is the time for all w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte tweak[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + }; + word32 tweakLen = (word32)sizeof(tweak)/sizeof(byte); + byte enc[sizeof(vector)]; + byte resultT[WC_AES_BLOCK_SIZE]; + byte dec[sizeof(vector)]; + + /* Init stack variables. */ + XMEMSET(&aes, 0, sizeof(Aes)); + XMEMSET(enc, 0, sizeof(vector)); + XMEMSET(dec, 0, sizeof(vector)); + XMEMSET(resultT, 0, WC_AES_BLOCK_SIZE); + + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesXtsEncrypt(&aes, enc, vector, sizeof(vector), tweak, + tweakLen), 0); + wc_AesXtsFree(&aes); + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_DECRYPTION, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesXtsDecrypt(&aes, dec, enc, sizeof(vector), tweak, + tweakLen), 0); + ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); + wc_AesXtsFree(&aes); + + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + /* Test bad args for wc_AesXtsEncrypt and wc_AesXtsDecrypt */ + ExpectIntEQ(wc_AesXtsEncrypt(NULL, enc, vector, sizeof(vector), tweak, + tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsEncrypt(&aes, NULL, vector, sizeof(vector), tweak, + tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsEncrypt(&aes, enc, NULL, sizeof(vector), tweak, + tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_AesXtsFree(&aes); + /* END wc_AesXtsEncrypt */ + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_DECRYPTION, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesXtsDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), + tweak, tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), + tweak, tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), + tweak, tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_AesXtsFree(&aes); +#endif /* HAVE_AES_DECRYPT */ +#endif + + return EXPECT_RESULT(); +} /* END test_wc_AesXtsEncryptDecrypt */ + #if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) diff --git a/tests/api/test_aes.h b/tests/api/test_aes.h index cdb400ed1..99265f333 100644 --- a/tests/api/test_aes.h +++ b/tests/api/test_aes.h @@ -41,6 +41,9 @@ int test_wc_AesGcmMixedEncDecLongIV(void); int test_wc_AesGcmStream(void); int test_wc_AesCcmSetKey(void); int test_wc_AesCcmEncryptDecrypt(void); +int test_wc_AesXtsSetKey(void); +int test_wc_AesXtsEncryptDecrypt_Sizes(void); +int test_wc_AesXtsEncryptDecrypt(void); #if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) int test_wc_AesEaxVectors(void); @@ -68,7 +71,10 @@ int test_wc_GmacUpdate(void); TEST_DECL_GROUP("aes", test_wc_AesGcmMixedEncDecLongIV), \ TEST_DECL_GROUP("aes", test_wc_AesGcmStream), \ TEST_DECL_GROUP("aes", test_wc_AesCcmSetKey), \ - TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt) + TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt), \ + TEST_DECL_GROUP("aes", test_wc_AesXtsSetKey), \ + TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_Sizes), \ + TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt) #if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) diff --git a/tests/api/test_ossl_pem.c b/tests/api/test_ossl_pem.c new file mode 100644 index 000000000..82dc63367 --- /dev/null +++ b/tests/api/test_ossl_pem.c @@ -0,0 +1,1261 @@ +/* test_ossl_pem.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#ifdef OPENSSL_EXTRA + #include +#endif +#include +#include + + +int test_wolfSSL_PEM_def_callback(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + char buf[10]; + const char* defpwd = "DEF PWD"; + int defpwdLen = (int)XSTRLEN(defpwd); + int smallLen = 1; + + /* Bad parameters. */ + ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, NULL), 0); + ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, (void*)defpwd), + 0); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, NULL), 0); + + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, (void*)defpwd), + defpwdLen); + ExpectIntEQ(XMEMCMP(buf, defpwd, defpwdLen), 0); + ExpectIntEQ(buf[defpwdLen], 0); + /* Size of buffer is smaller than default password. */ + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, smallLen, 0, (void*)defpwd), + smallLen); + ExpectIntEQ(XMEMCMP(buf, defpwd, smallLen), 0); + ExpectIntEQ(buf[smallLen], 0); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_PrivateKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || \ + !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_DH)) + XFILE file = XBADFILE; +#if !defined(NO_RSA) + const char* fname_rsa = "./certs/server-key.pem"; + RSA* rsa = NULL; + WOLFSSL_EVP_PKEY_CTX* ctx = NULL; + unsigned char* sig = NULL; + size_t sigLen = 0; + const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7}; + size_t tbsLen = sizeof(tbs); +#endif +#if !defined(NO_DSA) + const char* fname_dsa = "./certs/dsa2048.pem"; +#endif +#if defined(HAVE_ECC) + const char* fname_ec = "./certs/ecc-key.pem"; +#endif +#if !defined(NO_DH) + const char* fname_dh = "./certs/dh-priv-2048.pem"; +#endif + EVP_PKEY* pkey = NULL; + + /* Check error case. */ + ExpectNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL)); + + /* not a PEM key. */ + ExpectTrue((file = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + +#ifndef NO_RSA + /* Read in an RSA key. */ + ExpectTrue((file = XFOPEN(fname_rsa, "rb")) != XBADFILE); + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + + /* Make sure the key is usable by signing some data with it. */ + ExpectNotNull(rsa = EVP_PKEY_get0_RSA(pkey)); + ExpectIntGT((sigLen = RSA_size(rsa)), 0); + ExpectNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen), + WOLFSSL_SUCCESS); + + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#ifndef NO_DSA + /* Read in a DSA key. */ + ExpectTrue((file = XFOPEN(fname_dsa, "rb")) != XBADFILE); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#else + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); +#endif + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; +#endif + +#ifdef HAVE_ECC + /* Read in an EC key. */ + ExpectTrue((file = XFOPEN(fname_ec, "rb")) != XBADFILE); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_PrivateKey(file, &pkey, NULL, NULL), pkey); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#ifndef NO_DH + /* Read in a DH key. */ + ExpectTrue((file = XFOPEN(fname_dh, "rb")) != XBADFILE); +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#else + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); +#endif + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_PUBKEY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \ + && !defined(NO_FILESYSTEM) + XFILE file = XBADFILE; + const char* fname = "./certs/client-keyPub.pem"; + EVP_PKEY* pkey = NULL; + + /* Check error case. */ + ExpectNull(pkey = PEM_read_PUBKEY(NULL, NULL, NULL, NULL)); + + /* Read in an RSA key. */ + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull(pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_PUBKEY(file, &pkey, NULL, NULL), pkey); + EVP_PKEY_free(pkey); + if (file != XBADFILE) + XFCLOSE(file); +#endif + return EXPECT_RESULT(); +} + +/* test loading RSA key using BIO */ +int test_wolfSSL_PEM_PrivateKey_rsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_FILESYSTEM) && \ + !defined(NO_BIO) + BIO* bio = NULL; + XFILE file = XBADFILE; + const char* fname = "./certs/server-key.pem"; + const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem"; + EVP_PKEY* pkey = NULL; + size_t sz = 0; + byte* buf = NULL; + EVP_PKEY* pkey2 = NULL; + EVP_PKEY* pkey3 = NULL; + RSA* rsa_key = NULL; +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) + unsigned char extra[10]; + int i; + BIO* pub_bio = NULL; + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; +#endif + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf != NULL) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + + /* New empty EVP_PKEY */ + ExpectNotNull(pkey2 = EVP_PKEY_new()); + if (pkey2 != NULL) { + pkey2->type = EVP_PKEY_RSA; + } + /* Test parameter copy */ + ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0); + EVP_PKEY_free(pkey2); + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Qt unit test case : rsa pkcs8 key */ + ExpectTrue((file = XFOPEN(fname_rsa_p8, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey3 = EVP_PKEY_new()); + + ExpectNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey)); + ExpectIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); +#else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); +#endif + + RSA_free(rsa_key); + EVP_PKEY_free(pkey3); + EVP_PKEY_free(pkey); + pkey = NULL; + pkey2 = NULL; + +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) + #define BIO_PEM_TEST_CHAR 'a' + XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra)); + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, + (long)sizeof_server_key_der_2048)); + ExpectNull(pkey); + + ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, + (long)sizeof_server_key_der_2048)); + ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(bio), 0); + ExpectIntEQ(BIO_pending(bio), 1679); + /* Check if the pubkey API writes only the public key */ +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(pub_bio), 0); + /* Previously both the private key and the pubkey calls would write + * out the private key and the PEM header was the only difference. + * The public PEM should be significantly shorter than the + * private key versison. */ + ExpectIntEQ(BIO_pending(pub_bio), 451); +#else + /* Not supported. */ + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), 0); +#endif + + /* test creating new EVP_PKEY with good args */ + ExpectNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { + ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, + pkey->pkey_sz), 0); + } + + /* test of reuse of EVP_PKEY */ + ExpectNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + ExpectIntEQ(BIO_pending(bio), 0); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + SSL_SUCCESS); + /* add 10 extra bytes after PEM */ + ExpectIntEQ(BIO_write(bio, extra, 10), 10); + ExpectNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + ExpectNotNull(pkey); + if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { + ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, + pkey->pkey_sz), 0); + } + /* check 10 extra bytes still there */ + ExpectIntEQ(BIO_pending(bio), 10); + ExpectIntEQ(BIO_read(bio, extra, 10), 10); + for (i = 0; i < 10; i++) { + ExpectIntEQ(extra[i], BIO_PEM_TEST_CHAR); + } + + BIO_free(pub_bio); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + EVP_PKEY_free(pkey2); +#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 && + * !NO_FILESYSTEM && !NO_BIO */ + return EXPECT_RESULT(); +} + +/* test loading ECC key using BIO */ +int test_wolfSSL_PEM_PrivateKey_ecc(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_ECC) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + XFILE file = XBADFILE; + const char* fname = "./certs/ecc-key.pem"; + const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem"; + + size_t sz = 0; + byte* buf = NULL; + EVP_PKEY* pkey2 = NULL; + EVP_PKEY* pkey3 = NULL; + EC_KEY* ec_key = NULL; + int nid = 0; + BIO* pub_bio = NULL; + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(bio), 0); + /* No parameters. */ + ExpectIntEQ(BIO_pending(bio), 227); + /* Check if the pubkey API writes only the public key */ +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(pub_bio), 0); + /* Previously both the private key and the pubkey calls would write + * out the private key and the PEM header was the only difference. + * The public PEM should be significantly shorter than the + * private key versison. */ + ExpectIntEQ(BIO_pending(pub_bio), 178); +#endif + BIO_free(pub_bio); + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey2 = EVP_PKEY_new()); + ExpectNotNull(pkey3 = EVP_PKEY_new()); + if (pkey2 != NULL) { + pkey2->type = EVP_PKEY_EC; + } + /* Test parameter copy */ + ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1); + + + /* Qt unit test case 1*/ + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); + #ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); + #else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); + #endif + /* Test default digest */ + ExpectIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1); + ExpectIntEQ(nid, NID_sha256); + EC_KEY_free(ec_key); + ec_key = NULL; + EVP_PKEY_free(pkey3); + pkey3 = NULL; + EVP_PKEY_free(pkey2); + pkey2 = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Qt unit test case ec pkcs8 key */ + ExpectTrue((file = XFOPEN(fname_ecc_p8, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey3 = EVP_PKEY_new()); + /* Qt unit test case */ + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); +#else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); +#endif + EC_KEY_free(ec_key); + EVP_PKEY_free(pkey3); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + return EXPECT_RESULT(); +} + +/* test loading DSA key using BIO */ +int test_wolfSSL_PEM_PrivateKey_dsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + + ExpectNotNull(bio = BIO_new_file("./certs/dsa2048.pem", "rb")); + /* Private DSA EVP_PKEY */ + ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, + NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) +#ifdef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 1216); +#else + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 1212); +#endif +#endif + +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1); +#ifdef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(BIO_pending(bio), 2394); +#else + ExpectIntEQ(BIO_pending(bio), 2390); +#endif + BIO_reset(bio); +#endif + + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 1); + ExpectIntEQ(BIO_pending(bio), 1196); + + BIO_free(bio); + bio = NULL; + + EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif + return EXPECT_RESULT(); +} + +/* test loading DH key using BIO */ +int test_wolfSSL_PEM_PrivateKey_dh(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DH) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + int expectedBytes = 0; + + ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb")); + /* Private DH EVP_PKEY */ + ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, + NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + expectedBytes += 806; + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), expectedBytes); +#endif +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0); +#endif + + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 1); + expectedBytes += 806; + ExpectIntEQ(BIO_pending(bio), expectedBytes); + + BIO_free(bio); + bio = NULL; + + EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_PrivateKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048) +#ifndef NO_BIO + BIO* bio = NULL; +#endif + EVP_PKEY* pkey = NULL; + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; + +#ifndef NO_BIO + + /* test creating new EVP_PKEY with bad arg */ + ExpectNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); + + /* Test bad EVP_PKEY type. */ + /* New HMAC EVP_PKEY */ + ExpectNotNull(bio = BIO_new_mem_buf("", 1)); + ExpectNotNull(pkey = EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = EVP_PKEY_HMAC; + } + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 0); +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 0); +#endif +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + + + /* key is DES encrypted */ + #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ + !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \ + !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) + { + XFILE f = XBADFILE; + wc_pem_password_cb* passwd_cb = NULL; + void* passwd_cb_userdata; + SSL_CTX* ctx = NULL; + char passwd[] = "bad password"; + + #ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); + #endif + #else + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_client_method())); + #endif + #endif + + ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); + SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); + ExpectNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx)); + ExpectNull(passwd_cb_userdata = + SSL_CTX_get_default_passwd_cb_userdata(ctx)); + + /* fail case with password call back */ + ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, + (void*)passwd)); + BIO_free(bio); + ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); + ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, + (void*)passwd)); + BIO_free(bio); + + ExpectTrue((f = XFOPEN("./certs/server-keyEnc.pem", "rb")) != XBADFILE); + ExpectNotNull(bio = BIO_new_fp(f, BIO_CLOSE)); + if ((bio == NULL) && (f != XBADFILE)) { + XFCLOSE(f); + } + + /* use callback that works */ + ExpectNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, + (void*)"yassl123")); + + ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + SSL_CTX_free(ctx); + } + #endif /* !defined(NO_DES3) */ + +#endif /* !NO_BIO */ + + #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + unsigned char buf[2048]; + size_t bytes = 0; + XFILE f = XBADFILE; + SSL_CTX* ctx = NULL; + + #ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); + #endif + #else + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method())); + #endif + #endif + + ExpectTrue((f = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); + ExpectIntGT(bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + server_key = buf; + pkey = NULL; + ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, + (long int)bytes)); + ExpectNull(pkey); + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, + (long int)bytes)); + ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); + + EVP_PKEY_free(pkey); + pkey = NULL; + SSL_CTX_free(ctx); + server_key = NULL; + } + #endif + +#ifndef NO_BIO + (void)bio; +#endif + (void)pkey; + (void)server_key; +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_file_RSAKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + RSA* rsa = NULL; + XFILE fp = XBADFILE; + + ExpectTrue((fp = XFOPEN("./certs/rsa-pub-2048.pem", "rb")) != XBADFILE); + ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))); + if (fp != XBADFILE) + XFCLOSE(fp); + ExpectIntEQ(RSA_size(rsa), 256); + + ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS); + + ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS); + + RSA_free(rsa); +#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_file_RSAPrivateKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(NO_FILESYSTEM) && \ + (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) + RSA* rsa = NULL; + XFILE f = NULL; + + ExpectTrue((f = XFOPEN(svrKeyFile, "rb")) != XBADFILE); + ExpectNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + ExpectIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + + RSA_free(rsa); + +#ifdef HAVE_ECC + ExpectTrue((f = XFOPEN(eccKeyFile, "rb")) != XBADFILE); + ExpectNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); + if (f != XBADFILE) + XFCLOSE(f); +#endif /* HAVE_ECC */ +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_RSA_PUBKEY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + XFILE file = XBADFILE; + const char* fname = "./certs/client-keyPub.pem"; + RSA *rsa = NULL; + + ExpectNull(wolfSSL_PEM_read_RSA_PUBKEY(XBADFILE, NULL, NULL, NULL)); + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + RSA_free(rsa); + if (file != XBADFILE) + XFCLOSE(file); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_bio(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) + byte buff[6000]; + XFILE f = XBADFILE; + int bytes = 0; + X509* x509 = NULL; + BIO* bio = NULL; + BUF_MEM* buf = NULL; + + ExpectTrue((f = XFOPEN(cliCertFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); + ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); + ExpectIntEQ(BIO_set_mem_eof_return(bio, -0xDEAD), 1); + ExpectNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); + ExpectIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1); + /* BIO should return the set EOF value */ + ExpectIntEQ(BIO_read(bio, buff, sizeof(buff)), -0xDEAD); + ExpectIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1); + ExpectIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1); + ExpectIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf)); + + BIO_free(bio); + BUF_MEM_free(buf); + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_bio_RSAKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_BIO) + RSA* rsa = NULL; + BIO* bio = NULL; + + /* PrivateKey */ + ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); + ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL))); + ExpectNotNull(PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL)); + ExpectNotNull(rsa); + ExpectIntEQ(RSA_size(rsa), 256); + ExpectIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + + /* PUBKEY */ + ExpectNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb")); + ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL))); + ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + + RSA_free(rsa); + rsa = NULL; + + /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */ + ExpectNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb")); + ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + + #ifdef HAVE_ECC + /* ensure that non-rsa keys do not work */ + ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ + ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + #endif /* HAVE_ECC */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_bio_RSAPrivateKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) + RSA* rsa = NULL; + RSA* rsa_dup = NULL; + BIO* bio = NULL; + + ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); + ExpectNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) + ExpectNull(rsa_dup = RSAPublicKey_dup(NULL)); + /* Test duplicating empty key. */ + ExpectNotNull(rsa_dup = RSA_new()); + ExpectNull(RSAPublicKey_dup(rsa_dup)); + RSA_free(rsa_dup); + rsa_dup = NULL; + ExpectNotNull(rsa_dup = RSAPublicKey_dup(rsa)); + ExpectPtrNE(rsa_dup, rsa); +#endif + + /* test if valgrind complains about unreleased memory */ + RSA_up_ref(rsa); + RSA_free(rsa); + + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + RSA_free(rsa_dup); + rsa_dup = NULL; + +#ifdef HAVE_ECC + ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); + ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + + BIO_free(bio); +#endif /* HAVE_ECC */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_bio_DSAKey(void) +{ + EXPECT_DECLS; +#ifndef HAVE_SELFTEST +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && \ + !defined(NO_DSA) && !defined(NO_BIO) + DSA* dsa = NULL; + BIO* bio = NULL; + + /* PrivateKey */ + ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb")); + ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL))); + ExpectNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectIntEQ(BN_num_bytes(dsa->g), 128); + ExpectIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + DSA_free(dsa); + dsa = NULL; + + /* PUBKEY */ + ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb")); + ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL))); + ExpectNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); + ExpectIntEQ(BN_num_bytes(dsa->g), 128); + ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + DSA_free(dsa); + dsa = NULL; + + #ifdef HAVE_ECC + /* ensure that non-dsa keys do not work */ + ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ + ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + DSA_free(dsa); + dsa = NULL; + #endif /* HAVE_ECC */ +#endif +#endif /* HAVE_SELFTEST */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_bio_ECKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && \ + defined(HAVE_ECC) && !defined(NO_BIO) + EC_KEY* ec = NULL; + EC_KEY* ec2; + BIO* bio = NULL; +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + unsigned char* pem = NULL; + int pLen; +#endif + static char ec_key_bad_1[] = "-----BEGIN PUBLIC KEY-----\n" + "MAA=\n" + "-----END PUBLIC KEY-----"; + static char ec_priv_key_bad_1[] = "-----BEGIN EC PRIVATE KEY-----\n" + "MAA=\n" + "-----END EC PRIVATE KEY-----"; + + /* PrivateKey */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); + ExpectNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL))); + ec2 = NULL; + ExpectNotNull((ec = PEM_read_bio_ECPrivateKey(bio, &ec2, NULL, NULL))); + ExpectIntEQ(ec == ec2, 1); + ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, ec, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + /* Public key data - fail. */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); + ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \ + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + + ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, NULL, NULL, NULL, 0, NULL, + NULL),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_ECPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, ec, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_ECPrivateKey(stderr, ec, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, + NULL), 0); +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, + NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, + &pLen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, + &pLen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, + &pLen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, + NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, + &pLen), 1); + ExpectIntGT(pLen, 0); + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + EC_KEY_free(ec); + ec = NULL; + + /* PUBKEY */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); + ExpectNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL))); + ec2 = NULL; + ExpectNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, &ec2, NULL, NULL))); + ExpectIntEQ(ec == ec2, 1); + ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); + ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + /* Test 0x30, 0x00 fails. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_key_bad_1, + sizeof(ec_key_bad_1))); + ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + + /* Private key data - fail. */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); + ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + + /* Same test as above, but with a file pointer rather than a BIO. */ + ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS); + + EC_KEY_free(ec); + ec = NULL; + + #ifndef NO_RSA + /* ensure that non-ec keys do not work */ + ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */ + ExpectNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL))); + ExpectNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + EC_KEY_free(ec); + ec = NULL; + #endif /* !NO_RSA */ + /* Test 0x30, 0x00 fails. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_priv_key_bad_1, + sizeof(ec_priv_key_bad_1))); + ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_PUBKEY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(NO_BIO) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + + /* test creating new EVP_PKEY with bad arg */ + ExpectNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL))); + + /* test loading ECC key using BIO */ +#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + XFILE file = XBADFILE; + const char* fname = "./certs/ecc-client-keyPub.pem"; + size_t sz = 0; + byte* buf = NULL; + + EVP_PKEY* pkey2 = NULL; + EC_KEY* ec_key = NULL; + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectIntEQ(XFSEEK(file, 0, XSEEK_END), 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectIntEQ(XFSEEK(file, 0, XSEEK_SET), 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf != NULL) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + } + + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_bio_PUBKEY(bio, &pkey, NULL, NULL), pkey); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + + /* Qt unit test case*/ + ExpectNotNull(pkey2 = EVP_PKEY_new()); + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS); + #ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */); + #else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0); + #endif + + EC_KEY_free(ec_key); + EVP_PKEY_free(pkey2); + EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif + + (void)bio; + (void)pkey; +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_ossl_pem.h b/tests/api/test_ossl_pem.h new file mode 100644 index 000000000..0f0539824 --- /dev/null +++ b/tests/api/test_ossl_pem.h @@ -0,0 +1,65 @@ +/* test_ossl_pem.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SSL_PEM_H +#define WOLFCRYPT_TEST_SSL_PEM_H + +#include + +int test_wolfSSL_PEM_def_callback(void); +int test_wolfSSL_PEM_read_PrivateKey(void); +int test_wolfSSL_PEM_read_PUBKEY(void); +int test_wolfSSL_PEM_PrivateKey_rsa(void); +int test_wolfSSL_PEM_PrivateKey_ecc(void); +int test_wolfSSL_PEM_PrivateKey_dsa(void); +int test_wolfSSL_PEM_PrivateKey_dh(void); +int test_wolfSSL_PEM_PrivateKey(void); +int test_wolfSSL_PEM_file_RSAKey(void); +int test_wolfSSL_PEM_file_RSAPrivateKey(void); +int test_wolfSSL_PEM_read_RSA_PUBKEY(void); +int test_wolfSSL_PEM_read_bio(void); +int test_wolfSSL_PEM_bio_RSAKey(void); +int test_wolfSSL_PEM_bio_RSAPrivateKey(void); +int test_wolfSSL_PEM_bio_DSAKey(void); +int test_wolfSSL_PEM_bio_ECKey(void); +int test_wolfSSL_PEM_PUBKEY(void); + + +#define TEST_SSL_PEM_DECLS \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_def_callback), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_read_PrivateKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_read_PUBKEY), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_rsa), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_ecc), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_dsa), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_dh), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_file_RSAKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_file_RSAPrivateKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_read_RSA_PUBKEY), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_read_bio), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_bio_RSAKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_bio_RSAPrivateKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_bio_DSAKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_bio_ECKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PUBKEY) + +#endif /* WOLFCRYPT_TEST_SSL_PEM_H */ diff --git a/tests/api/test_ossl_sk.c b/tests/api/test_ossl_sk.c index 9cfe8306a..263f51d2c 100644 --- a/tests/api/test_ossl_sk.c +++ b/tests/api/test_ossl_sk.c @@ -55,7 +55,7 @@ int test_wolfSSL_sk_push_get_node(void) WOLFSSL_STACK* stack = NULL; WOLFSSL_STACK* node1 = NULL; WOLFSSL_STACK* node2 = NULL; - WOLFSSL_STACK* node; + WOLFSSL_STACK* node = NULL; ExpectNotNull(node1 = wolfSSL_sk_new_node(HEAP_HINT)); ExpectNotNull(node2 = wolfSSL_sk_new_node(HEAP_HINT)); diff --git a/tests/api/test_ossl_x509.c b/tests/api/test_ossl_x509.c new file mode 100644 index 000000000..b198da11d --- /dev/null +++ b/tests/api/test_ossl_x509.c @@ -0,0 +1,1690 @@ +/* test_ossl_x509.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +int test_x509_get_key_id(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509 *x509 = NULL; + const ASN1_STRING* str = NULL; + byte* keyId = NULL; + byte keyIdData[32]; + int len; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + len = (int)sizeof(keyIdData); + ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len)); + ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + + ExpectNotNull(str = X509_get0_subject_key_id(x509)); + ExpectNull(wolfSSL_X509_get_subjectKeyID(NULL, NULL, NULL)); + ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, keyIdData, NULL)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + len = (int)sizeof(keyIdData); + ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, &len)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + ExpectNotNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len)); + ExpectIntEQ(len, ASN1_STRING_length(str)); + ExpectBufEQ(keyIdData, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + + ExpectNull(wolfSSL_X509_get_authorityKeyID(NULL, NULL, NULL)); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL)); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, NULL)); + len = (int)sizeof(keyIdData); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, &len)); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len)); + ExpectIntEQ(len, 20); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_version(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + WOLFSSL_X509 *x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ((int)wolfSSL_X509_get_version(x509), 2); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_cmp_time(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ +&& !defined(USER_TIME) && !defined(TIME_OVERRIDES) + WOLFSSL_ASN1_TIME asn_time; + time_t t; + + ExpectIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t)); + XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME)); + ExpectIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t)); + + ExpectIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1); + ExpectIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL)); + ExpectIntEQ(-1, wolfSSL_X509_cmp_current_time(&asn_time)); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_time_adj(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \ + !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \ + !defined(NO_ASN_TIME) + X509* x509 = NULL; + time_t t; + time_t not_before; + time_t not_after; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + client_cert_der_2048, sizeof_client_cert_der_2048, + WOLFSSL_FILETYPE_ASN1)); + + t = 0; + not_before = wc_Time(0); + not_after = wc_Time(0) + (60 * 24 * 30); /* 30 days after */ + ExpectNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t)); + ExpectNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t)); + /* Check X509_gmtime_adj, too. */ + ExpectNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NID(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) + int sigType; + int nameSz = 0; + + X509* cert = NULL; + EVP_PKEY* pubKeyTmp = NULL; + X509_NAME* name = NULL; + + char commonName[80]; + char countryName[80]; + char localityName[80]; + char stateName[80]; + char orgName[80]; + char orgUnit[80]; + + /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */ + + /* convert cert from DER to internal WOLFSSL_X509 struct */ + ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048, + sizeof_client_cert_der_2048, HEAP_HINT)); + + /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */ + + /* extract PUBLIC KEY from cert */ + ExpectNotNull(pubKeyTmp = X509_get_pubkey(cert)); + + /* extract signatureType */ + ExpectIntEQ(wolfSSL_X509_get_signature_type(NULL), 0); + ExpectIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0); + + /* extract subjectName info */ + ExpectNotNull(name = X509_get_subject_name(cert)); + ExpectIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1); + ExpectIntEQ(X509_NAME_get_text_by_NID(NULL, NID_commonName, NULL, 0), -1); + ExpectIntEQ(X509_NAME_get_text_by_NID(name, NID_commonName, + commonName, -2), 0); + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, + NULL, 0)), 0); + ExpectIntEQ(nameSz, 15); + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, + commonName, sizeof(commonName))), 0); + ExpectIntEQ(nameSz, 15); + ExpectIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0); + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, + commonName, 9)), 0); + ExpectIntEQ(nameSz, 8); + ExpectIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName, + countryName, sizeof(countryName))), 0); + ExpectIntEQ(XMEMCMP(countryName, "US", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName, + localityName, sizeof(localityName))), 0); + ExpectIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, + NID_stateOrProvinceName, stateName, sizeof(stateName))), 0); + ExpectIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName, + orgName, sizeof(orgName))), 0); + ExpectIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, + NID_organizationalUnitName, orgUnit, sizeof(orgUnit))), 0); + ExpectIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0); + + EVP_PKEY_free(pubKeyTmp); + X509_free(cert); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_i2d_X509_NAME_canon(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ + defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA) + const long ex_hash1 = 0x0fdb2da4; + const long ex_hash2 = 0x9f3e8c9e; + X509_NAME *name = NULL; + X509 *x509 = NULL; + XFILE file = XBADFILE; + unsigned long hash = 0; + byte digest[WC_MAX_DIGEST_SIZE] = {0}; + byte *pbuf = NULL; + word32 len = 0; + (void) ex_hash2; + + ExpectTrue((file = XFOPEN(caCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); + ExpectNotNull(name = X509_get_issuer_name(x509)); + + /* When output buffer is NULL, should return necessary output buffer + * length.*/ + ExpectIntEQ(wolfSSL_i2d_X509_NAME_canon(NULL, NULL), BAD_FUNC_ARG); + ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0); + ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); + ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); + + hash = (((unsigned long)digest[3] << 24) | + ((unsigned long)digest[2] << 16) | + ((unsigned long)digest[1] << 8) | + ((unsigned long)digest[0])); + ExpectIntEQ(hash, ex_hash1); + + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + X509_free(x509); + x509 = NULL; + XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); + pbuf = NULL; + + ExpectTrue((file = XFOPEN(cliCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); + ExpectNotNull(name = X509_get_issuer_name(x509)); + + ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); + ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); + + hash = (((unsigned long)digest[3] << 24) | + ((unsigned long)digest[2] << 16) | + ((unsigned long)digest[1] << 8) | + ((unsigned long)digest[0])); + + ExpectIntEQ(hash, ex_hash2); + + if (file != XBADFILE) + XFCLOSE(file); + X509_free(x509); + XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_X509_subject_name_hash(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) + X509* x509 = NULL; + X509_NAME* subjectName = NULL; + unsigned long ret1 = 0; + unsigned long ret2 = 0; + + ExpectNotNull(x509 = X509_new()); + ExpectIntEQ(X509_subject_name_hash(NULL), 0); + ExpectIntEQ(X509_subject_name_hash(x509), 0); + X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(subjectName = wolfSSL_X509_get_subject_name(x509)); + + /* These two + * - X509_subject_name_hash(x509) + * - X509_NAME_hash(X509_get_subject_name(x509)) + * should give the same hash, if !defined(NO_SHA) is true. */ + + ret1 = X509_subject_name_hash(x509); + ExpectIntNE(ret1, 0); + +#if !defined(NO_SHA) + ret2 = X509_NAME_hash(X509_get_subject_name(x509)); + ExpectIntNE(ret2, 0); + + ExpectIntEQ(ret1, ret2); +#else + (void) ret2; +#endif + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_issuer_name_hash(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) + X509* x509 = NULL; + X509_NAME* issuertName = NULL; + unsigned long ret1 = 0; + unsigned long ret2 = 0; + + ExpectNotNull(x509 = X509_new()); + ExpectIntEQ(X509_issuer_name_hash(NULL), 0); + ExpectIntEQ(X509_issuer_name_hash(x509), 0); + X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509)); + + /* These two + * - X509_issuer_name_hash(x509) + * - X509_NAME_hash(X509_get_issuer_name(x509)) + * should give the same hash, if !defined(NO_SHA) is true. */ + + ret1 = X509_issuer_name_hash(x509); + ExpectIntNE(ret1, 0); + +#if !defined(NO_SHA) + ret2 = X509_NAME_hash(X509_get_issuer_name(x509)); + ExpectIntNE(ret2, 0); + + ExpectIntEQ(ret1, ret2); +#else + (void) ret2; +#endif + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_check_host(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(NO_SHA) && !defined(NO_RSA) + X509* x509 = NULL; + const char altName[] = "example.com"; + const char badAltName[] = "a.example.com"; + + ExpectIntEQ(X509_check_host(NULL, NULL, XSTRLEN(altName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + + ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL), + WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ + ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_check_host(x509, NULL, 0, + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_NO_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_NO_PARTIAL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_MULTI_LABEL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + X509_free(x509); + + ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ + ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_check_email(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) + X509* x509 = NULL; + X509* empty = NULL; + const char goodEmail[] = "info@wolfssl.com"; + const char badEmail[] = "disinfo@wolfssl.com"; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(empty = wolfSSL_X509_new()); + + ExpectIntEQ(wolfSSL_X509_check_email(NULL, NULL, 0, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, XSTRLEN(goodEmail), + 0), 0); + ExpectIntEQ(wolfSSL_X509_check_email(empty, goodEmail, XSTRLEN(goodEmail), + 0), 0); + + /* Should fail on non-matching email address */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Should succeed on matching email address */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), + 0), WOLFSSL_SUCCESS); + /* Should compute length internally when not provided */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0), + WOLFSSL_SUCCESS); + /* Should fail when email address is NULL */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + X509_free(empty); + X509_free(x509); + + /* Should fail when x509 is NULL */ + ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + X509* x509 = NULL; +#ifndef NO_BIO + BIO* bio = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE* store = NULL; +#endif + char der[] = "certs/ca-cert.der"; + XFILE fp = XBADFILE; + int derSz = 0; + +#ifndef NO_BIO + ExpectNotNull(bio = BIO_new(BIO_s_mem())); +#endif + + ExpectNotNull(x509 = X509_new()); + ExpectNull(wolfSSL_X509_get_der(x509, &derSz)); +#if !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN) + ExpectIntEQ(i2d_X509_bio(bio, x509), WOLFSSL_FAILURE); +#endif + ExpectNull(wolfSSL_X509_dup(x509)); + X509_free(x509); + x509 = NULL; + +#ifndef NO_BIO + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + +#ifdef WOLFSSL_CERT_GEN + ExpectIntEQ(i2d_X509_bio(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(i2d_X509_bio(bio, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(i2d_X509_bio(NULL, x509), WOLFSSL_FAILURE); + ExpectIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS); +#endif + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + + ExpectIntEQ(X509_verify_cert(ctx), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectNotNull(wolfSSL_X509_verify_cert_error_string(CRL_MISSING)); + + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS); + ExpectIntEQ(X509_verify_cert(ctx), SSL_SUCCESS); + +#ifndef NO_WOLFSSL_STUB + ExpectNull(X509_get_default_cert_file_env()); + ExpectNull(X509_get_default_cert_file()); + ExpectNull(X509_get_default_cert_dir_env()); + ExpectNull(X509_get_default_cert_dir()); +#endif + + ExpectNull(wolfSSL_X509_get_der(NULL, NULL)); + ExpectNull(wolfSSL_X509_get_der(x509, NULL)); + ExpectNull(wolfSSL_X509_get_der(NULL, &derSz)); + + ExpectIntEQ(wolfSSL_X509_version(NULL), 0); + ExpectIntEQ(wolfSSL_X509_version(x509), 3); + + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + X509_free(x509); + x509 = NULL; + BIO_free(bio); + bio = NULL; +#endif + + /** d2i_X509_fp test **/ + ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE); + ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL)); + ExpectNotNull(x509); + +#ifdef HAVE_EX_DATA_CRYPTO + ExpectIntEQ(wolfSSL_X509_get_ex_new_index(1, NULL, NULL, NULL, NULL), 0); +#endif + ExpectNull(wolfSSL_X509_get_ex_data(NULL, 1)); + ExpectNull(wolfSSL_X509_get_ex_data(x509, 1)); +#ifdef HAVE_EX_DATA + ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0); + ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 1); + ExpectPtrEq(wolfSSL_X509_get_ex_data(x509, 1), der); +#else + ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0); + ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 0); + ExpectNull(wolfSSL_X509_get_ex_data(x509, 1)); +#endif + + X509_free(x509); + x509 = NULL; + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE); + ExpectNull((X509 *)d2i_X509_fp(XBADFILE, (X509 **)&x509)); + ExpectNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509)); + ExpectNotNull(x509); + X509_free(x509); + x509 = NULL; + if (fp != XBADFILE) + XFCLOSE(fp); + +#ifndef NO_BIO + ExpectNotNull(bio = BIO_new_file(der, "rb")); + ExpectNull(d2i_X509_bio(NULL, &x509)); + ExpectNotNull(x509 = d2i_X509_bio(bio, NULL)); + ExpectNotNull(x509); + X509_free(x509); + BIO_free(bio); + bio = NULL; +#endif + + /* X509_up_ref test */ + ExpectIntEQ(X509_up_ref(NULL), 0); + ExpectNotNull(x509 = X509_new()); /* refCount = 1 */ + ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */ + ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */ + X509_free(x509); /* refCount = 2 */ + X509_free(x509); /* refCount = 1 */ + X509_free(x509); /* refCount = 0, free */ + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get0_tbs_sigalg(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) + X509* x509 = NULL; + const X509_ALGOR* alg; + + ExpectNotNull(x509 = X509_new()); + + ExpectNull(alg = X509_get0_tbs_sigalg(NULL)); + ExpectNotNull(alg = X509_get0_tbs_sigalg(x509)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_name(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + X509* x509 = NULL; + X509_NAME* name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, 0, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, + 1), WOLFSSL_SUCCESS); + ExpectNotNull(x509 = X509_new()); + + ExpectIntEQ(X509_set_subject_name(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_subject_name(x509, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_subject_name(NULL, name), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_set_issuer_name(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_issuer_name(x509, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_issuer_name(NULL, name), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + + X509_free(x509); + X509_NAME_free(name); +#endif /* OPENSSL_ALL && !NO_CERTS */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_notAfter(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ + && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ + !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\ + !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO) + /* Generalized time will overflow time_t if not long */ + X509* x = NULL; + BIO* bio = NULL; + ASN1_TIME *asn_time = NULL; + ASN1_TIME *time_check = NULL; + const int year = 365*24*60*60; + const int day = 24*60*60; + const int hour = 60*60; + const int mini = 60; + int offset_day; + unsigned char buf[25]; + time_t t; + + /* + * Setup asn_time. APACHE HTTPD uses time(NULL) + */ + t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day; + offset_day = 7; + /* + * Free these. + */ + asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); + ExpectNotNull(asn_time); + ExpectNotNull(x = X509_new()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + /* + * Tests + */ + ExpectTrue(wolfSSL_X509_set_notAfter(x, asn_time)); + /* time_check is simply (ANS1_TIME*)x->notAfter */ + ExpectNotNull(time_check = X509_get_notAfter(x)); + /* ANS1_TIME_check validates by checking if argument can be parsed */ + ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); + /* Convert to human readable format and compare to intended date */ + ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); + ExpectIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0); + + ExpectFalse(wolfSSL_X509_set_notAfter(NULL, NULL)); + ExpectFalse(wolfSSL_X509_set_notAfter(x, NULL)); + ExpectFalse(wolfSSL_X509_set_notAfter(NULL, asn_time)); + + /* + * Cleanup + */ + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + X509_free(x); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_notBefore(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ + && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ + !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) + X509* x = NULL; + BIO* bio = NULL; + ASN1_TIME *asn_time = NULL; + ASN1_TIME *time_check = NULL; + const int year = 365*24*60*60; + const int day = 24*60*60; + const int hour = 60*60; + const int mini = 60; + int offset_day; + unsigned char buf[25]; + time_t t; + + /* + * Setup asn_time. APACHE HTTPD uses time(NULL) + */ + t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day; + offset_day = 7; + + /* + * Free these. + */ + asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); + ExpectNotNull(asn_time); + ExpectNotNull(x = X509_new()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS); + + /* + * Main Tests + */ + ExpectTrue(wolfSSL_X509_set_notBefore(x, asn_time)); + /* time_check == (ANS1_TIME*)x->notBefore */ + ExpectNotNull(time_check = X509_get_notBefore(x)); + /* ANS1_TIME_check validates by checking if argument can be parsed */ + ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); + /* Convert to human readable format and compare to intended date */ + ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); + ExpectIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0); + + ExpectFalse(wolfSSL_X509_set_notBefore(NULL, NULL)); + ExpectFalse(wolfSSL_X509_set_notBefore(x, NULL)); + ExpectFalse(wolfSSL_X509_set_notBefore(NULL, asn_time)); + + ExpectNull(X509_get_notBefore(NULL)); + ExpectNull(X509_get_notAfter(NULL)); + + /* + * Cleanup + */ + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + X509_free(x); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_version(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + X509* x509 = NULL; + long v = 2L; + long maxInt = INT_MAX; + + ExpectNotNull(x509 = X509_new()); + /* These should pass. */ + ExpectTrue(wolfSSL_X509_set_version(x509, v)); + ExpectIntEQ(0, wolfSSL_X509_get_version(NULL)); + ExpectIntEQ(v, wolfSSL_X509_get_version(x509)); + /* Fail Case: When v(long) is greater than x509->version(int). */ + v = maxInt+1; + ExpectFalse(wolfSSL_X509_set_version(x509, v)); + + ExpectIntEQ(wolfSSL_X509_set_version(NULL, -1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_version(NULL, 1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_version(x509, -1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_version(NULL, maxInt+1), WOLFSSL_FAILURE); + + /* Cleanup */ + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_serialNumber(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + ASN1_INTEGER* a = NULL; + BIGNUM* bn = NULL; + X509* x509 = NULL; + X509* empty = NULL; + char *serialHex = NULL; + byte serial[3]; + int serialSz; + + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + ExpectNull(X509_get_serialNumber(NULL)); + ExpectNotNull(X509_get_serialNumber(empty)); + ExpectNotNull(a = X509_get_serialNumber(x509)); + + /* check on value of ASN1 Integer */ + ExpectNotNull(bn = ASN1_INTEGER_to_BN(a, NULL)); + a = NULL; + + /* test setting serial number and then retrieving it */ + ExpectNotNull(a = ASN1_INTEGER_new()); + ExpectIntEQ(ASN1_INTEGER_set(a, 3), 1); + ExpectIntEQ(X509_set_serialNumber(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(X509_set_serialNumber(NULL, a), WOLFSSL_FAILURE); + ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, &serialSz), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, NULL), + BAD_FUNC_ARG); + serialSz = 0; + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), + BUFFER_E); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, NULL, &serialSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(serialSz, 1); + serialSz = sizeof(serial); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(serialSz, 1); + ExpectIntEQ(serial[0], 3); + ASN1_INTEGER_free(a); + a = NULL; + + /* test setting serial number with 0's in it */ + serial[0] = 0x01; + serial[1] = 0x00; + serial[2] = 0x02; + + ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new()); + if (a != NULL) { + a->data[0] = ASN_INTEGER; + a->data[1] = sizeof(serial); + XMEMCPY(&a->data[2], serial, sizeof(serial)); + a->length = sizeof(serial) + 2; + } + ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); + + XMEMSET(serial, 0, sizeof(serial)); + serialSz = sizeof(serial); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(serialSz, 3); + ExpectIntEQ(serial[0], 0x01); + ExpectIntEQ(serial[1], 0x00); + ExpectIntEQ(serial[2], 0x02); + ASN1_INTEGER_free(a); + a = NULL; + + X509_free(x509); /* free's a */ + X509_free(empty); + + ExpectNotNull(serialHex = BN_bn2hex(bn)); +#ifndef WC_DISABLE_RADIX_ZERO_PAD + ExpectStrEQ(serialHex, "01"); +#else + ExpectStrEQ(serialHex, "1"); +#endif + OPENSSL_free(serialHex); + ExpectIntEQ(BN_get_word(bn), 1); + BN_free(bn); + /* hard test free'ing with dynamic buffer to make sure there is no leaks */ + ExpectNotNull(a = ASN1_INTEGER_new()); + if (a != NULL) { + ExpectNotNull(a->data = (unsigned char*)XMALLOC(100, NULL, + DYNAMIC_TYPE_OPENSSL)); + a->isDynamic = 1; + ASN1_INTEGER_free(a); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_get_tbs(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ + && defined(OPENSSL_EXTRA) + WOLFSSL_X509* x509 = NULL; + const unsigned char* tbs; + int tbsSz; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile, + WOLFSSL_FILETYPE_PEM)); + + ExpectNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz)); + ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, NULL)); + ExpectNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); + ExpectIntEQ(tbsSz, 1003); + + wolfSSL_FreeX509(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_ext_get_critical_by_NID(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) + WOLFSSL_X509* x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(NULL, + WC_NID_basic_constraints), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_basic_constraints), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_subject_alt_name), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_authority_key_identifier), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_subject_key_identifier), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_key_usage), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_crl_distribution_points), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_ext_key_usage), 0); +#ifdef WOLFSSL_SEP + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_certificate_policies), 0); +#endif + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_info_access), 0); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_CRL_distribution_points(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + WOLFSSL_X509* x509 = NULL; + const char* file = "./certs/client-crl-dist.pem"; + + ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(NULL, + WC_NID_crl_distribution_points), 0); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, + WC_NID_crl_distribution_points), 0); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(file, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, + WC_NID_crl_distribution_points), 1); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_check_ip_asc(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *empty = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(empty = wolfSSL_X509_new()); + +#if 0 + /* TODO: add cert gen for testing positive case */ + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1); +#endif + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0); + + wolfSSL_X509_free(empty); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_bad_altname(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + const unsigned char malformed_alt_name_cert[] = { + 0x30, 0x82, 0x02, 0xf9, 0x30, 0x82, 0x01, 0xe1, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x02, 0x10, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0f, 0x31, 0x0d, + 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, 0x31, + 0x31, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x32, 0x30, 0x37, 0x31, + 0x37, 0x32, 0x34, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, 0x30, 0x32, + 0x31, 0x34, 0x30, 0x36, 0x32, 0x36, 0x35, 0x33, 0x5a, 0x30, 0x0f, 0x31, + 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, + 0x61, 0x61, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8, + 0x8a, 0x5e, 0x26, 0x23, 0x1b, 0x31, 0xd3, 0x37, 0x1a, 0x70, 0xb2, 0xec, + 0x3f, 0x74, 0xd4, 0xb4, 0x44, 0xe3, 0x7a, 0xa5, 0xc0, 0xf5, 0xaa, 0x97, + 0x26, 0x9a, 0x04, 0xff, 0xda, 0xbe, 0xe5, 0x09, 0x03, 0x98, 0x3d, 0xb5, + 0xbf, 0x01, 0x2c, 0x9a, 0x0a, 0x3a, 0xfb, 0xbc, 0x3c, 0xe7, 0xbe, 0x83, + 0x5c, 0xb3, 0x70, 0xe8, 0x5c, 0xe3, 0xd1, 0x83, 0xc3, 0x94, 0x08, 0xcd, + 0x1a, 0x87, 0xe5, 0xe0, 0x5b, 0x9c, 0x5c, 0x6e, 0xb0, 0x7d, 0xe2, 0x58, + 0x6c, 0xc3, 0xb5, 0xc8, 0x9d, 0x11, 0xf1, 0x5d, 0x96, 0x0d, 0x66, 0x1e, + 0x56, 0x7f, 0x8f, 0x59, 0xa7, 0xa5, 0xe1, 0xc5, 0xe7, 0x81, 0x4c, 0x09, + 0x9d, 0x5e, 0x96, 0xf0, 0x9a, 0xc2, 0x8b, 0x70, 0xd5, 0xab, 0x79, 0x58, + 0x5d, 0xb7, 0x58, 0xaa, 0xfd, 0x75, 0x52, 0xaa, 0x4b, 0xa7, 0x25, 0x68, + 0x76, 0x59, 0x00, 0xee, 0x78, 0x2b, 0x91, 0xc6, 0x59, 0x91, 0x99, 0x38, + 0x3e, 0xa1, 0x76, 0xc3, 0xf5, 0x23, 0x6b, 0xe6, 0x07, 0xea, 0x63, 0x1c, + 0x97, 0x49, 0xef, 0xa0, 0xfe, 0xfd, 0x13, 0xc9, 0xa9, 0x9f, 0xc2, 0x0b, + 0xe6, 0x87, 0x92, 0x5b, 0xcc, 0xf5, 0x42, 0x95, 0x4a, 0xa4, 0x6d, 0x64, + 0xba, 0x7d, 0xce, 0xcb, 0x04, 0xd0, 0xf8, 0xe7, 0xe3, 0xda, 0x75, 0x60, + 0xd3, 0x8b, 0x6a, 0x64, 0xfc, 0x78, 0x56, 0x21, 0x69, 0x5a, 0xe8, 0xa7, + 0x8f, 0xfb, 0x8f, 0x82, 0xe3, 0xae, 0x36, 0xa2, 0x93, 0x66, 0x92, 0xcb, + 0x82, 0xa3, 0xbe, 0x84, 0x00, 0x86, 0xdc, 0x7e, 0x6d, 0x53, 0x77, 0x84, + 0x17, 0xb9, 0x55, 0x43, 0x0d, 0xf1, 0x16, 0x1f, 0xd5, 0x43, 0x75, 0x99, + 0x66, 0x19, 0x52, 0xd0, 0xac, 0x5f, 0x74, 0xad, 0xb2, 0x90, 0x15, 0x50, + 0x04, 0x74, 0x43, 0xdf, 0x6c, 0x35, 0xd0, 0xfd, 0x32, 0x37, 0xb3, 0x8d, + 0xf5, 0xe5, 0x09, 0x02, 0x01, 0x03, 0xa3, 0x61, 0x30, 0x5f, 0x30, 0x0c, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, + 0x04, 0x61, 0x2a, 0x00, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x92, 0x6a, 0x1e, 0x52, 0x3a, 0x1a, 0x57, 0x9f, + 0xc9, 0x82, 0x9a, 0xce, 0xc8, 0xc0, 0xa9, 0x51, 0x9d, 0x2f, 0xc7, 0x72, + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, + 0x14, 0x6b, 0xf9, 0xa4, 0x2d, 0xa5, 0xe9, 0x39, 0x89, 0xa8, 0x24, 0x58, + 0x79, 0x87, 0x11, 0xfc, 0x6f, 0x07, 0x91, 0xef, 0xa6, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0xd5, 0x37, 0x2f, 0xc7, 0xf8, 0x8b, + 0x39, 0x1c, 0xe3, 0xdf, 0x77, 0xee, 0xc6, 0x4b, 0x5f, 0x84, 0xcf, 0xfa, + 0x33, 0x2c, 0xb2, 0xb5, 0x4b, 0x09, 0xee, 0x56, 0xc0, 0xf2, 0xf0, 0xeb, + 0xad, 0x1c, 0x02, 0xef, 0xae, 0x09, 0x53, 0xc0, 0x06, 0xad, 0x4e, 0xfd, + 0x3e, 0x8c, 0x13, 0xb3, 0xbf, 0x80, 0x05, 0x36, 0xb5, 0x3f, 0x2b, 0xc7, + 0x60, 0x53, 0x14, 0xbf, 0x33, 0x63, 0x47, 0xc3, 0xc6, 0x28, 0xda, 0x10, + 0x12, 0xe2, 0xc4, 0xeb, 0xc5, 0x64, 0x66, 0xc0, 0xcc, 0x6b, 0x84, 0xda, + 0x0c, 0xe9, 0xf6, 0xe3, 0xf8, 0x8e, 0x3d, 0x95, 0x5f, 0xba, 0x9f, 0xe1, + 0xc7, 0xed, 0x6e, 0x97, 0xcc, 0xbd, 0x7d, 0xe5, 0x4e, 0xab, 0xbc, 0x1b, + 0xf1, 0x3a, 0x09, 0x33, 0x09, 0xe1, 0xcc, 0xec, 0x21, 0x16, 0x8e, 0xb1, + 0x74, 0x9e, 0xc8, 0x13, 0x7c, 0xdf, 0x07, 0xaa, 0xeb, 0x70, 0xd7, 0x91, + 0x5c, 0xc4, 0xef, 0x83, 0x88, 0xc3, 0xe4, 0x97, 0xfa, 0xe4, 0xdf, 0xd7, + 0x0d, 0xff, 0xba, 0x78, 0x22, 0xfc, 0x3f, 0xdc, 0xd8, 0x02, 0x8d, 0x93, + 0x57, 0xf9, 0x9e, 0x39, 0x3a, 0x77, 0x00, 0xd9, 0x19, 0xaa, 0x68, 0xa1, + 0xe6, 0x9e, 0x13, 0xeb, 0x37, 0x16, 0xf5, 0x77, 0xa4, 0x0b, 0x40, 0x04, + 0xd3, 0xa5, 0x49, 0x78, 0x35, 0xfa, 0x3b, 0xf6, 0x02, 0xab, 0x85, 0xee, + 0xcb, 0x9b, 0x62, 0xda, 0x05, 0x00, 0x22, 0x2f, 0xf8, 0xbd, 0x0b, 0xe5, + 0x2c, 0xb2, 0x53, 0x78, 0x0a, 0xcb, 0x69, 0xc0, 0xb6, 0x9f, 0x96, 0xff, + 0x58, 0x22, 0x70, 0x9c, 0x01, 0x2e, 0x56, 0x60, 0x5d, 0x37, 0xe3, 0x40, + 0x25, 0xc9, 0x90, 0xc8, 0x0f, 0x41, 0x68, 0xb4, 0xfd, 0x10, 0xe2, 0x09, + 0x99, 0x08, 0x5d, 0x7b, 0xc9, 0xe3, 0x29, 0xd4, 0x5a, 0xcf, 0xc9, 0x34, + 0x55, 0xa1, 0x40, 0x44, 0xd6, 0x88, 0x16, 0xbb, 0xdd + }; + + X509* x509 = NULL; + int certSize = (int)sizeof(malformed_alt_name_cert) / sizeof(unsigned char); + const char *name = "aaaaa"; + int nameLen = (int)XSTRLEN(name); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + malformed_alt_name_cert, certSize, SSL_FILETYPE_ASN1)); + + /* malformed_alt_name_cert has a malformed alternative + * name of "a*\0*". Ensure that it does not match "aaaaa" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + + /* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), 1); + + X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_name_match1(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name a* */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xac, 0x30, 0x82, 0x02, 0x94, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x0f, 0xa5, 0x10, 0x85, 0xef, 0x58, 0x10, 0x59, 0xfc, + 0x0f, 0x20, 0x1f, 0x53, 0xf5, 0x30, 0x39, 0x34, 0x49, 0x54, 0x05, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x30, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf4, 0xca, 0x3d, + 0xd4, 0xbc, 0x9b, 0xea, 0x74, 0xfe, 0x73, 0xf4, 0x16, 0x23, 0x0b, 0x4a, + 0x09, 0x54, 0xf6, 0x7b, 0x10, 0x99, 0x11, 0x93, 0xb2, 0xdb, 0x4d, 0x7d, + 0x23, 0xab, 0xf9, 0xcd, 0xf6, 0x54, 0xd4, 0xf6, 0x39, 0x57, 0xee, 0x97, + 0xb2, 0xb9, 0xfc, 0x7e, 0x9c, 0xb3, 0xfb, 0x56, 0xb6, 0x84, 0xd6, 0x2d, + 0x59, 0x1c, 0xed, 0xda, 0x9b, 0x19, 0xf5, 0x8a, 0xa7, 0x8a, 0x89, 0xd6, + 0xa1, 0xc0, 0xe6, 0x16, 0xad, 0x04, 0xcf, 0x5a, 0x1f, 0xdf, 0x62, 0x6c, + 0x68, 0x45, 0xe9, 0x55, 0x2e, 0x42, 0xa3, 0x1b, 0x3b, 0x86, 0x23, 0x22, + 0xa1, 0x20, 0x48, 0xd1, 0x52, 0xc0, 0x8b, 0xab, 0xe2, 0x8a, 0x15, 0x68, + 0xbd, 0x89, 0x6f, 0x9f, 0x45, 0x75, 0xb4, 0x27, 0xc1, 0x72, 0x41, 0xfd, + 0x79, 0x89, 0xb0, 0x74, 0xa2, 0xe9, 0x61, 0x48, 0x4c, 0x54, 0xad, 0x6b, + 0x61, 0xbf, 0x0e, 0x27, 0x58, 0xb4, 0xf6, 0x9c, 0x2c, 0x9f, 0xc2, 0x3e, + 0x3b, 0xb3, 0x90, 0x41, 0xbc, 0x61, 0xcd, 0x01, 0x57, 0x90, 0x82, 0xec, + 0x46, 0xba, 0x4f, 0x89, 0x8e, 0x7f, 0x49, 0x4f, 0x46, 0x69, 0x37, 0x8b, + 0xa0, 0xba, 0x85, 0xe8, 0x42, 0xff, 0x9a, 0xa1, 0x53, 0x81, 0x5c, 0xf3, + 0x8e, 0x85, 0x1c, 0xd4, 0x90, 0x60, 0xa0, 0x37, 0x59, 0x04, 0x65, 0xa6, + 0xb5, 0x12, 0x00, 0xc3, 0x04, 0x51, 0xa7, 0x83, 0x96, 0x62, 0x3d, 0x49, + 0x97, 0xe8, 0x6b, 0x9a, 0x5d, 0x51, 0x24, 0xee, 0xad, 0x45, 0x18, 0x0f, + 0x3f, 0x97, 0xec, 0xdf, 0xcf, 0x42, 0x8a, 0x96, 0xc7, 0xd8, 0x82, 0x87, + 0x7f, 0x57, 0x70, 0x22, 0xfb, 0x29, 0x3e, 0x3c, 0xa3, 0xc1, 0xd5, 0x71, + 0xb3, 0x84, 0x06, 0x53, 0xa3, 0x86, 0x20, 0x35, 0xe3, 0x41, 0xb9, 0xd8, + 0x00, 0x22, 0x4f, 0x6d, 0xe6, 0xfd, 0xf0, 0xf4, 0xa2, 0x39, 0x0a, 0x1a, + 0x23, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x30, 0x30, 0x2e, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x06, 0x30, 0x04, 0x82, 0x02, 0x61, + 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x45, 0x05, 0xf3, 0x4d, 0x3e, 0x7e, 0x9c, 0xf5, 0x08, 0xee, 0x2c, 0x13, + 0x32, 0xe3, 0xf2, 0x14, 0xe8, 0x0e, 0x71, 0x21, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0xa8, 0x28, 0xe5, 0x22, 0x65, 0xcf, 0x47, 0xfe, + 0x82, 0x17, 0x99, 0x20, 0xdb, 0xb1, 0x57, 0xd4, 0x91, 0x1a, 0x83, 0xde, + 0xc1, 0xaf, 0xc4, 0x1f, 0xfb, 0xa4, 0x6a, 0xad, 0xdc, 0x58, 0x72, 0xd9, + 0x9b, 0xab, 0xa5, 0xbb, 0xf4, 0x98, 0xd4, 0xdf, 0x36, 0xcb, 0xb5, 0x78, + 0xce, 0x4b, 0x25, 0x5b, 0x24, 0x92, 0xfe, 0xe8, 0xd4, 0xe4, 0xbd, 0x6f, + 0x71, 0x1a, 0x81, 0x2a, 0x6f, 0x35, 0x93, 0xf7, 0xcc, 0xed, 0xe5, 0x06, + 0xd2, 0x96, 0x41, 0xb5, 0xa9, 0x8a, 0xc0, 0xc9, 0x17, 0xe3, 0x13, 0x5e, + 0x94, 0x5e, 0xfa, 0xfc, 0xf0, 0x00, 0x2e, 0xe1, 0xd8, 0x1b, 0x23, 0x3f, + 0x7c, 0x4d, 0x9f, 0xfb, 0xb7, 0x95, 0xc1, 0x94, 0x7f, 0x7f, 0xb5, 0x4f, + 0x93, 0x6d, 0xc3, 0x2b, 0xb2, 0x28, 0x36, 0xd2, 0x7c, 0x01, 0x3c, 0xae, + 0x35, 0xdb, 0xc8, 0x95, 0x1b, 0x5f, 0x6c, 0x0f, 0x57, 0xb3, 0xcc, 0x97, + 0x98, 0x80, 0x06, 0xaa, 0xe4, 0x93, 0x1f, 0xb7, 0xa0, 0x54, 0xf1, 0x4f, + 0x6f, 0x11, 0xdf, 0xab, 0xd3, 0xbf, 0xf0, 0x3a, 0x81, 0x60, 0xaf, 0x7a, + 0xf7, 0x09, 0xd5, 0xae, 0x0c, 0x7d, 0xae, 0x8d, 0x47, 0x06, 0xbe, 0x11, + 0x6e, 0xf8, 0x7e, 0x49, 0xf8, 0xac, 0x24, 0x0a, 0x4b, 0xc2, 0xf6, 0xe8, + 0x2c, 0xec, 0x35, 0xef, 0xa9, 0x13, 0xb8, 0xd2, 0x9c, 0x92, 0x61, 0x91, + 0xec, 0x7b, 0x0c, 0xea, 0x9a, 0x71, 0x36, 0x15, 0x34, 0x2b, 0x7a, 0x25, + 0xac, 0xfe, 0xc7, 0x26, 0x89, 0x70, 0x3e, 0x64, 0x68, 0x97, 0x4b, 0xaa, + 0xc1, 0x24, 0x14, 0xbd, 0x45, 0x2f, 0xe0, 0xfe, 0xf4, 0x2b, 0x8e, 0x08, + 0x3e, 0xe4, 0xb5, 0x3d, 0x5d, 0xf4, 0xc3, 0xd6, 0x9c, 0xb5, 0x33, 0x1b, + 0x3b, 0xda, 0x6e, 0x99, 0x7b, 0x09, 0xd1, 0x30, 0x97, 0x23, 0x52, 0x6d, + 0x1b, 0x71, 0x3a, 0xf4, 0x54, 0xf0, 0xe5, 0x9e + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "aaaaa"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "a"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "abbbb"; + int nameLen3 = (int)(XSTRLEN(name3)); + const char *name4 = "bbb"; + int nameLen4 = (int)(XSTRLEN(name4)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "a*" matches "aaaaa" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" matches "a" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" matches "abbbb" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "bbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since + * 'a*' alt name does not have wildcard left-most */ + + /* Ensure that "a*" does not match "aaaaa" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "a" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "abbbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "bbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_name_match2(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name a*b* */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xae, 0x30, 0x82, 0x02, 0x96, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x41, 0x8c, 0x8b, 0xaa, 0x0e, 0xd8, 0x5a, 0xc0, 0x52, + 0x46, 0x0e, 0xe5, 0xd8, 0xb9, 0x48, 0x93, 0x7e, 0x8a, 0x7c, 0x65, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x30, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x60, 0x80, + 0xf3, 0xee, 0x19, 0xd2, 0xe4, 0x15, 0x94, 0x54, 0x12, 0x88, 0xee, 0xda, + 0x11, 0x11, 0x87, 0x99, 0x88, 0xb3, 0x71, 0xc7, 0x97, 0x78, 0x1b, 0x57, + 0x37, 0x1d, 0x0b, 0x1f, 0x2f, 0x2c, 0x35, 0x13, 0x75, 0xd3, 0x31, 0x3e, + 0x6f, 0x80, 0x21, 0xa5, 0xa3, 0xad, 0x10, 0x81, 0xb6, 0x37, 0xd4, 0x55, + 0x2e, 0xc1, 0xb8, 0x37, 0xa3, 0x3c, 0xe8, 0x81, 0x03, 0x3c, 0xda, 0x5f, + 0x6f, 0x45, 0x32, 0x2b, 0x0e, 0x99, 0x27, 0xfd, 0xe5, 0x6c, 0x07, 0xd9, + 0x4e, 0x0a, 0x8b, 0x23, 0x74, 0x96, 0x25, 0x97, 0xae, 0x6d, 0x19, 0xba, + 0xbf, 0x0f, 0xc8, 0xa1, 0xe5, 0xea, 0xa8, 0x00, 0x09, 0xc3, 0x9a, 0xef, + 0x09, 0x33, 0xc1, 0x33, 0x2e, 0x7b, 0x6d, 0xa7, 0x66, 0x87, 0xb6, 0x3a, + 0xb9, 0xdb, 0x4c, 0x5e, 0xb5, 0x55, 0x69, 0x37, 0x17, 0x92, 0x1f, 0xe3, + 0x53, 0x1a, 0x2d, 0x25, 0xd0, 0xcf, 0x72, 0x37, 0xc2, 0x89, 0x83, 0x78, + 0xcf, 0xac, 0x2e, 0x46, 0x92, 0x5c, 0x4a, 0xba, 0x7d, 0xa0, 0x22, 0x34, + 0xb1, 0x22, 0x26, 0x99, 0xda, 0xe8, 0x97, 0xe2, 0x0c, 0xd3, 0xbc, 0x97, + 0x7e, 0xa8, 0xb9, 0xe3, 0xe2, 0x7f, 0x56, 0xef, 0x22, 0xee, 0x15, 0x95, + 0xa6, 0xd1, 0xf4, 0xa7, 0xac, 0x4a, 0xab, 0xc1, 0x1a, 0xda, 0xc5, 0x5f, + 0xa5, 0x5e, 0x2f, 0x15, 0x9c, 0x36, 0xbe, 0xd3, 0x47, 0xb6, 0x86, 0xb9, + 0xc6, 0x59, 0x39, 0x36, 0xad, 0x84, 0x53, 0x95, 0x72, 0x91, 0x89, 0x51, + 0x32, 0x77, 0xf1, 0xa5, 0x93, 0xfe, 0xf0, 0x41, 0x7c, 0x64, 0xf1, 0xb0, + 0x8b, 0x81, 0x8d, 0x3a, 0x2c, 0x9e, 0xbe, 0x2e, 0x8b, 0xf7, 0x80, 0x63, + 0x35, 0x32, 0xfa, 0x26, 0xe0, 0x63, 0xbf, 0x5e, 0xaf, 0xf0, 0x08, 0xe0, + 0x80, 0x65, 0x38, 0xfa, 0x21, 0xaa, 0x91, 0x34, 0x48, 0x3d, 0x32, 0x5c, + 0xbf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x32, 0x30, 0x30, 0x30, 0x0f, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, 0x04, 0x61, + 0x2a, 0x62, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0x3d, 0x55, 0x74, 0xf8, 0x3a, 0x26, 0x03, 0x8c, 0x6a, 0x2e, + 0x91, 0x0e, 0x18, 0x70, 0xb4, 0xa4, 0xcc, 0x04, 0x00, 0xd3, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0x3b, 0xff, 0x46, 0x0c, 0xb5, + 0x21, 0xdc, 0xcf, 0x61, 0x9a, 0x25, 0x93, 0x99, 0x68, 0x2f, 0x16, 0x71, + 0x15, 0x00, 0x5f, 0xb0, 0x9b, 0x43, 0x5c, 0x47, 0xe2, 0x8e, 0xc8, 0xea, + 0xb3, 0x30, 0x4d, 0x87, 0x90, 0xcf, 0x24, 0x37, 0x5c, 0xfd, 0xc8, 0xc6, + 0x09, 0x36, 0xb2, 0xfb, 0xfd, 0xc1, 0x82, 0x92, 0x77, 0x5b, 0x9d, 0xeb, + 0xac, 0x47, 0xbc, 0xda, 0x7c, 0x89, 0x19, 0x03, 0x9e, 0xcd, 0x96, 0x2a, + 0x90, 0x55, 0x23, 0x19, 0xac, 0x9d, 0x49, 0xfb, 0xa0, 0x31, 0x7d, 0x6b, + 0x1a, 0x16, 0x13, 0xb1, 0xa9, 0xc9, 0xc4, 0xaf, 0xf1, 0xb4, 0xa7, 0x9b, + 0x08, 0x64, 0x6a, 0x09, 0xcd, 0x4a, 0x03, 0x4c, 0x93, 0xb6, 0xcf, 0x29, + 0xdb, 0x56, 0x88, 0x8e, 0xed, 0x08, 0x6d, 0x8d, 0x76, 0xa3, 0xd7, 0xc6, + 0x69, 0xa1, 0xf5, 0xd2, 0xd0, 0x0a, 0x4b, 0xfa, 0x88, 0x66, 0x6c, 0xe5, + 0x4a, 0xee, 0x13, 0xad, 0xad, 0x22, 0x25, 0x73, 0x39, 0x56, 0x74, 0x0e, + 0xda, 0xcd, 0x35, 0x67, 0xe3, 0x81, 0x5c, 0xc5, 0xae, 0x3c, 0x4f, 0x47, + 0x3e, 0x97, 0xde, 0xac, 0xf6, 0xe1, 0x26, 0xe2, 0xe0, 0x66, 0x48, 0x20, + 0x7c, 0x02, 0x81, 0x3e, 0x7d, 0x34, 0xb7, 0x73, 0x3e, 0x2e, 0xd6, 0x20, + 0x1c, 0xdf, 0xf1, 0xae, 0x86, 0x8b, 0xb2, 0xc2, 0x9b, 0x68, 0x9c, 0xf6, + 0x1a, 0x5e, 0x30, 0x06, 0x39, 0x0a, 0x1f, 0x7b, 0xd7, 0x18, 0x4b, 0x06, + 0x9d, 0xff, 0x84, 0x57, 0xcc, 0x92, 0xad, 0x81, 0x0a, 0x19, 0x11, 0xc4, + 0xac, 0x59, 0x00, 0xe8, 0x5a, 0x70, 0x78, 0xd6, 0x9f, 0xe0, 0x82, 0x2a, + 0x1f, 0x09, 0x36, 0x1c, 0x52, 0x98, 0xf7, 0x95, 0x8f, 0xf9, 0x48, 0x4f, + 0x30, 0x52, 0xb5, 0xf3, 0x8d, 0x13, 0x93, 0x27, 0xbe, 0xb4, 0x75, 0x39, + 0x65, 0xc6, 0x48, 0x4e, 0x32, 0xd7, 0xf4, 0xc3, 0x26, 0x8d + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "ab"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "acccbccc"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "accb"; + int nameLen3 = (int)(XSTRLEN(name3)); + const char *name4 = "accda"; + int nameLen4 = (int)(XSTRLEN(name4)); + const char *name5 = "acc\0bcc"; + int nameLen5 = 7; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "a*b*" matches "ab" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" matches "acccbccc" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" matches "accb" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" does not match "accda" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since + * 'a*b*' alt name does not have wildcard left-most */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + + /* Ensure that "a*b*" matches "ab", testing openssl behavior replication + * on check len input handling, 0 for len is OK as it should then use + * strlen(name1) */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, 0, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Openssl also allows for len to include NULL terminator */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1 + 1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that check string with NULL terminator in middle is + * rejected */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name5, nameLen5, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_name_match3(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name *.example.com */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xb7, 0x30, 0x82, 0x02, 0x9f, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x59, 0xbb, 0xf6, 0xde, 0xb8, 0x3d, 0x0e, 0x8c, 0xe4, + 0xbd, 0x98, 0xa3, 0xbe, 0x3e, 0x8f, 0xdc, 0xbd, 0x7f, 0xcc, 0xae, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x31, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x39, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x78, 0x16, + 0x05, 0x65, 0xf2, 0x85, 0xf2, 0x61, 0x7f, 0xb1, 0x4d, 0x73, 0xe2, 0x82, + 0xb5, 0x3d, 0xf7, 0x9d, 0x05, 0x65, 0xed, 0x9d, 0xc3, 0x29, 0x7a, 0x92, + 0x2c, 0x06, 0x5f, 0xc8, 0x13, 0x55, 0x42, 0x4e, 0xbd, 0xe2, 0x56, 0x2a, + 0x4b, 0xac, 0xe6, 0x1b, 0x10, 0xc9, 0xdb, 0x9a, 0x45, 0x36, 0xed, 0xf3, + 0x26, 0x8c, 0x22, 0x88, 0x1e, 0x6d, 0x2b, 0x41, 0xfa, 0x0d, 0x43, 0x88, + 0x88, 0xde, 0x8d, 0x2e, 0xca, 0x6e, 0x7c, 0x62, 0x66, 0x3e, 0xfa, 0x4e, + 0x71, 0xea, 0x7d, 0x3b, 0x32, 0x33, 0x5c, 0x7a, 0x7e, 0xea, 0x74, 0xbd, + 0xb6, 0x8f, 0x4c, 0x1c, 0x7a, 0x79, 0x94, 0xf1, 0xe8, 0x02, 0x67, 0x98, + 0x25, 0xb4, 0x31, 0x80, 0xc1, 0xae, 0xbf, 0xef, 0xf2, 0x6c, 0x78, 0x42, + 0xef, 0xb5, 0xc6, 0x01, 0x47, 0x79, 0x8d, 0x92, 0xce, 0xc1, 0xb5, 0x98, + 0x76, 0xf0, 0x84, 0xa2, 0x53, 0x90, 0xe5, 0x39, 0xc7, 0xbd, 0xf2, 0xbb, + 0xe3, 0x3f, 0x00, 0xf6, 0xf0, 0x46, 0x86, 0xee, 0x55, 0xbd, 0x2c, 0x1f, + 0x97, 0x24, 0x7c, 0xbc, 0xda, 0x2f, 0x1b, 0x53, 0xef, 0x26, 0x56, 0xcc, + 0xb7, 0xd8, 0xca, 0x17, 0x20, 0x4e, 0x62, 0x03, 0x66, 0x32, 0xb3, 0xd1, + 0x71, 0x26, 0x6c, 0xff, 0xd1, 0x9e, 0x44, 0x86, 0x2a, 0xae, 0xba, 0x43, + 0x00, 0x13, 0x7e, 0x50, 0xdd, 0x3e, 0x27, 0x39, 0x70, 0x1c, 0x0c, 0x0b, + 0xe8, 0xa2, 0xae, 0x03, 0x09, 0x2e, 0xd8, 0x71, 0xee, 0x7b, 0x1a, 0x09, + 0x2d, 0xe1, 0xd5, 0xde, 0xf5, 0xa3, 0x36, 0x77, 0x90, 0x97, 0x99, 0xd7, + 0x6c, 0xb7, 0x5c, 0x9d, 0xf7, 0x7e, 0x41, 0x89, 0xfe, 0xe4, 0x08, 0xc6, + 0x0b, 0xe4, 0x9b, 0x5f, 0x51, 0xa6, 0x08, 0xb8, 0x99, 0x81, 0xe9, 0xce, + 0xb4, 0x2d, 0xb2, 0x92, 0x9f, 0xe5, 0x1a, 0x98, 0x76, 0x20, 0x70, 0x54, + 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x18, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x11, 0x30, 0x0f, 0x82, 0x0d, 0x2a, + 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x60, + 0xd4, 0x26, 0xbb, 0xcc, 0x7c, 0x29, 0xa2, 0x88, 0x3c, 0x76, 0x7d, 0xb4, + 0x86, 0x8b, 0x47, 0x64, 0x5b, 0x87, 0xe0, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0xc3, 0x0d, 0x03, 0x67, 0xbb, 0x47, 0x8b, 0xf3, 0x20, + 0xdc, 0x7d, 0x2e, 0xe1, 0xd9, 0xf0, 0x01, 0xc4, 0x66, 0xc2, 0xe1, 0xcd, + 0xc3, 0x4a, 0x72, 0xf0, 0x6e, 0x38, 0xcf, 0x63, 0x01, 0x96, 0x9e, 0x84, + 0xb9, 0xce, 0x1d, 0xba, 0x4b, 0xe0, 0x70, 0x86, 0x2b, 0x5a, 0xab, 0xec, + 0xbf, 0xc2, 0xaa, 0x64, 0xa2, 0x6c, 0xd2, 0x42, 0x52, 0xd4, 0xbe, 0x8a, + 0xca, 0x9c, 0x03, 0xf3, 0xd6, 0x5f, 0xcd, 0x23, 0x9f, 0xf5, 0xa9, 0x04, + 0x40, 0x5b, 0x66, 0x78, 0xc0, 0xac, 0xa1, 0xdb, 0x5d, 0xd1, 0x94, 0xfc, + 0x47, 0x94, 0xf5, 0x45, 0xe3, 0x70, 0x13, 0x3f, 0x66, 0x6d, 0xdd, 0x73, + 0x68, 0x68, 0xe2, 0xd2, 0x89, 0xcb, 0x7f, 0xc6, 0xca, 0xd6, 0x96, 0x0b, + 0xcc, 0xdd, 0xa1, 0x74, 0xda, 0x33, 0xe8, 0x9e, 0xda, 0xb7, 0xd9, 0x12, + 0xab, 0x85, 0x9d, 0x0c, 0xde, 0xa0, 0x7d, 0x7e, 0xa1, 0x91, 0xed, 0xe5, + 0x32, 0x7c, 0xc5, 0xea, 0x1d, 0x4a, 0xb5, 0x38, 0x63, 0x17, 0xf3, 0x4f, + 0x2c, 0x4a, 0x58, 0x86, 0x09, 0x33, 0x86, 0xc4, 0xe7, 0x56, 0x6f, 0x32, + 0x71, 0xb7, 0xd0, 0x83, 0x12, 0x9e, 0x26, 0x0a, 0x3a, 0x45, 0xcb, 0xd7, + 0x4e, 0xab, 0xa4, 0xc3, 0xee, 0x4c, 0xc0, 0x38, 0xa1, 0xfa, 0xba, 0xfa, + 0xb7, 0x80, 0x69, 0x67, 0xa3, 0xef, 0x89, 0xba, 0xce, 0x89, 0x91, 0x3d, + 0x6a, 0x76, 0xe9, 0x3b, 0x32, 0x86, 0x76, 0x85, 0x6b, 0x4f, 0x7f, 0xbc, + 0x7a, 0x5b, 0x31, 0x92, 0x79, 0x35, 0xf8, 0xb9, 0xb1, 0xd7, 0xdb, 0xa9, + 0x6a, 0x8a, 0x91, 0x60, 0x65, 0xd4, 0x76, 0x54, 0x55, 0x57, 0xb9, 0x35, + 0xe0, 0xf5, 0xbb, 0x8f, 0xd4, 0x40, 0x75, 0xbb, 0x47, 0xa8, 0xf9, 0x0f, + 0xea, 0xc9, 0x6e, 0x84, 0xd5, 0xf5, 0x58, 0x2d, 0xe5, 0x76, 0x7b, 0xdf, + 0x97, 0x05, 0x5e, 0xaf, 0x50, 0xf5, 0x48 + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "foo.example.com"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "x.y.example.com"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "example.com"; + int nameLen3 = (int)(XSTRLEN(name3)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "*.example.com" matches "foo.example.com" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "*.example.com" does NOT match "x.y.example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "*.example.com" does NOT match "example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "x.y.example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_max_altnames(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) + + /* Only test if max alt names has not been modified */ +#if WOLFSSL_MAX_ALT_NAMES <= 1024 + + WOLFSSL_CTX* ctx = NULL; + /* File contains a certificate encoded with 130 subject alternative names */ + const char* over_max_altnames_cert = \ + "./certs/test/cert-over-max-altnames.pem"; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, + over_max_altnames_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), + WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_max_name_constraints(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + + /* Only test if max name constraints has not been modified */ +#if WOLFSSL_MAX_NAME_CONSTRAINTS == 128 + + WOLFSSL_CTX* ctx = NULL; + /* File contains a certificate with 130 name constraints */ + const char* over_max_nc = "./certs/test/cert-over-max-nc.pem"; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_nc, + NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); +#endif + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_check_ca(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + WOLFSSL_X509 *x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_check_ca(NULL), 0); + ExpectIntEQ(wolfSSL_X509_check_ca(x509), 1); + wolfSSL_X509_free(x509); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_check_ca(x509), 0); + if (x509 != NULL) { + x509->extKeyUsageCrit = 1; + } + ExpectIntEQ(wolfSSL_X509_check_ca(x509), 4); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_X509_get_signature_nid(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509* x509 = NULL; + + ExpectIntEQ(X509_get_signature_nid(NULL), 0); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption); + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_cmp(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE file1 = XBADFILE; + XFILE file2 = XBADFILE; + WOLFSSL_X509* cert1 = NULL; + WOLFSSL_X509* cert2 = NULL; + WOLFSSL_X509* empty = NULL; + + ExpectTrue((file1 = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectTrue((file2 = XFOPEN("./certs/3072/client-cert.pem", "rb")) != + XBADFILE); + + ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); + ExpectNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL)); + if (file1 != XBADFILE) + fclose(file1); + if (file2 != XBADFILE) + fclose(file2); + + ExpectNotNull(empty = wolfSSL_X509_new()); + + /* wolfSSL_X509_cmp() testing matching certs */ + ExpectIntEQ(0, wolfSSL_X509_cmp(cert1, cert1)); + + /* wolfSSL_X509_cmp() testing mismatched certs */ + ExpectIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2)); + + /* wolfSSL_X509_cmp() testing NULL, valid args */ + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, cert2)); + + /* wolfSSL_X509_cmp() testing valid, NULL args */ + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(cert1, NULL)); + + /* wolfSSL_X509_cmp() testing NULL, NULL args */ + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, NULL)); + + /* wolfSSL_X509_cmp() testing empty cert */ + ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(empty, cert2)); + ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(cert1, empty)); + + wolfSSL_X509_free(empty); + wolfSSL_X509_free(cert2); + wolfSSL_X509_free(cert1); +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_ossl_x509.h b/tests/api/test_ossl_x509.h new file mode 100644 index 000000000..b3f0faff8 --- /dev/null +++ b/tests/api/test_ossl_x509.h @@ -0,0 +1,90 @@ +/* test_ossl_x509.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_H +#define WOLFCRYPT_TEST_OSSL_X509_H + +#include + +int test_x509_get_key_id(void); +int test_wolfSSL_X509_get_version(void); +int test_wolfSSL_X509_cmp_time(void); +int test_wolfSSL_X509_time_adj(void); +int test_wolfSSL_X509_NID(void); +int test_wolfSSL_i2d_X509_NAME_canon(void); +int test_wolfSSL_X509_subject_name_hash(void); +int test_wolfSSL_X509_issuer_name_hash(void); +int test_wolfSSL_X509_check_host(void); +int test_wolfSSL_X509_check_email(void); +int test_wolfSSL_X509(void); +int test_wolfSSL_X509_get0_tbs_sigalg(void); +int test_wolfSSL_X509_set_name(void); +int test_wolfSSL_X509_set_notAfter(void); +int test_wolfSSL_X509_set_notBefore(void); +int test_wolfSSL_X509_set_version(void); +int test_wolfSSL_X509_get_serialNumber(void); +int test_wolfSSL_get_tbs(void); +int test_wolfSSL_X509_ext_get_critical_by_NID(void); +int test_wolfSSL_X509_CRL_distribution_points(void); +int test_wolfSSL_X509_check_ip_asc(void); +int test_wolfSSL_X509_bad_altname(void); +int test_wolfSSL_X509_name_match1(void); +int test_wolfSSL_X509_name_match2(void); +int test_wolfSSL_X509_name_match3(void); +int test_wolfSSL_X509_max_altnames(void); +int test_wolfSSL_X509_max_name_constraints(void); +int test_wolfSSL_X509_check_ca(void); +int test_X509_get_signature_nid(void); +int test_wolfSSL_X509_cmp(void); + +#define TEST_OSSL_X509_DECLS \ + TEST_DECL_GROUP("ossl_x509", test_x509_get_key_id), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_get_version), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_cmp_time), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_time_adj), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_NID), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_i2d_X509_NAME_canon), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_subject_name_hash), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_issuer_name_hash), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_check_host), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_check_email), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_get0_tbs_sigalg), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_set_name), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_set_notAfter), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_set_notBefore), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_set_version), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_get_serialNumber), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_get_tbs), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_ext_get_critical_by_NID), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_CRL_distribution_points), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_check_ip_asc), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_bad_altname), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_name_match1), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_name_match2), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_name_match3), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_max_altnames), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_max_name_constraints), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_check_ca), \ + TEST_DECL_GROUP("ossl_x509", test_X509_get_signature_nid), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_cmp) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_H */ diff --git a/tests/api/test_ossl_x509_acert.c b/tests/api/test_ossl_x509_acert.c new file mode 100644 index 000000000..5b16f8488 --- /dev/null +++ b/tests/api/test_ossl_x509_acert.c @@ -0,0 +1,535 @@ +/* test_ossl_x509_acert.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#ifdef OPENSSL_EXTRA + #include +#endif +#include +#include + +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) +/* Given acert file and its pubkey file, read them and then + * attempt to verify signed acert. + * + * If expect_pass is true, then verification should pass. + * If expect_pass is false, then verification should fail. + * */ +static int do_acert_verify_test(const char * acert_file, + const char * pkey_file, + size_t expect_pass) +{ + X509_ACERT * x509 = NULL; + EVP_PKEY * pkey = NULL; + BIO * bp = NULL; + int verify_rc = 0; + + /* First read the attribute certificate. */ + bp = BIO_new_file(acert_file, "r"); + if (bp == NULL) { + return -1; + } + + x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL); + BIO_free(bp); + bp = NULL; + + if (x509 == NULL) { + return -1; + } + + /* Next read the associated pub key. */ + bp = BIO_new_file(pkey_file, "r"); + + if (bp == NULL) { + X509_ACERT_free(x509); + x509 = NULL; + return -1; + } + + pkey = PEM_read_bio_PUBKEY(bp, &pkey, NULL, NULL); + BIO_free(bp); + bp = NULL; + + if (pkey == NULL) { + X509_ACERT_free(x509); + x509 = NULL; + return -1; + } + + /* Finally, do verification. */ + verify_rc = X509_ACERT_verify(x509, pkey); + + X509_ACERT_free(x509); + x509 = NULL; + + EVP_PKEY_free(pkey); + pkey = NULL; + + if (expect_pass && verify_rc != 1) { + return -1; + } + + if (!expect_pass && verify_rc == 1) { + return -1; + } + + return 0; +} +#endif + +int test_wolfSSL_X509_ACERT_verify(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + /* Walk over list of signed ACERTs and their pubkeys. + * All should load and pass verification. */ + const char * acerts[4] = {"certs/acert/acert.pem", + "certs/acert/acert_ietf.pem", + "certs/acert/rsa_pss/acert.pem", + "certs/acert/rsa_pss/acert_ietf.pem"}; + const char * pkeys[4] = {"certs/acert/acert_pubkey.pem", + "certs/acert/acert_ietf_pubkey.pem", + "certs/acert/rsa_pss/acert_pubkey.pem", + "certs/acert/rsa_pss/acert_ietf_pubkey.pem"}; + int rc = 0; + size_t i = 0; + size_t j = 0; + + for (i = 0; i < 4; ++i) { + for (j = i; j < 4; ++j) { + rc = do_acert_verify_test(acerts[i], pkeys[j], i == j); + + if (rc) { + fprintf(stderr, "error: %s: i = %zu, j = %zu, rc = %d\n", + "do_acert_verify_test", i, j, rc); + break; + } + } + + if (rc) { break; } + } + + ExpectIntEQ(rc, 0); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_ACERT_misc_api(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + const char * acerts[4] = {"certs/acert/acert.pem", + "certs/acert/acert_ietf.pem", + "certs/acert/rsa_pss/acert.pem", + "certs/acert/rsa_pss/acert_ietf.pem"}; + int rc = 0; + X509_ACERT * x509 = NULL; + BIO * bp = NULL; + long ver_long = 0; + int ver = 0; + int nid = 0; + const byte * raw_attr = NULL; + word32 attr_len = 0; + size_t i = 0; + int buf_len = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + + for (i = 0; i < 4; ++i) { + const char * acert_file = acerts[i]; + int is_rsa_pss = 0; + int is_ietf_acert = 0; + byte serial[64]; + int serial_len = sizeof(serial); + + XMEMSET(serial, 0, sizeof(serial)); + + is_rsa_pss = XSTRSTR(acert_file, "rsa_pss") != NULL ? 1 : 0; + is_ietf_acert = XSTRSTR(acert_file, "ietf.pem") != NULL ? 1 : 0; + + /* First read the attribute certificate. */ + bp = BIO_new_file(acert_file, "r"); + ExpectNotNull(bp); + + x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL); + ExpectNotNull(x509); + + /* We're done with the bio for now. */ + if (bp != NULL) { + BIO_free(bp); + bp = NULL; + } + + /* Check version and signature NID. */ + ver_long = X509_ACERT_get_version(x509); + ExpectIntEQ(ver_long, 1); + + ver = wolfSSL_X509_ACERT_version(x509); + ExpectIntEQ(ver, 2); + + nid = X509_ACERT_get_signature_nid(x509); + + if (is_rsa_pss) { + ExpectIntEQ(nid, NID_rsassaPss); + } + else { + ExpectIntEQ(nid, NID_sha256WithRSAEncryption); + } + + /* Get the serial number buffer. + * The ietf acert example has a 20 byte serial number. */ + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + if (is_ietf_acert) { + ExpectIntEQ(serial_len, 20); + ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); + } + else { + ExpectIntEQ(serial_len, 1); + ExpectTrue(serial[0] == 0x01); + } + + /* Repeat the same but with null serial buffer. This is ok. */ + rc = wolfSSL_X509_ACERT_get_serial_number(x509, NULL, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + if (is_ietf_acert) { + ExpectIntEQ(serial_len, 20); + } + else { + ExpectIntEQ(serial_len, 1); + ExpectTrue(serial[0] == 0x01); + } + + /* Get the attributes buffer. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + if (is_ietf_acert) { + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 65); + } + else { + /* This cert has a 237 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 237); + } + + /* Test printing acert to memory bio. */ + ExpectNotNull(bp = BIO_new(BIO_s_mem())); + rc = X509_ACERT_print(bp, x509); + ExpectIntEQ(rc, SSL_SUCCESS); + + /* Now do a bunch of invalid stuff with partially valid inputs. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, NULL); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, NULL, &attr_len); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + rc = wolfSSL_X509_ACERT_get_attr_buf(NULL, &raw_attr, &attr_len); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + ver_long = X509_ACERT_get_version(NULL); + ExpectIntEQ(ver_long, 0); + + ver = wolfSSL_X509_ACERT_version(NULL); + ExpectIntEQ(ver, 0); + + rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, NULL); + ExpectIntEQ(rc, WOLFSSL_FATAL_ERROR); + + rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, &buf_len); + ExpectIntEQ(rc, SSL_SUCCESS); + ExpectIntEQ(buf_len, 256); + + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, NULL); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + rc = X509_ACERT_print(bp, NULL); + ExpectIntEQ(rc, WOLFSSL_FAILURE); + + rc = X509_ACERT_print(NULL, x509); + ExpectIntEQ(rc, WOLFSSL_FAILURE); + + /* Finally free the acert and bio, we're done with them. */ + if (x509 != NULL) { + X509_ACERT_free(x509); + x509 = NULL; + } + + if (bp != NULL) { + BIO_free(bp); + bp = NULL; + } + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_ACERT_buffer(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + const byte acert_ietf[] = \ + "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" + "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" + "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" + "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" + "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" + "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" + "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" + "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" + "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" + "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" + "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" + "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" + "Bw==\n" + "-----END ATTRIBUTE CERTIFICATE-----\n"; + X509_ACERT * x509 = NULL; + int rc = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + byte serial[64]; + int serial_len = sizeof(serial); + const byte * raw_attr = NULL; + word32 attr_len = 0; + + x509 = wolfSSL_X509_ACERT_load_certificate_buffer_ex(acert_ietf, + sizeof(acert_ietf), + WOLFSSL_FILETYPE_PEM, + HEAP_HINT); + + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + ExpectIntEQ(serial_len, 20); + ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); + + /* Get the attributes buffer. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 65); + + ExpectNotNull(x509); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } +#endif + return EXPECT_RESULT(); +} + +/* note: when ACERT generation and signing are implemented, + * this test will be filled out appropriately. + * */ +int test_wolfSSL_X509_ACERT_new_and_sign(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + X509_ACERT * x509 = NULL; + int rc = 0; + + x509 = X509_ACERT_new(); + ExpectNotNull(x509); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } + + /* Same but with static memory hint. */ + x509 = wolfSSL_X509_ACERT_new_ex(HEAP_HINT); + ExpectNotNull(x509); + + #ifndef NO_WOLFSSL_STUB + /* ACERT sign not implemented yet. */ + if (x509 != NULL) { + rc = wolfSSL_X509_ACERT_sign(x509, NULL, NULL); + ExpectIntEQ(rc, WOLFSSL_NOT_IMPLEMENTED); + } + #else + (void) rc; + #endif /* NO_WOLFSSL_STUB */ + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } + +#endif + return EXPECT_RESULT(); +} + +/* Test ACERT support, but with ASN functions only. + * + * This example acert_ietf has both Holder IssuerSerial + * and Holder entityName fields. + * */ +int test_wolfSSL_X509_ACERT_asn(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) + const byte acert_ietf[] = \ + "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" + "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" + "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" + "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" + "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" + "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" + "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" + "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" + "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" + "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" + "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" + "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" + "Bw==\n" + "-----END ATTRIBUTE CERTIFICATE-----\n"; + int rc = 0; + int n_diff = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + byte holderIssuerName[] = {0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x02, 0x43, 0x41}; + byte holderEntityName[] = {0x31, 0x17, 0x30, 0x15, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x0e, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x2e, 0x65, 0x78, + 0x61, 0x6d, 0x70, 0x6c, 0x65}; + DerBuffer * der = NULL; + WC_DECLARE_VAR(acert, DecodedAcert, 1, 0); + + rc = wc_PemToDer(acert_ietf, sizeof(acert_ietf), ACERT_TYPE, &der, + HEAP_HINT, NULL, NULL); + + ExpectIntEQ(rc, 0); + ExpectNotNull(der); + + if (der != NULL) { + ExpectNotNull(der->buffer); + } + +#ifdef WOLFSSL_SMALL_STACK + acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), HEAP_HINT, + DYNAMIC_TYPE_DCERT); + ExpectNotNull(acert); +#else + XMEMSET(acert, 0, sizeof(DecodedAcert)); +#endif + + if (der != NULL && der->buffer != NULL +#ifdef WOLFSSL_SMALL_STACK + && acert != NULL +#endif + ) { + wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT); + rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE); + ExpectIntEQ(rc, 0); + + ExpectIntEQ(acert->serialSz, 20); + ExpectIntEQ(XMEMCMP(acert->serial, ietf_serial, sizeof(ietf_serial)), + 0); + + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(acert->rawAttr); + ExpectIntEQ(acert->rawAttrLen, 65); + + ExpectNotNull(acert->holderIssuerName); + ExpectNotNull(acert->holderEntityName); + + if ((acert->holderIssuerName != NULL) && + (acert->holderEntityName != NULL)) { + ExpectNotNull(acert->holderEntityName->name); + ExpectNotNull(acert->holderIssuerName->name); + } + if ((acert->holderIssuerName != NULL) && + (acert->holderEntityName != NULL) && + (acert->holderIssuerName->name != NULL) && + (acert->holderEntityName->name != NULL)) { + ExpectIntEQ(acert->holderIssuerName->len, + sizeof(holderIssuerName)); + ExpectIntEQ(acert->holderEntityName->len, + sizeof(holderEntityName)); + + ExpectIntEQ(acert->holderIssuerName->type, ASN_DIR_TYPE); + ExpectIntEQ(acert->holderEntityName->type, ASN_DIR_TYPE); + + n_diff = XMEMCMP(acert->holderIssuerName->name, holderIssuerName, + sizeof(holderIssuerName)); + ExpectIntEQ(n_diff, 0); + + n_diff = XMEMCMP(acert->holderEntityName->name, holderEntityName, + sizeof(holderEntityName)); + ExpectIntEQ(n_diff, 0); + } + + wc_FreeDecodedAcert(acert); + } + +#ifdef WOLFSSL_SMALL_STACK + if (acert != NULL) { + XFREE(acert, HEAP_HINT, DYNAMIC_TYPE_DCERT); + acert = NULL; + } +#endif + + if (der != NULL) { + wc_FreeDer(&der); + der = NULL; + } + +#endif + return EXPECT_RESULT(); +} + + diff --git a/tests/api/test_ossl_x509_acert.h b/tests/api/test_ossl_x509_acert.h new file mode 100644 index 000000000..0a2041b02 --- /dev/null +++ b/tests/api/test_ossl_x509_acert.h @@ -0,0 +1,40 @@ +/* test_ossl_x509_acert.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_ACERT_H +#define WOLFCRYPT_TEST_OSSL_X509_ACERT_H + +#include + +int test_wolfSSL_X509_ACERT_verify(void); +int test_wolfSSL_X509_ACERT_misc_api(void); +int test_wolfSSL_X509_ACERT_buffer(void); +int test_wolfSSL_X509_ACERT_new_and_sign(void); +int test_wolfSSL_X509_ACERT_asn(void); + +#define TEST_OSSL_X509_ACERT_DECLS \ + TEST_DECL_GROUP("ossl_x509_acert", test_wolfSSL_X509_ACERT_verify), \ + TEST_DECL_GROUP("ossl_x509_acert", test_wolfSSL_X509_ACERT_misc_api), \ + TEST_DECL_GROUP("ossl_x509_acert", test_wolfSSL_X509_ACERT_buffer), \ + TEST_DECL_GROUP("ossl_x509_acert", test_wolfSSL_X509_ACERT_new_and_sign), \ + TEST_DECL_GROUP("ossl_x509_acert", test_wolfSSL_X509_ACERT_new_and_sign) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_ACERT_H */ diff --git a/tests/api/test_ossl_x509_crypto.c b/tests/api/test_ossl_x509_crypto.c new file mode 100644 index 000000000..11c918c78 --- /dev/null +++ b/tests/api/test_ossl_x509_crypto.c @@ -0,0 +1,782 @@ +/* test_ossl_x509_crypto.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +int test_wolfSSL_X509_check_private_key(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY) && \ + !defined(NO_FILESYSTEM) + X509* x509 = NULL; + EVP_PKEY* pkey = NULL; + const byte* key; + + /* Check with correct key */ + ExpectNotNull((x509 = X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM))); + key = client_key_der_2048; + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, + (long)sizeof_client_key_der_2048)); + ExpectIntEQ(X509_check_private_key(x509, pkey), 1); + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Check with wrong key */ + key = server_key_der_2048; + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, + (long)sizeof_server_key_der_2048)); + ExpectIntEQ(X509_check_private_key(x509, pkey), 0); + + /* test for incorrect parameter */ + ExpectIntEQ(X509_check_private_key(NULL, pkey), 0); + ExpectIntEQ(X509_check_private_key(x509, NULL), 0); + ExpectIntEQ(X509_check_private_key(NULL, NULL), 0); + + EVP_PKEY_free(pkey); + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_verify(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ + defined(OPENSSL_EXTRA) + WOLFSSL_X509* ca = NULL; + WOLFSSL_X509* serv = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + unsigned char buf[2048]; + const unsigned char* pt = NULL; + int bufSz = 0; + + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, + WOLFSSL_FILETYPE_PEM)); + + ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, NULL), + WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(bufSz, 294); + + bufSz--; + ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), + WOLFSSL_SUCCESS); + bufSz = 2048; + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk); + + + ExpectNotNull(serv = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + + /* success case */ + pt = buf; + ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); + + ExpectIntEQ(i2d_PUBKEY(pkey, NULL), bufSz); + + ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + + /* fail case */ + bufSz = 2048; + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz), + WOLFSSL_SUCCESS); + pt = buf; + ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); + ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + +#ifndef NO_WOLFSSL_STUB + ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(NULL)); + ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(serv)); +#endif + + wolfSSL_EVP_PKEY_free(pkey); + + wolfSSL_FreeX509(ca); + wolfSSL_FreeX509(serv); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_sign(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN_TIME) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) + int ret = 0; + char *cn = NULL; + word32 cnSz = 0; + X509_NAME *name = NULL; + X509_NAME *emptyName = NULL; + X509 *x509 = NULL; + X509 *ca = NULL; + DecodedCert dCert; + EVP_PKEY *pub = NULL; + EVP_PKEY *priv = NULL; + EVP_MD_CTX *mctx = NULL; +#if defined(USE_CERT_BUFFERS_1024) + const unsigned char* rsaPriv = client_key_der_1024; + const unsigned char* rsaPub = client_keypub_der_1024; + const unsigned char* certIssuer = client_cert_der_1024; + long clientKeySz = (long)sizeof_client_key_der_1024; + long clientPubKeySz = (long)sizeof_client_keypub_der_1024; + long certIssuerSz = (long)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + const unsigned char* rsaPriv = client_key_der_2048; + const unsigned char* rsaPub = client_keypub_der_2048; + const unsigned char* certIssuer = client_cert_der_2048; + long clientKeySz = (long)sizeof_client_key_der_2048; + long clientPubKeySz = (long)sizeof_client_keypub_der_2048; + long certIssuerSz = (long)sizeof_client_cert_der_2048; +#endif + byte sn[16]; + int snSz = sizeof(sn); + int sigSz = 0; +#ifndef NO_WOLFSSL_STUB + const WOLFSSL_ASN1_BIT_STRING* sig = NULL; + const WOLFSSL_X509_ALGOR* alg = NULL; +#endif + + /* Set X509_NAME fields */ + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS); + + /* Get private and public keys */ + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, + clientKeySz)); + ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz)); + ExpectNotNull(x509 = X509_new()); + ExpectIntEQ(X509_sign(x509, priv, EVP_sha256()), 0); + /* Set version 3 */ + ExpectIntNE(X509_set_version(x509, 2L), 0); + /* Set subject name, add pubkey, and sign certificate */ + ExpectIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + ExpectIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS); +#ifdef WOLFSSL_ALT_NAMES + ExpectNull(wolfSSL_X509_get_next_altname(NULL)); + ExpectNull(wolfSSL_X509_get_next_altname(x509)); + + /* Add some subject alt names */ + ExpectIntNE(wolfSSL_X509_add_altname(NULL, + "ipsum", ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + NULL, ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + "sphygmomanometer", + ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + "supercalifragilisticexpialidocious", + ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch", + ASN_DNS_TYPE), SSL_SUCCESS); +#ifdef WOLFSSL_IP_ALT_NAME + { + unsigned char ip4_type[] = {127,128,0,255}; + unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab, + 0xff, 0xee, 0x99, 0x88, + 0x77, 0x66, 0x55, 0x44, + 0x00, 0x33, 0x22, 0x11}; + ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type, + sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type, + sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS); + } +#endif + + { + int i; + + if (x509 != NULL) { + x509->altNamesNext = x509->altNames; + } +#ifdef WOLFSSL_IP_ALT_NAME + /* No names in IP address. */ + ExpectNull(wolfSSL_X509_get_next_altname(x509)); + ExpectNull(wolfSSL_X509_get_next_altname(x509)); +#endif + for (i = 0; i < 3; i++) { + ExpectNotNull(wolfSSL_X509_get_next_altname(x509)); + } + ExpectNull(wolfSSL_X509_get_next_altname(x509)); +#ifdef WOLFSSL_MULTICIRCULATE_ALTNAMELIST + ExpectNotNull(wolfSSL_X509_get_next_altname(x509)); +#endif + } +#endif /* WOLFSSL_ALT_NAMES */ + + { + ASN1_UTCTIME* infinite_past = NULL; + ExpectNotNull(infinite_past = ASN1_UTCTIME_set(NULL, 0)); + ExpectIntEQ(X509_set1_notBefore(x509, infinite_past), 1); + ASN1_UTCTIME_free(infinite_past); + } + + /* test valid sign case */ + ExpectIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0); + /* test getting signature */ +#ifndef NO_WOLFSSL_STUB + wolfSSL_X509_get0_signature(&sig, &alg, x509); +#endif + ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, &sigSz), + WOLFSSL_SUCCESS); + ExpectIntGT(sigSz, 0); + ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, NULL), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, NULL), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, &sigSz), + WOLFSSL_FATAL_ERROR); + sigSz = 0; + ExpectIntEQ(wolfSSL_X509_get_signature(x509, sn, &sigSz), + WOLFSSL_FATAL_ERROR); + + /* test valid X509_sign_ctx case */ + ExpectNotNull(mctx = EVP_MD_CTX_new()); + ExpectIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1); + ExpectIntGT(X509_sign_ctx(x509, mctx), 0); + +#if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES) + ExpectIntEQ(X509_get_ext_count(x509), 1); +#endif +#if defined(WOLFSSL_ALT_NAMES) && defined(WOLFSSL_IP_ALT_NAME) + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, + "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1); +#endif + + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz), + WOLFSSL_SUCCESS); + DEBUG_WRITE_CERT_X509(x509, "signed.pem"); + + /* Variation in size depends on ASN.1 encoding when MSB is set. + * WOLFSSL_ASN_TEMPLATE code does not generate a serial number + * with the MSB set. See GenerateInteger in asn.c */ +#ifndef USE_CERT_BUFFERS_1024 +#ifndef WOLFSSL_ALT_NAMES + /* Valid case - size should be 781-786 with 16 byte serial number */ + ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz)); +#elif defined(WOLFSSL_IP_ALT_NAME) + /* Valid case - size should be 955-960 with 16 byte serial number */ + ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz)); +#else + /* Valid case - size should be 926-931 with 16 byte serial number */ + ExpectTrue((910 + snSz <= ret) && (ret <= 910 + 5 + snSz)); +#endif +#else +#ifndef WOLFSSL_ALT_NAMES + /* Valid case - size should be 537-542 with 16 byte serial number */ + ExpectTrue((521 + snSz <= ret) && (ret <= 521 + 5 + snSz)); +#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + /* Valid case - size should be 695-670 with 16 byte serial number */ + ExpectTrue((679 + snSz <= ret) && (ret <= 679 + 5 + snSz)); +#else + /* Valid case - size should be 666-671 with 16 byte serial number */ + ExpectTrue((650 + snSz <= ret) && (ret <= 650 + 5 + snSz)); +#endif +#endif + /* check that issuer name is as expected after signature */ + InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0); + ExpectIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0); + + ExpectNotNull(emptyName = X509_NAME_new()); + ExpectNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz)); + ExpectIntEQ(wolfSSL_X509_get_isCA(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_isCA(ca), 1); + ExpectNotNull(name = X509_get_subject_name(ca)); + ExpectIntEQ(X509_NAME_get_sz(NULL), WOLFSSL_FATAL_ERROR); + ExpectIntGT(cnSz = X509_NAME_get_sz(name), 0); + ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); + ExpectNull(X509_NAME_oneline(NULL, cn, (int)cnSz)); + ExpectPtrEq(X509_NAME_oneline(name, cn, 0), cn); + ExpectPtrEq(X509_NAME_oneline(emptyName, cn, (int)cnSz), cn); + ExpectNull(X509_NAME_oneline(emptyName, NULL, 0)); + ExpectPtrEq(X509_NAME_oneline(name, cn, (int)cnSz), cn); + ExpectIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn))); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + cn = NULL; + +#if defined(XSNPRINTF) + ExpectNull(wolfSSL_X509_get_name_oneline(NULL, NULL, 0)); + ExpectNotNull(cn = wolfSSL_X509_get_name_oneline(name, NULL, 0)); + ExpectIntGT((int)(cnSz = (word32)XSTRLEN(cn) + 1), 0); + ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn); + ExpectNull(wolfSSL_X509_get_name_oneline(NULL, cn, (int)cnSz)); + ExpectNull(wolfSSL_X509_get_name_oneline(name, cn, cnSz - 1)); + ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn); + ExpectPtrEq(wolfSSL_X509_get_name_oneline(emptyName, cn, (int)cnSz), cn); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + cn = NULL; +#endif + X509_NAME_free(emptyName); + +#ifdef WOLFSSL_MULTI_ATTRIB + /* test adding multiple OU's to the signer */ + ExpectNotNull(name = X509_get_subject_name(ca)); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, + (byte*)"OU1", 3, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, + (byte*)"OU2", 3, -1, 0), SSL_SUCCESS); + ExpectIntGT(X509_sign(ca, priv, EVP_sha256()), 0); +#endif + + ExpectNotNull(name = X509_get_subject_name(ca)); + ExpectIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS); + + ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); + ExpectNotNull(name = X509_get_issuer_name(x509)); + cnSz = X509_NAME_get_sz(name); + ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); + ExpectNotNull(cn = X509_NAME_oneline(name, cn, (int)cnSz)); + /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */ + ExpectIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer))); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + cn = NULL; + + FreeDecodedCert(&dCert); + + /* Test invalid parameters */ + ExpectIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0); + ExpectIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0); + ExpectIntEQ(X509_sign(x509, priv, NULL), 0); + + ExpectIntEQ(X509_sign_ctx(NULL, mctx), 0); + EVP_MD_CTX_free(mctx); + mctx = NULL; + ExpectNotNull(mctx = EVP_MD_CTX_new()); + ExpectIntEQ(X509_sign_ctx(x509, mctx), 0); + ExpectIntEQ(X509_sign_ctx(x509, NULL), 0); + + /* test invalid version number */ +#if defined(OPENSSL_ALL) + ExpectIntNE(X509_set_version(x509, 6L), 0); + ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); + + /* uses ParseCert which fails on bad version number */ + ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + + EVP_MD_CTX_free(mctx); + EVP_PKEY_free(priv); + EVP_PKEY_free(pub); + X509_free(x509); + X509_free(ca); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_sign2(void) +{ + EXPECT_DECLS; + /* test requires WOLFSSL_AKID_NAME to match expected output */ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_AKID_NAME) && \ + (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_IP_ALT_NAME)) + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + const unsigned char *der = NULL; + const unsigned char *pt = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME *name = NULL; + int derSz; +#ifndef NO_ASN_TIME + WOLFSSL_ASN1_TIME *notBefore = NULL; + WOLFSSL_ASN1_TIME *notAfter = NULL; + + const int year = 365*24*60*60; + const int day = 24*60*60; + const int hour = 60*60; + const int mini = 60; + time_t t; +#endif + + const unsigned char expected[] = { + 0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x6B, 0x61, 0x49, 0x45, 0xFF, 0x4A, 0xD1, 0x54, 0x16, + 0xB4, 0x35, 0x37, 0xC4, 0x98, 0x5D, 0xA9, 0xF6, 0x67, 0x60, 0x91, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, + 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, + 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30, + 0x30, 0x5A, 0x17, 0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30, + 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, + 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, + 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, + 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, + 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, + 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, + 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, + 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, + 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, + 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, + 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5, + 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, + 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, + 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, + 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, + 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, + 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, + 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, + 0x24, 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, + 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, + 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9, + 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, + 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, + 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, + 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, 0x30, 0x82, 0x01, 0x4B, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, + 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, + 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, + 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, + 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDE, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, + 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, + 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, + 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, + 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, + 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, + 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, + 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x82, 0x14, 0x6B, 0x61, 0x49, 0x45, 0xFF, 0x4A, 0xD1, 0x54, + 0x16, 0xB4, 0x35, 0x37, 0xC4, 0x98, 0x5D, 0xA9, 0xF6, 0x67, 0x60, 0x91, + 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, + 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x2F, 0x9F, 0x83, 0x05, 0x15, 0x1E, 0x5D, 0x7C, 0x22, + 0x12, 0x20, 0xEE, 0x07, 0x35, 0x25, 0x39, 0xDD, 0x34, 0x06, 0xD3, 0x89, + 0x31, 0x51, 0x8B, 0x9A, 0xE5, 0xE8, 0x60, 0x30, 0x07, 0x7A, 0xBB, 0x17, + 0xB9, 0x54, 0x72, 0x83, 0xA2, 0x1F, 0x62, 0xE0, 0x18, 0xAC, 0x93, 0x5E, + 0x63, 0xC7, 0xDD, 0x12, 0x58, 0x96, 0xC7, 0x90, 0x8B, 0x12, 0x50, 0xD2, + 0x60, 0x0E, 0x24, 0x07, 0x53, 0x55, 0xD7, 0x8E, 0xC9, 0x56, 0x12, 0x28, + 0xD8, 0xFD, 0x47, 0xE3, 0x13, 0xFB, 0x3C, 0xD6, 0x3D, 0x82, 0x09, 0x7E, + 0x10, 0x19, 0xE1, 0xCD, 0xCC, 0x4C, 0x78, 0xDF, 0xE5, 0xFB, 0x2C, 0x8C, + 0x88, 0xF7, 0x5B, 0x99, 0x93, 0xC6, 0xC7, 0x22, 0xA5, 0xFA, 0x76, 0x6C, + 0xE9, 0xBC, 0x69, 0xBA, 0x02, 0x82, 0x18, 0xAF, 0x47, 0xD0, 0x9C, 0x5F, + 0xED, 0xAE, 0x5A, 0x95, 0x59, 0x78, 0x86, 0x24, 0x22, 0xB6, 0x81, 0x03, + 0x58, 0x9A, 0x14, 0x93, 0xDC, 0x24, 0x58, 0xF3, 0xD2, 0x6C, 0x8E, 0xD2, + 0x6D, 0x8B, 0xE8, 0x4E, 0xC6, 0xA0, 0x2B, 0x0D, 0xDB, 0x1A, 0x76, 0x28, + 0xA9, 0x8D, 0xFB, 0x51, 0xA6, 0xF0, 0x82, 0x30, 0xEE, 0x78, 0x1C, 0x71, + 0xA8, 0x11, 0x8A, 0xA5, 0xC3, 0x91, 0xAB, 0x9A, 0x46, 0xFF, 0x8D, 0xCD, + 0x82, 0x3F, 0x5D, 0xB6, 0x28, 0x46, 0x6D, 0x66, 0xE2, 0xEE, 0x1E, 0x82, + 0x0D, 0x1A, 0x74, 0x87, 0xFB, 0xFD, 0x96, 0x26, 0x50, 0x09, 0xEC, 0xA7, + 0x73, 0x89, 0x43, 0x3B, 0x42, 0x2D, 0xA9, 0x6B, 0x0F, 0x61, 0x81, 0x97, + 0x11, 0x71, 0xF9, 0xDB, 0x9B, 0x69, 0x4B, 0x6E, 0xD3, 0x7D, 0xDA, 0xC6, + 0x61, 0x9F, 0x39, 0x87, 0x53, 0x52, 0xA8, 0x4D, 0xAD, 0x80, 0x29, 0x6C, + 0x19, 0xF0, 0x8D, 0xB1, 0x0D, 0x4E, 0xFB, 0x1B, 0xB7, 0xF1, 0x85, 0x49, + 0x08, 0x2A, 0x94, 0xD0, 0x4E, 0x0B, 0x8F + }; + + pt = ca_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, + sizeof_ca_key_der_2048)); + + pt = client_cert_der_2048; + ExpectNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt, + sizeof_client_cert_der_2048)); + + pt = ca_cert_der_2048; + ExpectNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + +#ifndef NO_ASN_TIME + t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; + ExpectNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); + ExpectNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); + ExpectIntEQ(notAfter->length, 13); + + ExpectTrue(wolfSSL_X509_set_notBefore(x509, notBefore)); + ExpectTrue(wolfSSL_X509_set1_notBefore(x509, notBefore)); + ExpectTrue(wolfSSL_X509_set_notAfter(x509, notAfter)); + ExpectTrue(wolfSSL_X509_set1_notAfter(x509, notAfter)); +#endif + + ExpectNull(wolfSSL_X509_notBefore(NULL)); + ExpectNotNull(wolfSSL_X509_notBefore(x509)); + ExpectNull(wolfSSL_X509_notAfter(NULL)); + ExpectNotNull(wolfSSL_X509_notAfter(x509)); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + + ExpectIntEQ(derSz, sizeof(expected)); +#ifndef NO_ASN_TIME + ExpectIntEQ(XMEMCMP(der, expected, derSz), 0); +#endif + wolfSSL_X509_free(ca); + wolfSSL_X509_free(x509); + wolfSSL_EVP_PKEY_free(priv); +#ifndef NO_ASN_TIME + wolfSSL_ASN1_TIME_free(notBefore); + wolfSSL_ASN1_TIME_free(notAfter); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_make_cert(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) + int ret = 0; + Cert cert; + CertName name; + RsaKey key; + WC_RNG rng; + byte der[FOURK_BUF]; + word32 idx = 0; + const byte mySerial[8] = {1,2,3,4,5,6,7,8}; + +#ifdef OPENSSL_EXTRA + const unsigned char* pt = NULL; + int certSz = 0; + X509* x509 = NULL; + X509_NAME* x509name = NULL; + X509_NAME_ENTRY* entry = NULL; + ASN1_STRING* entryValue = NULL; +#endif + + XMEMSET(&name, 0, sizeof(CertName)); + + /* set up cert name */ + XMEMCPY(name.country, "US", sizeof("US")); + name.countryEnc = CTC_PRINTABLE; + XMEMCPY(name.state, "Oregon", sizeof("Oregon")); + name.stateEnc = CTC_UTF8; + XMEMCPY(name.locality, "Portland", sizeof("Portland")); + name.localityEnc = CTC_UTF8; + XMEMCPY(name.sur, "Test", sizeof("Test")); + name.surEnc = CTC_UTF8; + XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL")); + name.orgEnc = CTC_UTF8; + XMEMCPY(name.unit, "Development", sizeof("Development")); + name.unitEnc = CTC_UTF8; + XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); + name.commonNameEnc = CTC_UTF8; + XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); + name.serialDevEnc = CTC_PRINTABLE; + XMEMCPY(name.userId, "TestUserID", sizeof("TestUserID")); + name.userIdEnc = CTC_PRINTABLE; +#ifdef WOLFSSL_MULTI_ATTRIB + #if CTC_MAX_ATTRIB > 2 + { + NameAttrib* n; + n = &name.name[0]; + n->id = ASN_DOMAIN_COMPONENT; + n->type = CTC_UTF8; + n->sz = sizeof("com"); + XMEMCPY(n->value, "com", sizeof("com")); + + n = &name.name[1]; + n->id = ASN_DOMAIN_COMPONENT; + n->type = CTC_UTF8; + n->sz = sizeof("wolfssl"); + XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); + } + #endif +#endif /* WOLFSSL_MULTI_ATTRIB */ + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); +#else + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + + /* load test RSA key */ + idx = 0; +#if defined(USE_CERT_BUFFERS_1024) + ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key, + sizeof_server_key_der_1024), 0); +#elif defined(USE_CERT_BUFFERS_2048) + ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, + sizeof_server_key_der_2048), 0); +#else + /* error case, no RSA key loaded, happens later */ + (void)idx; +#endif + + XMEMSET(&cert, 0 , sizeof(Cert)); + ExpectIntEQ(wc_InitCert(&cert), 0); + + XMEMCPY(&cert.subject, &name, sizeof(CertName)); + XMEMCPY(cert.serial, mySerial, sizeof(mySerial)); + cert.serialSz = (int)sizeof(mySerial); + cert.isCA = 1; +#ifndef NO_SHA256 + cert.sigType = CTC_SHA256wRSA; +#else + cert.sigType = CTC_SHAwRSA; +#endif + + /* add SKID from the Public Key */ + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0); + + /* add AKID from the Public Key */ + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0); + + ret = 0; + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + ExpectIntGT(ret, 0); + +#ifdef OPENSSL_EXTRA + /* der holds a certificate with DC's now check X509 parsing of it */ + certSz = ret; + pt = der; + ExpectNotNull(x509 = d2i_X509(NULL, &pt, certSz)); + ExpectNotNull(x509name = X509_get_subject_name(x509)); +#ifdef WOLFSSL_MULTI_ATTRIB + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + -1)), 5); + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + (int)idx)), 6); + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + (int)idx)), -1); +#endif /* WOLFSSL_MULTI_ATTRIB */ + + /* compare DN at index 0 */ + ExpectNotNull(entry = X509_NAME_get_entry(x509name, 0)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectIntEQ(ASN1_STRING_length(entryValue), 2); + ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "US"); + +#ifndef WOLFSSL_MULTI_ATTRIB + /* compare Serial Number */ + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_serialNumber, + -1)), 7); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectIntEQ(ASN1_STRING_length(entryValue), XSTRLEN("wolfSSL12345")); + ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "wolfSSL12345"); +#endif + +#ifdef WOLFSSL_MULTI_ATTRIB + /* get first and second DC and compare result */ + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + -1)), 5); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "com"); + + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + (int)idx)), 6); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl"); +#endif /* WOLFSSL_MULTI_ATTRIB */ + + ExpectNull(X509_NAME_get_entry(NULL, 0)); + /* try invalid index locations for regression test and sanity check */ + ExpectNull(X509_NAME_get_entry(x509name, 11)); + ExpectNull(X509_NAME_get_entry(x509name, 20)); + + X509_free(x509); +#endif /* OPENSSL_EXTRA */ + + wc_FreeRsaKey(&key); + wc_FreeRng(&rng); +#endif + return EXPECT_RESULT(); +} + + diff --git a/tests/api/test_ossl_x509_crypto.h b/tests/api/test_ossl_x509_crypto.h new file mode 100644 index 000000000..68fd39108 --- /dev/null +++ b/tests/api/test_ossl_x509_crypto.h @@ -0,0 +1,40 @@ +/* test_ossl_x509_crypto.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_CRYPTO_H +#define WOLFCRYPT_TEST_OSSL_X509_CRYPTO_H + +#include + +int test_wolfSSL_X509_check_private_key(void); +int test_wolfSSL_X509_verify(void); +int test_wolfSSL_X509_sign(void); +int test_wolfSSL_X509_sign2(void); +int test_wolfSSL_make_cert(void); + +#define TEST_OSSL_X509_CRYPTO_DECLS \ + TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_check_private_key), \ + TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_verify), \ + TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_sign), \ + TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_sign2), \ + TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_make_cert) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_CRYPTO_H */ diff --git a/tests/api/test_ossl_x509_ext.c b/tests/api/test_ossl_x509_ext.c new file mode 100644 index 000000000..0a1218650 --- /dev/null +++ b/tests/api/test_ossl_x509_ext.c @@ -0,0 +1,1551 @@ +/* test_ossl_x509_ext.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#ifdef OPENSSL_EXTRA + #include +#endif +#include +#include + + +int test_wolfSSL_X509_get_extension_flags(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE f = XBADFILE; + X509* x509 = NULL; + unsigned int extFlags; + unsigned int keyUsageFlags; + unsigned int extKeyUsageFlags; + + ExpectIntEQ(X509_get_extension_flags(NULL), 0); + ExpectIntEQ(X509_get_key_usage(NULL), 0); + ExpectIntEQ(X509_get_extended_key_usage(NULL), 0); + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(X509_get_extension_flags(x509), 0); + ExpectIntEQ(X509_get_key_usage(x509), -1); + ExpectIntEQ(X509_get_extended_key_usage(x509), 0); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* client-int-cert.pem has the following extension flags. */ + extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE; + /* and the following key usage flags. */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_NON_REPUDIATION + | KU_KEY_ENCIPHERMENT; + /* and the following extended key usage flags. */ + extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME; + + ExpectTrue((f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb")) != + XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(X509_get_extension_flags(x509), extFlags); + ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); + ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); + X509_free(x509); + x509 = NULL; + + /* client-cert-ext.pem has the following extension flags. */ + extFlags = EXFLAG_KUSAGE; + /* and the following key usage flags. */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_KEY_CERT_SIGN + | KU_CRL_SIGN; + + ExpectTrue((f = fopen("./certs/client-cert-ext.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + ExpectIntEQ(X509_get_extension_flags(x509), extFlags); + ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); + X509_free(x509); +#endif /* OPENSSL_ALL */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_ext(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + int ret = 0; + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* foundExtension; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); + + /* wolfSSL_X509_get_ext() valid input */ + ExpectNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0)); + + /* wolfSSL_X509_get_ext() valid x509, idx out of bounds */ + ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, -1)); + ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, 100)); + + /* wolfSSL_X509_get_ext() NULL x509, idx out of bounds */ + ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1)); + ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100)); + + /* wolfSSL_X509_get_ext() NULL x509, valid idx */ + ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0)); + + ExpectNull(wolfSSL_X509_get0_extensions(NULL)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_ext_by_NID(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + int rc = 0; + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + ASN1_OBJECT* obj = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1), + WOLFSSL_FATAL_ERROR); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, + -1), 0); + ExpectIntGE(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, 20), + -1); + + /* Start search from last location (should fail) */ + ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, + rc), -1); + + ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, + -2), -1); + + ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, + -1), -1); + + ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1), -1); + + /* NID_ext_key_usage, check also its nid and oid */ + ExpectIntGT(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_ext_key_usage, -1), + -1); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(wolfSSL_X509_get_ext( + x509, rc))); + ExpectIntEQ(obj->nid, NID_ext_key_usage); + ExpectIntEQ(obj->type, EXT_KEY_USAGE_OID); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_ext_subj_alt_name(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + int rc = 0; + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_STRING* sanString = NULL; + byte* sanDer = NULL; + + const byte expectedDer[] = { + 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, + 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01}; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectIntNE(rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1), -1); + ExpectNotNull(ext = X509_get_ext(x509, rc)); + ExpectNotNull(sanString = X509_EXTENSION_get_data(ext)); + ExpectIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer)); + ExpectNotNull(sanDer = ASN1_STRING_data(sanString)); + ExpectIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_ext(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + XFILE f = XBADFILE; + int loc; + + ExpectNull(wolfSSL_X509_set_ext(NULL, 0)); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + /* Location too small. */ + ExpectNull(wolfSSL_X509_set_ext(x509, -1)); + /* Location too big. */ + ExpectNull(wolfSSL_X509_set_ext(x509, 1)); + /* No DER encoding. */ + ExpectNull(wolfSSL_X509_set_ext(x509, 0)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + } + for (loc = 0; loc < wolfSSL_X509_get_ext_count(x509); loc++) { + ExpectNotNull(wolfSSL_X509_set_ext(x509, loc)); + } + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) +static int test_X509_add_basic_constraints(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte basicConsObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x13 }; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + ASN1_INTEGER* pathLen = NULL; + + p = basicConsObj; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, + sizeof(basicConsObj))); + if (obj != NULL) { + obj->type = NID_basic_constraints; + } + ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new()); + if (pathLen != NULL) { + pathLen->length = 2; + } + if (obj != NULL) { + obj->ca = 0; + } + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + if (ext != NULL && ext->obj != NULL) { + ext->obj->ca = 0; + ext->obj->pathlen = pathLen; + } + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->isCa, 0); + ExpectIntEQ(x509->pathLength, 2); + if (ext != NULL && ext->obj != NULL) { + /* Add second time to without path length. */ + ext->obj->ca = 1; + ext->obj->pathlen = NULL; + } + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->isCa, 1); + ExpectIntEQ(x509->pathLength, 2); + ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(x509), 1); + ExpectIntEQ(wolfSSL_X509_get_pathLength(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_pathLength(x509), 2); + + wolfSSL_ASN1_INTEGER_free(pathLen); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_X509_add_key_usage(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f }; + const byte data[] = { 0x04, 0x02, 0x01, 0x80 }; + const byte emptyData[] = { 0x04, 0x00 }; + const char* strData = "digitalSignature,keyCertSign"; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_key_usage; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + /* No Data - no change. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->keyUsage, KEYUSE_DECIPHER_ONLY | KEYUSE_ENCIPHER_ONLY); + + /* Add second time with string to interpret. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->keyUsage, KEYUSE_DIGITAL_SIG | KEYUSE_KEY_CERT_SIGN); + + /* Empty data. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + p = emptyData; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, + (long)sizeof(emptyData))); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + /* Invalid string to parse. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_X509_add_ext_key_usage(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 }; + const byte data[] = { 0x04, 0x01, 0x01 }; + const byte emptyData[] = { 0x04, 0x00 }; + const char* strData = "serverAuth,codeSigning"; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_ext_key_usage; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + /* No Data - no change. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_ANY); + + /* Add second time with string to interpret. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_SERVER_AUTH | EXTKEYUSE_CODESIGN); + + /* Empty data. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + p = emptyData; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, + (long)sizeof(emptyData))); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + /* Invalid string to parse. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_x509_add_auth_key_id(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 }; + const byte data[] = { + 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80, 0x14, + 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, + 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, + 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a, 0xa4, + 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, + 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, + 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, + 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, + 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x14, 0x33, 0x44, 0x1a, 0xa8, 0x6c, + 0x01, 0xec, 0xf6, 0x60, 0xf2, 0x70, 0x51, 0x0a, + 0x4c, 0xd1, 0x14, 0xfa, 0xbc, 0xe9, 0x44 + }; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_authority_key_identifier; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + /* Add second time with string to interpret. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_x509_add_subj_key_id(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e }; + const byte data[] = { + 0x04, 0x16, 0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9, + 0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8, 0xd0, 0x3b, + 0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c + }; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_subject_key_identifier; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + /* Add second time with string to interpret. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} +#endif + +int test_wolfSSL_X509_add_ext(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext_empty = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* data = NULL; + const byte* p; + const byte subjAltNameObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 }; + const byte subjAltName[] = { + 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01 + }; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + + /* Create extension: Subject Alternative Name */ + ExpectNotNull(ext_empty = wolfSSL_X509_EXTENSION_new()); + p = subjAltName; + ExpectNotNull(data = d2i_ASN1_OCTET_STRING(NULL, &p, + (long)sizeof(subjAltName))); + p = subjAltNameObj; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, + sizeof(subjAltNameObj))); + if (obj != NULL) { + obj->type = NID_subject_alt_name; + } + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, data), WOLFSSL_SUCCESS); + + /* Failure cases. */ + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext_empty, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Add: Subject Alternative Name */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + /* Add second time to ensure no memory leaks. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + wolfSSL_X509_EXTENSION_free(ext); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_ASN1_STRING_free(data); + wolfSSL_X509_EXTENSION_free(ext_empty); + + EXPECT_TEST(test_X509_add_basic_constraints(x509)); + EXPECT_TEST(test_X509_add_key_usage(x509)); + EXPECT_TEST(test_X509_add_ext_key_usage(x509)); + EXPECT_TEST(test_x509_add_auth_key_id(x509)); + EXPECT_TEST(test_x509_add_subj_key_id(x509)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_ext_count(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + int ret = 0; + WOLFSSL_X509* x509 = NULL; + const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem"; + XFILE f = XBADFILE; + + /* NULL parameter check */ + ExpectIntEQ(X509_get_ext_count(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(X509_get_ext_count(x509), 5); + wolfSSL_X509_free(x509); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(X509_get_ext_count(x509), 5); + wolfSSL_X509_free(x509); + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + /* wolfSSL_X509_get_ext_count() valid input */ + ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +/* Tests X509v3_get_ext_count, X509v3_get_ext_by_NID, and X509v3_get_ext + * working with a stack retrieved from wolfSSL_X509_get0_extensions(). + */ +int test_wolfSSL_X509_stack_extensions(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + const WOLFSSL_STACK* ext_stack = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + int idx = -1; + int count = 0; + XFILE f = XBADFILE; + + /* Load a certificate */ + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + /* Get the stack of extensions */ + ExpectNotNull(ext_stack = wolfSSL_X509_get0_extensions(x509)); + + /* Test X509v3_get_ext_count */ + ExpectIntGT((count = X509v3_get_ext_count(ext_stack)), 0); + + /* Test X509v3_get_ext_by_NID - find Basic Constraints extension */ + ExpectIntGE((idx = X509v3_get_ext_by_NID(ext_stack, NID_basic_constraints, + -1)), 0); + + /* Test X509v3_get_ext - get extension by index */ + ExpectNotNull(ext = X509v3_get_ext(ext_stack, idx)); + + /* Verify that the extension is the correct one */ + ExpectIntEQ(wolfSSL_OBJ_obj2nid(wolfSSL_X509_EXTENSION_get_object(ext)), + NID_basic_constraints); + + /* Test negative cases */ + ExpectIntEQ(X509v3_get_ext_by_NID(NULL, NID_basic_constraints, -1), + WOLFSSL_FATAL_ERROR); + ExpectNull(X509v3_get_ext(NULL, 0)); + ExpectNull(X509v3_get_ext(ext_stack, -1)); + ExpectNull(X509v3_get_ext(ext_stack, count)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_new(void) +{ + EXPECT_DECLS; +#if defined (OPENSSL_ALL) + WOLFSSL_X509_EXTENSION* ext = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new()); + + wolfSSL_X509_EXTENSION_free(NULL); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_dup(void) +{ + EXPECT_DECLS; +#if defined (OPENSSL_ALL) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* dup = NULL; + + ExpectNull(wolfSSL_X509_EXTENSION_dup(NULL)); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext)); + + wolfSSL_X509_EXTENSION_free(dup); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_get_object(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* dup = NULL; + WOLFSSL_ASN1_OBJECT* o = NULL; + XFILE file = XBADFILE; + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + + /* wolfSSL_X509_EXTENSION_get_object() testing ext idx 0 */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + ExpectNull(wolfSSL_X509_EXTENSION_get_object(NULL)); + ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ(o->nid, SUBJ_KEY_OID); + ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext)); + wolfSSL_X509_EXTENSION_free(dup); + + /* wolfSSL_X509_EXTENSION_get_object() NULL argument */ + ExpectNull(o = wolfSSL_X509_EXTENSION_get_object(NULL)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_get_data(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + XFILE file = XBADFILE; +#ifndef WOLFSSL_OLD_EXTDATA_FMT + const byte ext_data[] = { + 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, + 0x84, 0xE2, 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, + 0x42, 0xCA, 0x1F, 0x0E, 0x8E, 0x3C, + }; +#endif + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + + ExpectNull(str = wolfSSL_X509_EXTENSION_get_data(NULL)); + ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); + +#ifndef WOLFSSL_OLD_EXTDATA_FMT + ExpectIntEQ(str->length, sizeof (ext_data)); + ExpectBufEQ(str->data, ext_data, sizeof (ext_data)); +#endif + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_get_critical(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + XFILE file = XBADFILE; + int crit = 0; + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + + ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_create_by_OBJ(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE file = XBADFILE; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509* empty = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* ext2 = NULL; + WOLFSSL_X509_EXTENSION* ext3 = NULL; + WOLFSSL_ASN1_OBJECT* o = NULL; + int crit = 0; + WOLFSSL_ASN1_STRING* str = NULL; + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + + ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0); + ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); + + ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, NULL)); + ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, 0, NULL)); + ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, str)); + ExpectNotNull(ext2 = wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, crit, + str)); + ExpectNotNull(ext3 = wolfSSL_X509_EXTENSION_create_by_OBJ(ext2, o, crit, + str)); + if (ext3 == NULL) { + wolfSSL_X509_EXTENSION_free(ext2); + } + wolfSSL_X509_EXTENSION_free(ext3); + + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, o, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, o, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + wolfSSL_X509_free(empty); + empty = NULL; + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, -2), 0); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, 0), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_set_ctx(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ + defined(HAVE_CRL) + WOLFSSL_X509V3_CTX ctx; + WOLFSSL_X509* issuer = NULL; + WOLFSSL_X509* subject = NULL; + WOLFSSL_X509 req; + WOLFSSL_X509_CRL crl; + + XMEMSET(&ctx, 0, sizeof(ctx)); + ExpectNotNull(issuer = wolfSSL_X509_new()); + ExpectNotNull(subject = wolfSSL_X509_new()); + XMEMSET(&req, 0, sizeof(req)); + XMEMSET(&crl, 0, sizeof(crl)); + + wolfSSL_X509V3_set_ctx(NULL, NULL, NULL, NULL, NULL, 0); + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, issuer, NULL, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, subject, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, &req, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, &crl, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 1); + /* X509 allocated in context results in 'failure' (but not return). */ + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + + wolfSSL_X509_free(subject); + wolfSSL_X509_free(issuer); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_get(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE f = XBADFILE; + int numOfExt =0; + int extNid = 0; + int i = 0; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + const WOLFSSL_v3_ext_method* method = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + /* No object in extension. */ + ExpectNull(wolfSSL_X509V3_EXT_get(ext)); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + /* NID is zero. */ + ExpectNull(wolfSSL_X509V3_EXT_get(ext)); + /* NID is not known. */ + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = 1; + } + ExpectNull(wolfSSL_X509V3_EXT_get(ext)); + + /* NIDs not in certificate. */ + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = NID_certificate_policies; + } + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectIntEQ(method->ext_nid, NID_certificate_policies); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = NID_crl_distribution_points; + } + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectIntEQ(method->ext_nid, NID_crl_distribution_points); + + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + ext = NULL; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + /* wolfSSL_X509V3_EXT_get() return struct and nid test */ + ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); + for (i = 0; i < numOfExt; i++) { + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectIntNE((extNid = ext->obj->nid), NID_undef); + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectIntEQ(method->ext_nid, extNid); + if (EXPECT_SUCCESS()) { + if (method->ext_nid == NID_subject_key_identifier) { + ExpectNotNull(method->i2s); + } + } + } + + /* wolfSSL_X509V3_EXT_get() NULL argument test */ + ExpectNull(method = wolfSSL_X509V3_EXT_get(NULL)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_nconf(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + const char *ext_names[] = { + "subjectKeyIdentifier", + "authorityKeyIdentifier", + "subjectAltName", + "keyUsage", + "extendedKeyUsage", + }; + size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names); + int ext_nids[] = { + NID_subject_key_identifier, + NID_authority_key_identifier, + NID_subject_alt_name, + NID_key_usage, + NID_ext_key_usage, + }; + size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids); + const char *ext_values[] = { + "hash", + "hash", + "DNS:example.com, IP:127.0.0.1", + "digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment," + "keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly", + "serverAuth,clientAuth,codeSigning,emailProtection,timeStamping," + "OCSPSigning", + }; + size_t i; + X509_EXTENSION* ext = NULL; + X509* x509 = NULL; + unsigned int keyUsageFlags; + unsigned int extKeyUsageFlags; + WOLFSSL_CONF conf; + WOLFSSL_X509V3_CTX ctx; +#ifndef NO_WOLFSSL_STUB + WOLFSSL_LHASH lhash; +#endif + + ExpectNotNull(x509 = X509_new()); + ExpectNull(X509V3_EXT_nconf(NULL, NULL, ext_names[0], NULL)); + ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[0], NULL)); + ExpectNull(X509V3_EXT_nconf(NULL, NULL, "", ext_values[0])); + ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, 0, ext_values[0])); + + /* conf and ctx ignored. */ + ExpectNull(X509V3_EXT_nconf_nid(&conf, NULL, 0, ext_values[0])); + ExpectNull(X509V3_EXT_nconf_nid(NULL , &ctx, 0, ext_values[0])); + ExpectNull(X509V3_EXT_nconf_nid(&conf, &ctx, 0, ext_values[0])); + + /* keyUsage / extKeyUsage should match string above */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_NON_REPUDIATION + | KU_KEY_ENCIPHERMENT + | KU_DATA_ENCIPHERMENT + | KU_KEY_AGREEMENT + | KU_KEY_CERT_SIGN + | KU_CRL_SIGN + | KU_ENCIPHER_ONLY + | KU_DECIPHER_ONLY; + extKeyUsageFlags = XKU_SSL_CLIENT + | XKU_SSL_SERVER + | XKU_CODE_SIGN + | XKU_SMIME + | XKU_TIMESTAMP + | XKU_OCSP_SIGN; + + for (i = 0; i < ext_names_count; i++) { + ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], + ext_values[i])); + X509_EXTENSION_free(ext); + ext = NULL; + } + + for (i = 0; i < ext_nids_count; i++) { + ExpectNotNull(ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i], + ext_values[i])); + X509_EXTENSION_free(ext); + ext = NULL; + } + + /* Test adding extension to X509 */ + for (i = 0; i < ext_nids_count; i++) { + ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], + ext_values[i])); + ExpectIntEQ(X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + if (ext_nids[i] == NID_key_usage) { + ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); + } + else if (ext_nids[i] == NID_ext_key_usage) { + ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); + } + X509_EXTENSION_free(ext); + ext = NULL; + } + X509_free(x509); + +#ifndef NO_WOLFSSL_STUB + ExpectIntEQ(wolfSSL_X509V3_EXT_add_nconf(NULL, NULL, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectNull(wolfSSL_X509V3_EXT_conf_nid(NULL, NULL, 0, NULL)); + ExpectNull(wolfSSL_X509V3_EXT_conf_nid(&lhash, NULL, 0, NULL)); + wolfSSL_X509V3_set_ctx_nodb(NULL); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_bc(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; + WOLFSSL_ASN1_INTEGER* pathLen = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new()); + if (pathLen != NULL) { + pathLen->length = 2; + } + + if (obj != NULL) { + obj->type = NID_basic_constraints; + obj->nid = NID_basic_constraints; + } + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); + /* No pathlen set. */ + ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); + wolfSSL_BASIC_CONSTRAINTS_free(bc); + bc = NULL; + + if ((ext != NULL) && (ext->obj != NULL)) { + ext->obj->pathlen = pathLen; + pathLen = NULL; + } + /* pathlen set. */ + ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); + + wolfSSL_ASN1_INTEGER_free(pathLen); + wolfSSL_BASIC_CONSTRAINTS_free(bc); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_san(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_STACK* sk = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + + if (obj != NULL) { + obj->type = NID_subject_alt_name; + obj->nid = NID_subject_alt_name; + } + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); + /* No extension stack set. */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + ExpectNotNull(sk = wolfSSL_sk_new_null()); + if (ext != NULL) { + ext->ext_sk = sk; + sk = NULL; + } + /* Extension stack set. */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + wolfSSL_sk_free(sk); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_aia(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_STACK* sk = NULL; + WOLFSSL_STACK* node = NULL; + WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL; + WOLFSSL_ASN1_OBJECT* entry = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + + if (obj != NULL) { + obj->type = NID_info_access; + obj->nid = NID_info_access; + } + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); + /* No extension stack set. */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + ExpectNotNull(sk = wolfSSL_sk_new_null()); + if (ext != NULL) { + ext->ext_sk = sk; + sk = NULL; + } + /* Extension stack set but empty. */ + ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *) + wolfSSL_X509V3_EXT_d2i(ext)); + wolfSSL_AUTHORITY_INFO_ACCESS_free(aia); + aia = NULL; + + ExpectNotNull(entry = wolfSSL_ASN1_OBJECT_new()); + if (entry != NULL) { + entry->nid = WC_NID_ad_OCSP; + entry->obj = (const unsigned char*)"http://127.0.0.1"; + entry->objSz = 16; + } + ExpectNotNull(node = wolfSSL_sk_new_node(NULL)); + if ((node != NULL) && (ext != NULL)) { + node->type = STACK_TYPE_OBJ; + node->data.obj = entry; + entry = NULL; + ExpectIntEQ(wolfSSL_sk_push_node(&ext->ext_sk, node), WOLFSSL_SUCCESS); + if (EXPECT_SUCCESS()) { + node = NULL; + } + } + ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *) + wolfSSL_X509V3_EXT_d2i(ext)); + wolfSSL_ACCESS_DESCRIPTION_free(NULL); + + wolfSSL_AUTHORITY_INFO_ACCESS_pop_free(aia, + wolfSSL_ACCESS_DESCRIPTION_free); + wolfSSL_ASN1_OBJECT_free(entry); + wolfSSL_sk_free(node); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE f = XBADFILE; + int numOfExt = 0, nid = 0, i = 0, expected, actual = 0; + char* str = NULL; + unsigned char* data = NULL; + const WOLFSSL_v3_ext_method* method = NULL; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* ext2 = NULL; + WOLFSSL_ASN1_OBJECT *obj = NULL; + WOLFSSL_ASN1_OBJECT *adObj = NULL; + WOLFSSL_ASN1_STRING* asn1str = NULL; + WOLFSSL_AUTHORITY_KEYID* aKeyId = NULL; + WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL; + WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; + WOLFSSL_ACCESS_DESCRIPTION* ad = NULL; + WOLFSSL_GENERAL_NAME* gn = NULL; + + /* Check NULL argument */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(NULL)); + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_ext_key_usage; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_certificate_policies; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_crl_distribution_points; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_subject_alt_name; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + wolfSSL_ASN1_OBJECT_free(obj); + obj = NULL; + wolfSSL_X509_EXTENSION_free(ext); + ext = NULL; + + /* Using OCSP cert with X509V3 extensions */ + ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); + + /* Basic Constraints */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints); + ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); + + ExpectIntEQ(bc->ca, 1); + ExpectNull(bc->pathlen); + wolfSSL_BASIC_CONSTRAINTS_free(bc); + bc = NULL; + i++; + + /* Subject Key Identifier */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier); + + ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); + ExpectNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0, + asn1str)); + X509_EXTENSION_free(ext2); + ext2 = NULL; + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectNotNull(method->i2s); + ExpectNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str)); + wolfSSL_ASN1_STRING_free(asn1str); + asn1str = NULL; + if (str != NULL) { + actual = strcmp(str, + "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); + } + ExpectIntEQ(actual, 0); + XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str = NULL; + i++; + + /* Authority Key Identifier */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier); + + ExpectNotNull(aKeyId = (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i( + ext)); + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectNotNull(asn1str = aKeyId->keyid); + ExpectNotNull(str = wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, + asn1str)); + asn1str = NULL; + if (str != NULL) { + actual = strcmp(str, + "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); + } + ExpectIntEQ(actual, 0); + XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str = NULL; + wolfSSL_AUTHORITY_KEYID_free(aKeyId); + aKeyId = NULL; + i++; + + /* Key Usage */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage); + + ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); +#if defined(WOLFSSL_QT) + ExpectNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str)); +#else + ExpectNotNull(data = wolfSSL_ASN1_STRING_data(asn1str)); +#endif + expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN; + if (data != NULL) { + #ifdef BIG_ENDIAN_ORDER + actual = data[1]; + #else + actual = data[0]; + #endif + } + ExpectIntEQ(actual, expected); + wolfSSL_ASN1_STRING_free(asn1str); + asn1str = NULL; + ExpectIntEQ(wolfSSL_X509_get_keyUsage(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_keyUsage(x509), expected); + i++; + + /* Authority Info Access */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access); + ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i( + ext)); +#if defined(WOLFSSL_QT) + ExpectIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ +#else + ExpectIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ +#endif + /* URI entry is an ACCESS_DESCRIPTION type */ +#if defined(WOLFSSL_QT) + ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0)); +#else + ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0)); +#endif + ExpectNotNull(adObj = ad->method); + /* Make sure nid is OCSP */ + ExpectIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP); + + /* GENERAL_NAME stores URI as an ASN1_STRING */ + ExpectNotNull(gn = ad->location); + ExpectIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */ + ExpectNotNull(asn1str = gn->d.uniformResourceIdentifier); + ExpectIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22); +#if defined(WOLFSSL_QT) + ExpectNotNull(str = (char*)ASN1_STRING_get0_data(asn1str)); +#else + ExpectNotNull(str = (char*)wolfSSL_ASN1_STRING_data(asn1str)); +#endif + if (str != NULL) { + actual = strcmp(str, "http://127.0.0.1:22220"); + } + ExpectIntEQ(actual, 0); + + ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(NULL), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(aia), 1); + ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(NULL, 0)); + ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 1)); + ExpectNotNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 0)); + wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL); + aia = NULL; + +#ifndef NO_WOLFSSL_STUB + ExpectNull(wolfSSL_X509_delete_ext(x509, 0)); +#endif + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_print(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \ + !defined(NO_RSA) + + { + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + X509_EXTENSION * ext = NULL; + int loc = 0; + BIO *bio = NULL; + + ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + fclose(f); + + ExpectNotNull(bio = wolfSSL_BIO_new(BIO_s_mem())); + + ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, + NID_basic_constraints, -1), -1); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); + + /* Failure cases. */ + ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, NULL, 0, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio , NULL, 0, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, ext , 0, 0), + WOLFSSL_FAILURE); + /* Good case. */ + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); + + ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, + NID_subject_key_identifier, -1), -1); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); + + ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, + NID_authority_key_identifier, -1), -1); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); + + wolfSSL_BIO_free(bio); + wolfSSL_X509_free(x509); + } + + { + X509 *x509 = NULL; + BIO *bio = NULL; + X509_EXTENSION *ext = NULL; + unsigned int i = 0; + unsigned int idx = 0; + /* Some NIDs to test with */ + int nids[] = { + /* NID_key_usage, currently X509_get_ext returns this as a bit + * string, which messes up X509V3_EXT_print */ + /* NID_ext_key_usage, */ + NID_subject_alt_name, + }; + int* n = NULL; + + ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt, + WOLFSSL_FILETYPE_PEM)); + + ExpectIntGT(fprintf(stderr, "\nPrinting extension values:\n"), 0); + + for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) { + /* X509_get_ext_by_NID should return 3 for now. If that changes then + * update the index */ + ExpectIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3); + ExpectNotNull(ext = X509_get_ext(x509, (int)idx)); + ExpectIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1); + ExpectIntGT(fprintf(stderr, "\n"), 0); + } + + BIO_free(bio); + X509_free(x509); + } + + { + BIO* bio = NULL; + X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + + ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); + ExpectNotNull(ext = X509_EXTENSION_new()); + + /* No object. */ + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_FAILURE); + + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), + WOLFSSL_SUCCESS); + + /* NID not supported yet - just doesn't write anything. */ + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = AUTH_INFO_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + ext->obj->nid = CERT_POLICY_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + ext->obj->nid = CRL_DIST_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + ext->obj->nid = KEY_USAGE_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + + ext->obj->nid = EXT_KEY_USAGE_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + } + + wolfSSL_ASN1_OBJECT_free(obj); + X509_EXTENSION_free(ext); + BIO_free(bio); + } +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_ossl_x509_ext.h b/tests/api/test_ossl_x509_ext.h new file mode 100644 index 000000000..3a0ea0d42 --- /dev/null +++ b/tests/api/test_ossl_x509_ext.h @@ -0,0 +1,76 @@ +/* test_ossl_x509_ext.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_EXT_H +#define WOLFCRYPT_TEST_OSSL_X509_EXT_H + +#include + +int test_wolfSSL_X509_get_extension_flags(void); +int test_wolfSSL_X509_get_ext(void); +int test_wolfSSL_X509_get_ext_by_NID(void); +int test_wolfSSL_X509_get_ext_subj_alt_name(void); +int test_wolfSSL_X509_set_ext(void); +int test_wolfSSL_X509_add_ext(void); +int test_wolfSSL_X509_get_ext_count(void); +int test_wolfSSL_X509_stack_extensions(void); +int test_wolfSSL_X509_EXTENSION_new(void); +int test_wolfSSL_X509_EXTENSION_dup(void); +int test_wolfSSL_X509_EXTENSION_get_object(void); +int test_wolfSSL_X509_EXTENSION_get_data(void); +int test_wolfSSL_X509_EXTENSION_get_critical(void); +int test_wolfSSL_X509_EXTENSION_create_by_OBJ(void); +int test_wolfSSL_X509V3_set_ctx(void); +int test_wolfSSL_X509V3_EXT_get(void); +int test_wolfSSL_X509V3_EXT_nconf(void); +int test_wolfSSL_X509V3_EXT_bc(void); +int test_wolfSSL_X509V3_EXT_san(void); +int test_wolfSSL_X509V3_EXT_aia(void); +int test_wolfSSL_X509V3_EXT(void); +int test_wolfSSL_X509V3_EXT_print(void); + +#define TEST_OSSL_X509_EXT_DECLS \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_extension_flags), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext_by_NID), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext_subj_alt_name), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_set_ext), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_add_ext), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext_count), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_stack_extensions), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_EXTENSION_new), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_EXTENSION_dup), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_EXTENSION_get_object), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_EXTENSION_get_data), \ + TEST_DECL_GROUP("ossl_x509_ext", \ + test_wolfSSL_X509_EXTENSION_get_critical), \ + TEST_DECL_GROUP("ossl_x509_ext", \ + test_wolfSSL_X509_EXTENSION_create_by_OBJ), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_set_ctx), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_get), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_nconf), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_bc), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_san), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_aia), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_print) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_EXT_H */ diff --git a/tests/api/test_ossl_x509_info.c b/tests/api/test_ossl_x509_info.c new file mode 100644 index 000000000..95188e363 --- /dev/null +++ b/tests/api/test_ossl_x509_info.c @@ -0,0 +1,248 @@ +/* test_ossl_x509_info.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include + +int test_wolfSSL_X509_INFO_multiple_info(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_BIO) + STACK_OF(X509_INFO) *info_stack = NULL; + X509_INFO *info = NULL; + int len; + int i; + const char* files[] = { + cliCertFile, + cliKeyFile, + /* This needs to be the order as svrCertFile contains the + * intermediate cert as well. */ + svrKeyFile, + svrCertFile, + NULL, + }; + const char** curFile; + BIO *fileBIO = NULL; + BIO *concatBIO = NULL; + byte tmp[FOURK_BUF]; + + /* concatenate the cert and the key file to force PEM_X509_INFO_read_bio + * to group objects together. */ + ExpectNotNull(concatBIO = BIO_new(BIO_s_mem())); + for (curFile = files; EXPECT_SUCCESS() && *curFile != NULL; curFile++) { + int fileLen = 0; + ExpectNotNull(fileBIO = BIO_new_file(*curFile, "rb")); + ExpectIntGT(fileLen = wolfSSL_BIO_get_len(fileBIO), 0); + if (EXPECT_SUCCESS()) { + while ((len = BIO_read(fileBIO, tmp, sizeof(tmp))) > 0) { + ExpectIntEQ(BIO_write(concatBIO, tmp, len), len); + fileLen -= len; + if (EXPECT_FAIL()) + break; + } + /* Make sure we read the entire file */ + ExpectIntEQ(fileLen, 0); + } + BIO_free(fileBIO); + fileBIO = NULL; + } + + ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(concatBIO, NULL, NULL, + NULL)); + ExpectIntEQ(sk_X509_INFO_num(info_stack), 3); + for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { + ExpectNotNull(info = sk_X509_INFO_value(info_stack, i)); + ExpectNotNull(info->x509); + ExpectNull(info->crl); + if (i != 2) { + ExpectNotNull(info->x_pkey); + ExpectIntEQ(X509_check_private_key(info->x509, + info->x_pkey->dec_pkey), 1); + } + else { + ExpectNull(info->x_pkey); + } + } + + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + BIO_free(concatBIO); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_INFO(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_BIO) + STACK_OF(X509_INFO) *info_stack = NULL; + X509_INFO *info = NULL; + BIO *cert = NULL; + int i; + /* PEM in hex format to avoid null terminator */ + byte data[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, + 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d, + 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d, + 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d, + 0x2d, 0x2d, 0x2d + }; + /* PEM in hex format to avoid null terminator */ + byte data2[] = { + 0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72, + 0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d, + 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50, + 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d, + 0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71, + 0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d, + 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d + }; + + ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); + ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { + ExpectNotNull(info = sk_X509_INFO_value(info_stack, i)); + ExpectNotNull(info->x509); + ExpectNull(info->crl); + ExpectNull(info->x_pkey); + } + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + info_stack = NULL; + BIO_free(cert); + cert = NULL; + + ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); + ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + info_stack = NULL; + BIO_free(cert); + cert = NULL; + + /* This case should fail due to invalid input. */ + ExpectNotNull(cert = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data)); + ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + info_stack = NULL; + BIO_free(cert); + cert = NULL; + ExpectNotNull(cert = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2)); + ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + BIO_free(cert); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_X509_INFO_read_bio(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + !defined(NO_BIO) + BIO* bio = NULL; + X509_INFO* info = NULL; + STACK_OF(X509_INFO)* sk = NULL; + STACK_OF(X509_INFO)* sk2 = NULL; + char* subject = NULL; + char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/" + "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; + char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/" + "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; + + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); + ExpectIntEQ(sk_X509_INFO_num(sk), 2); + + /* using dereference to maintain testing for Apache port*/ + ExpectNull(sk_X509_INFO_pop(NULL)); + ExpectNotNull(info = sk_X509_INFO_pop(sk)); + ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), + 0, 0)); + + ExpectIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1))); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + subject = NULL; + X509_INFO_free(info); + info = NULL; + + ExpectNotNull(info = sk_X509_INFO_pop(sk)); + ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), + 0, 0)); + + ExpectIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2))); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + subject = NULL; + X509_INFO_free(info); + ExpectNull(info = sk_X509_INFO_pop(sk)); + + sk_X509_INFO_pop_free(sk, X509_INFO_free); + sk = NULL; + BIO_free(bio); + bio = NULL; + + ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(sk2 = PEM_X509_INFO_read_bio(bio, sk, NULL, NULL)); + ExpectPtrEq(sk, sk2); + if (sk2 != sk) { + sk_X509_INFO_pop_free(sk, X509_INFO_free); + } + sk = NULL; + BIO_free(bio); + sk_X509_INFO_pop_free(sk2, X509_INFO_free); + + ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); + sk_X509_INFO_free(sk); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_X509_INFO_read(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + !defined(NO_BIO) + XFILE fp = XBADFILE; + STACK_OF(X509_INFO)* sk = NULL; + + ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); + ExpectNull(wolfSSL_PEM_X509_INFO_read(XBADFILE, NULL, NULL, NULL)); + ExpectNotNull(sk = wolfSSL_PEM_X509_INFO_read(fp, NULL, NULL, NULL)); + + sk_X509_INFO_pop_free(sk, X509_INFO_free); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_ossl_x509_info.h b/tests/api/test_ossl_x509_info.h new file mode 100644 index 000000000..16c17fcd4 --- /dev/null +++ b/tests/api/test_ossl_x509_info.h @@ -0,0 +1,38 @@ +/* test_ossl_x509_info.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_INFO_H +#define WOLFCRYPT_TEST_OSSL_X509_INFO_H + +#include + +int test_wolfSSL_X509_INFO_multiple_info(void); +int test_wolfSSL_X509_INFO(void); +int test_wolfSSL_PEM_X509_INFO_read_bio(void); +int test_wolfSSL_PEM_X509_INFO_read(void); + +#define TEST_OSSL_X509_INFO_DECLS \ + TEST_DECL_GROUP("ossl_x509_info", test_wolfSSL_X509_INFO_multiple_info), \ + TEST_DECL_GROUP("ossl_x509_info", test_wolfSSL_X509_INFO), \ + TEST_DECL_GROUP("ossl_x509_info", test_wolfSSL_PEM_X509_INFO_read_bio), \ + TEST_DECL_GROUP("ossl_x509_info", test_wolfSSL_PEM_X509_INFO_read) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_INFO_H */ diff --git a/tests/api/test_ossl_x509_io.c b/tests/api/test_ossl_x509_io.c new file mode 100644 index 000000000..70c0f6843 --- /dev/null +++ b/tests/api/test_ossl_x509_io.c @@ -0,0 +1,247 @@ +/* test_ossl_x509_io.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#ifdef OPENSSL_EXTRA + #include +#endif +#include +#include + +int test_wolfSSL_i2d_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + const unsigned char* cert_buf = server_cert_der_2048; + unsigned char* out = NULL; + unsigned char* tmp = NULL; + const unsigned char* nullPtr = NULL; + const unsigned char notCert[2] = { 0x30, 0x00 }; + const unsigned char* notCertPtr = notCert; + X509* cert = NULL; + + ExpectNull(d2i_X509(NULL, NULL, sizeof_server_cert_der_2048)); + ExpectNull(d2i_X509(NULL, &nullPtr, sizeof_server_cert_der_2048)); + ExpectNull(d2i_X509(NULL, &cert_buf, 0)); + ExpectNull(d2i_X509(NULL, ¬CertPtr, sizeof(notCert))); + ExpectNotNull(d2i_X509(&cert, &cert_buf, sizeof_server_cert_der_2048)); + /* Pointer should be advanced */ + ExpectPtrGT(cert_buf, server_cert_der_2048); + ExpectIntGT(i2d_X509(cert, &out), 0); + ExpectNotNull(out); + tmp = out; + ExpectIntGT(i2d_X509(cert, &tmp), 0); + ExpectPtrGT(tmp, out); +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) + ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, cert), 0); + ExpectIntEQ(wolfSSL_PEM_write_X509(stderr, cert), 1); +#endif + + XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL); + X509_free(cert); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + X509 *x509 = NULL; + XFILE fp = XBADFILE; + + ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL)); + X509_free(x509); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_write_bio_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) && \ + defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_EXT) && \ + defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + /* This test contains the hard coded expected + * lengths. Update if necessary */ + XFILE fp = XBADFILE; + WOLFSSL_EVP_PKEY *priv = NULL; + + BIO* input = NULL; + BIO* output = NULL; + X509* x509a = NULL; + X509* x509b = NULL; + X509* empty = NULL; + + ASN1_TIME* notBeforeA = NULL; + ASN1_TIME* notAfterA = NULL; +#ifndef NO_ASN_TIME + ASN1_TIME* notBeforeB = NULL; + ASN1_TIME* notAfterB = NULL; +#endif + int expectedLen; + + ExpectTrue((fp = XFOPEN("certs/server-key.pem", "rb")) != XBADFILE); + ExpectNotNull(priv = wolfSSL_PEM_read_PrivateKey(fp, NULL, NULL, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(input = BIO_new_file("certs/test/cert-ext-multiple.pem", + "rb")); + ExpectIntEQ(wolfSSL_BIO_get_len(input), 2000); + + /* read PEM into X509 struct, get notBefore / notAfter to verify against */ + ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); + ExpectNotNull(notBeforeA = X509_get_notBefore(x509a)); + ExpectNotNull(notAfterA = X509_get_notAfter(x509a)); + + /* write X509 back to PEM BIO; no need to sign as nothing changed. */ + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectIntEQ(PEM_write_bio_X509(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(output, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(NULL, x509a), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(output, empty), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + /* compare length against expected */ + expectedLen = 2000; + ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen); + wolfSSL_X509_free(empty); + +#ifndef NO_ASN_TIME + /* read exported X509 PEM back into struct, sanity check on export, + * make sure notBefore/notAfter are the same and certs are identical. */ + ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); + ExpectNotNull(notBeforeB = X509_get_notBefore(x509b)); + ExpectNotNull(notAfterB = X509_get_notAfter(x509b)); + ExpectIntEQ(ASN1_TIME_compare(notBeforeA, notBeforeB), 0); + ExpectIntEQ(ASN1_TIME_compare(notAfterA, notAfterB), 0); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); + X509_free(x509b); + x509b = NULL; +#endif + + /* Reset output buffer */ + BIO_free(output); + output = NULL; + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + + /* Test forcing the AKID to be generated just from KeyIdentifier */ + if (EXPECT_SUCCESS() && x509a->authKeyIdSrc != NULL) { + XMEMMOVE(x509a->authKeyIdSrc, x509a->authKeyId, x509a->authKeyIdSz); + x509a->authKeyId = x509a->authKeyIdSrc; + x509a->authKeyIdSrc = NULL; + x509a->authKeyIdSrcSz = 0; + } + + /* Resign to re-generate the der */ + ExpectIntGT(wolfSSL_X509_sign(x509a, priv, EVP_sha256()), 0); + + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + + /* Check that we generate a smaller output since the AKID will + * only contain the KeyIdentifier without any additional + * information */ + + /* Here we copy the validity struct from the original */ + expectedLen = 1688; + ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen); + + /* Reset buffers and x509 */ + BIO_free(input); + input = NULL; + BIO_free(output); + output = NULL; + X509_free(x509a); + x509a = NULL; + + /* test CA and basicConstSet values are encoded when + * the cert is a CA */ + ExpectNotNull(input = BIO_new_file("certs/server-cert.pem", "rb")); + + /* read PEM into X509 struct */ + ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); + + /* write X509 back to PEM BIO; no need to sign as nothing changed */ + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + + /* read exported X509 PEM back into struct, ensure isCa and basicConstSet + * values are maintained and certs are identical.*/ + ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); + ExpectIntEQ(x509b->isCa, 1); + ExpectIntEQ(x509b->basicConstSet, 1); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); + + X509_free(x509a); + x509a = NULL; + X509_free(x509b); + x509b = NULL; + BIO_free(input); + input = NULL; + BIO_free(output); + output = NULL; + + /* test CA and basicConstSet values are encoded when + * the cert is not CA */ + ExpectNotNull(input = BIO_new_file("certs/client-uri-cert.pem", "rb")); + + /* read PEM into X509 struct */ + ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); + + /* write X509 back to PEM BIO; no need to sign as nothing changed */ + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + + /* read exported X509 PEM back into struct, ensure isCa and + * basicConstSet values are maintained and certs are identical */ + ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); + ExpectIntEQ(x509b->isCa, 0); + ExpectIntEQ(x509b->basicConstSet, 1); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); + + wolfSSL_EVP_PKEY_free(priv); + X509_free(x509a); + X509_free(x509b); + BIO_free(input); + BIO_free(output); +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_ossl_x509_io.h b/tests/api/test_ossl_x509_io.h new file mode 100644 index 000000000..93e9f90ac --- /dev/null +++ b/tests/api/test_ossl_x509_io.h @@ -0,0 +1,36 @@ +/* test_ossl_x509_io.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_IO_H +#define WOLFCRYPT_TEST_OSSL_X509_IO_H + +#include + +int test_wolfSSL_i2d_X509(void); +int test_wolfSSL_PEM_read_X509(void); +int test_wolfSSL_PEM_write_bio_X509(void); + +#define TEST_OSSL_X509_IO_DECLS \ + TEST_DECL_GROUP("ossl_x509_io", test_wolfSSL_i2d_X509), \ + TEST_DECL_GROUP("ossl_x509_io", test_wolfSSL_PEM_read_X509), \ + TEST_DECL_GROUP("ossl_x509_io", test_wolfSSL_PEM_write_bio_X509) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_IO_H */ diff --git a/tests/api/test_ossl_x509_lu.c b/tests/api/test_ossl_x509_lu.c new file mode 100644 index 000000000..0b9aa42d4 --- /dev/null +++ b/tests/api/test_ossl_x509_lu.c @@ -0,0 +1,518 @@ +/* test_ossl_x509_lu.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include + +int test_wolfSSL_X509_LOOKUP_load_file(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_ECC) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) + WOLFSSL_X509_STORE* store = NULL; + WOLFSSL_X509_LOOKUP* lookup = NULL; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + /* One RSA and one ECC certificate in file. */ + ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem", + X509_FILETYPE_PEM), 1); + ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem", + X509_FILETYPE_PEM), 1); + + if (store != NULL) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile, + WOLFSSL_FILETYPE_PEM), 1); + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); + } + ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); + if (store != NULL) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + } + + wolfSSL_X509_STORE_free(store); +#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_LOOKUP_ctrl_file(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(WOLFSSL_SIGNER_DER_CERT) + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + X509_LOOKUP* lookup = NULL; + + X509* cert1 = NULL; + X509* x509Ca = NULL; + X509* x509Svr = NULL; + X509* issuer = NULL; + + WOLFSSL_STACK* sk = NULL; + X509_NAME* caName = NULL; + X509_NAME* issuerName = NULL; + + XFILE file1 = XBADFILE; + int i; + int cert_count = 0; + int cmp; + + char der[] = "certs/ca-cert.der"; + +#ifdef HAVE_CRL + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + "" + }; +#endif + ExpectTrue((file1 = XFOPEN("./certs/ca-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); + if (file1 != XBADFILE) + XFCLOSE(file1); + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, NULL, + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(lookup, NULL, + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, caCertFile, + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, der , + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, + SSL_FILETYPE_PEM,NULL), 1); + ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); + ExpectIntEQ((cert_count = sk_X509_num(sk)), 1); + + /* check if CA cert is loaded into the store */ + for (i = 0; i < cert_count; i++) { + x509Ca = sk_X509_value(sk, i); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); + } + + ExpectNotNull((x509Svr = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); + + ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); + issuer = X509_STORE_CTX_get0_current_issuer(ctx); + ExpectNull(issuer); + + ExpectIntEQ(X509_verify_cert(ctx), 1); + + issuer = X509_STORE_CTX_get0_current_issuer(ctx); + ExpectNotNull(issuer); + caName = X509_get_subject_name(x509Ca); + ExpectNotNull(caName); + issuerName = X509_get_subject_name(issuer); + ExpectNotNull(issuerName); + cmp = X509_NAME_cmp(caName, issuerName); + ExpectIntEQ(cmp, 0); + /* load der format */ + issuer = NULL; + X509_STORE_CTX_free(ctx); + ctx = NULL; + X509_STORE_free(str); + str = NULL; + sk_X509_pop_free(sk, NULL); + sk = NULL; + X509_free(x509Svr); + x509Svr = NULL; + + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der, + SSL_FILETYPE_ASN1,NULL), 1); + ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); + ExpectIntEQ((cert_count = sk_X509_num(sk)), 1); + /* check if CA cert is loaded into the store */ + for (i = 0; i < cert_count; i++) { + x509Ca = sk_X509_value(sk, i); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); + } + + X509_STORE_free(str); + str = NULL; + sk_X509_pop_free(sk, NULL); + sk = NULL; + X509_free(cert1); + cert1 = NULL; + +#ifdef HAVE_CRL + ExpectNotNull(str = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, + SSL_FILETYPE_PEM,NULL), 1); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, + "certs/server-revoked-cert.pem", + SSL_FILETYPE_PEM,NULL), 1); + if (str) { + ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, + "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM), 1); + } + for (i = 0; pem[i][0] != '\0'; i++) + { + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i], + SSL_FILETYPE_PEM, NULL), 1); + } + + if (str) { + /* since store knows crl list */ + ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, + "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM ), WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); + } + + ExpectIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0); + X509_STORE_free(str); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + const int MAX_DIR = 4; + const char paths[][32] = { + "./certs/ed25519", + "./certs/ecc", + "./certs/crl", + "./certs/", + }; + + char CertCrl_path[MAX_FILENAME_SZ]; + char *p; + X509_STORE* str = NULL; + X509_LOOKUP* lookup = NULL; + WOLFSSL_STACK* sk = NULL; + int len, total_len, i; + + (void)sk; + + XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ); + + /* illegal string */ + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "", + SSL_FILETYPE_PEM, NULL), 0); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_STORE, "", + SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_LOAD_STORE, "", + SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, 0, "", + SSL_FILETYPE_PEM, NULL), WOLFSSL_FAILURE); + + /* free store */ + X509_STORE_free(str); + str = NULL; + + /* short folder string */ + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./", + SSL_FILETYPE_PEM,NULL), 1); + #if defined(WOLFSSL_INT_H) + /* only available when including internal.h */ + ExpectNotNull(sk = lookup->dirs->dir_entry); + #endif + /* free store */ + X509_STORE_free(str); + str = NULL; + + /* typical function check */ + p = &CertCrl_path[0]; + total_len = 0; + + for (i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) { + len = (int)XSTRLEN((const char*)&paths[i]); + total_len += len; + XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len); + p += len; + if (i != 0) *(p++) = SEPARATOR_CHAR; + } + + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path, + SSL_FILETYPE_PEM,NULL), 1); + #if defined(WOLFSSL_INT_H) + /* only available when including internal.h */ + ExpectNotNull(sk = lookup->dirs->dir_entry); + #endif + + X509_STORE_free(str); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_load_crl_file(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) + int i; + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + #ifdef WC_RSA_PSS + "./certs/crl/crl_rsapss.pem", + #endif + "" + }; + char der[][100] = { + "./certs/crl/crl.der", + "./certs/crl/crl2.der", + "" + }; + WOLFSSL_X509_STORE* store = NULL; + WOLFSSL_X509_LOOKUP* lookup = NULL; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); +#ifdef WC_RSA_PSS + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/rsapss/ca-rsapss.pem", + X509_FILETYPE_PEM), 1); +#endif + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", + X509_FILETYPE_PEM), 1); + if (store) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); + } + + ExpectIntEQ(X509_load_crl_file(lookup, pem[0], 0), 0); + for (i = 0; pem[i][0] != '\0'; i++) { + ExpectIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), + 1); + } + + if (store) { + /* since store knows crl list */ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); +#ifdef WC_RSA_PSS + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); +#endif + } + /* once feeing store */ + X509_STORE_free(store); + store = NULL; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", + X509_FILETYPE_PEM), 1); + if (store) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); + } + + for (i = 0; der[i][0] != '\0'; i++) { + ExpectIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), + 1); + } + + if (store) { + /* since store knows crl list */ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); + } + + /* test for incorrect parameter */ + ExpectIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0); + ExpectIntEQ(X509_load_crl_file(lookup, NULL, 0), 0); + ExpectIntEQ(X509_load_crl_file(NULL, NULL, 0), 0); + + X509_STORE_free(store); + store = NULL; +#endif + return EXPECT_RESULT(); +} + +int test_X509_LOOKUP_add_dir(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ + (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ + defined(HAVE_CRL) && !defined(NO_RSA) + + X509_STORE * store = NULL; + X509_STORE_CTX * storeCtx = NULL; + X509_CRL * crl = NULL; + X509 * ca = NULL; + X509 * cert = NULL; + const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; + const char srvCert[] = "./certs/server-cert.pem"; + const char caCert[] = "./certs/ca-cert.pem"; + const char caDir[] = "./certs/crl/hash_der"; + XFILE fp = XBADFILE; + X509_LOOKUP * lookup = NULL; + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + + /* Set up store with CA */ + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + + /* Add CRL lookup directory to store. + * Test uses ./certs/crl/hash_der/0fdb2da4.r0, which is a copy + * of crl.der */ + ExpectNotNull((lookup = X509_STORE_add_lookup(store, + X509_LOOKUP_hash_dir()))); + + ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_ASN1), + SSL_SUCCESS); + + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), + SSL_SUCCESS); + + /* Add CRL to store NOT containing the verified certificate, which + * forces use of the CRL lookup directory */ + ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + + /* Create verification context outside of an SSL session */ + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + + /* Perform verification, which should NOT return CRL missing */ + ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING)); + + X509_CRL_free(crl); + crl = NULL; + X509_STORE_free(store); + store = NULL; + X509_STORE_CTX_free(storeCtx); + storeCtx = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; + + /* Now repeat the same, but look for X509_FILETYPE_PEM. + * We should get CRL_MISSING at the end, because the lookup + * dir has only ASN1 CRLs. */ + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + + ExpectNotNull((lookup = X509_STORE_add_lookup(store, + X509_LOOKUP_hash_dir()))); + + ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_PEM), + SSL_SUCCESS); + + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), + SSL_SUCCESS); + ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + + /* Now we SHOULD get CRL_MISSING, because we looked for PEM + * in dir containing only ASN1/DER. */ + ExpectIntEQ(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), + X509_V_ERR_UNABLE_TO_GET_CRL); + + X509_CRL_free(crl); + X509_STORE_free(store); + X509_STORE_CTX_free(storeCtx); + X509_free(cert); + X509_free(ca); +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_ossl_x509_lu.h b/tests/api/test_ossl_x509_lu.h new file mode 100644 index 000000000..61e8454f9 --- /dev/null +++ b/tests/api/test_ossl_x509_lu.h @@ -0,0 +1,40 @@ +/* test_ossl_x509_lu.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_LU_H +#define WOLFCRYPT_TEST_OSSL_X509_LU_H + +#include + +int test_wolfSSL_X509_LOOKUP_load_file(void); +int test_wolfSSL_X509_LOOKUP_ctrl_file(void); +int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void); +int test_wolfSSL_X509_load_crl_file(void); +int test_X509_LOOKUP_add_dir(void); + +#define TEST_OSSL_X509_LOOKUP_DECLS \ + TEST_DECL_GROUP("ossl_x509_lu", test_wolfSSL_X509_LOOKUP_load_file), \ + TEST_DECL_GROUP("ossl_x509_lu", test_wolfSSL_X509_LOOKUP_ctrl_file), \ + TEST_DECL_GROUP("ossl_x509_lu", test_wolfSSL_X509_LOOKUP_ctrl_hash_dir), \ + TEST_DECL_GROUP("ossl_x509_lu", test_wolfSSL_X509_LOOKUP_ctrl_hash_dir), \ + TEST_DECL_GROUP("ossl_x509_lu", test_X509_LOOKUP_add_dir) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_LU_H */ diff --git a/tests/api/test_ossl_x509_name.c b/tests/api/test_ossl_x509_name.c new file mode 100644 index 000000000..2d4482f0d --- /dev/null +++ b/tests/api/test_ossl_x509_name.c @@ -0,0 +1,717 @@ +/* test_ossl_x509_name.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +int test_wolfSSL_X509_NAME_get_entry(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_ALL) || \ + (defined(OPENSSL_EXTRA) && \ + (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS))) + /* use openssl like name to test mapping */ + X509_NAME_ENTRY* ne = NULL; + X509_NAME* name = NULL; + X509* x509 = NULL; + ASN1_STRING* asn = NULL; + char* subCN = NULL; + int idx = 0; + ASN1_OBJECT *object = NULL; +#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) +#ifndef NO_BIO + BIO* bio = NULL; +#endif +#endif + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNull(X509_NAME_ENTRY_get_data(NULL)); + ExpectNotNull(asn = X509_NAME_ENTRY_get_data(ne)); + ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn)); + wolfSSL_FreeX509(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); + +#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) +#ifndef NO_BIO + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(bio, name, 4, + (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_print_ex_fp(XBADFILE, name, 4, + (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex_fp(stderr, name, 4, + (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); + BIO_free(bio); +#endif +#endif + + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); + wolfSSL_FreeX509(x509); +#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */ +#endif /* !NO_CERTS && !NO_RSA && !NO_FILESYSTEM */ + + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NAME(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ + defined(OPENSSL_EXTRA)) + X509* x509 = NULL; +#ifndef OPENSSL_EXTRA + const unsigned char* c = NULL; + int bytes = 0; +#endif + unsigned char buf[4096]; + XFILE f = XBADFILE; + const X509_NAME* a = NULL; + const X509_NAME* b = NULL; + X509_NAME* d2i_name = NULL; + int sz = 0; + unsigned char* tmp = NULL; + char file[] = "./certs/ca-cert.der"; +#ifndef OPENSSL_EXTRA_X509_SMALL + byte empty[] = { /* CN=empty emailAddress= */ + 0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70, + 0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x00 + }; +#endif +#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) + byte digest[64]; /* max digest size */ + word32 digestSz; +#endif + +#ifndef OPENSSL_EXTRA_X509_SMALL + /* test compile of deprecated function, returns 0 */ + ExpectIntEQ(CRYPTO_thread_id(), 0); +#endif + + ExpectNotNull(a = X509_NAME_new()); + ExpectNotNull(b = X509_NAME_new()); +#ifndef OPENSSL_EXTRA_X509_SMALL + ExpectIntEQ(X509_NAME_cmp(a, b), 0); +#endif + X509_NAME_free((X509_NAME*)b); + X509_NAME_free((X509_NAME*)a); + a = NULL; + + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); +#ifndef OPENSSL_EXTRA + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + c = buf; + ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT)); +#else + ExpectNull(wolfSSL_X509_d2i_fp(NULL, XBADFILE)); + ExpectNotNull(wolfSSL_X509_d2i_fp(&x509, f)); + if (f != XBADFILE) + XFCLOSE(f); +#endif + + /* test cmp function */ + ExpectNull(X509_get_issuer_name(NULL)); + ExpectNotNull(a = X509_get_issuer_name(x509)); + ExpectNull(X509_get_subject_name(NULL)); + ExpectNotNull(b = X509_get_subject_name(x509)); +#ifdef KEEP_PEER_CERT + ExpectNull(wolfSSL_X509_get_subjectCN(NULL)); + ExpectNotNull(wolfSSL_X509_get_subjectCN(x509)); +#endif + +#if defined(OPENSSL_EXTRA) + ExpectIntEQ(X509_check_issued(NULL, NULL), + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); + ExpectIntEQ(X509_check_issued(x509, NULL), + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); + ExpectIntEQ(X509_check_issued(NULL, x509), + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); + ExpectIntEQ(X509_check_issued(x509, x509), WOLFSSL_X509_V_OK); + ExpectIntEQ(X509_NAME_cmp(NULL, NULL), -2); + ExpectIntEQ(X509_NAME_cmp(NULL, b), -2); + ExpectIntEQ(X509_NAME_cmp(a, NULL), -2); + ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */ + +#if !defined(NO_PWDBASED) + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, NULL, NULL), 0); +#ifndef NO_SHA256 + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), NULL, + NULL), 0); +#endif + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, digest, NULL), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, &digestSz), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, digest, + &digestSz), 0); +#ifndef NO_SHA256 + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), digest, + &digestSz), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), NULL, + &digestSz), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest, + NULL), 1); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest, + &digestSz), 1); + ExpectTrue(digestSz == 32); +#endif +#else + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), + NOT_COMPILED_IN); +#endif +#endif /* OPENSSL_EXTRA */ + + tmp = buf; + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0); + if (sz > 0 && tmp == buf) { + fprintf(stderr, "\nERROR - %s line %d failed with:", __FILE__, + __LINE__); + fprintf(stderr, " Expected pointer to be incremented\n"); + abort(); + } + +#ifndef OPENSSL_EXTRA_X509_SMALL + tmp = buf; + ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); +#endif + + /* if output parameter is NULL, should still return required size. */ + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, NULL)), 0); + /* retry but with the function creating a buffer */ + tmp = NULL; + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + tmp = NULL; + +#ifdef WOLFSSL_CERT_NAME_ALL + /* test for givenName and name */ + { + WOLFSSL_X509_NAME_ENTRY* entry = NULL; + WOLFSSL_X509_NAME_ENTRY empty; + const byte gName[] = "test-given-name"; + const byte name[] = "test-name"; + + XMEMSET(&empty, 0, sizeof(empty)); + + ExpectNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, + NID_givenName, ASN_UTF8STRING, NULL, sizeof(gName))); + ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, + NID_givenName, ASN_UTF8STRING, gName, sizeof(gName))); + ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry, + NID_givenName, ASN_UTF8STRING, gName, sizeof(gName))); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL , NULL , -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, NULL , -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL , entry , -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, &empty, -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , 99, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , -1, 0), + 1); + wolfSSL_X509_NAME_ENTRY_free(entry); + entry = NULL; + + ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry, + NID_name, ASN_UTF8STRING, name, sizeof(name))); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0), + 1); + wolfSSL_X509_NAME_ENTRY_free(entry); + + tmp = NULL; + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + } +#endif + + b = NULL; + ExpectNull(X509_NAME_dup(NULL)); + ExpectNotNull(b = X509_NAME_dup((X509_NAME*)a)); +#ifndef OPENSSL_EXTRA_X509_SMALL + ExpectIntEQ(X509_NAME_cmp(a, b), 0); +#endif + ExpectIntEQ(X509_NAME_entry_count(NULL), 0); + ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7); + X509_NAME_free((X509_NAME*)b); + ExpectNotNull(b = wolfSSL_X509_NAME_new()); + ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 0); + ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, (X509_NAME*)b), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, (X509_NAME*)b), 1); + ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7); + X509_NAME_free((X509_NAME*)b); + X509_NAME_free(d2i_name); + d2i_name = NULL; + X509_free(x509); + +#ifndef OPENSSL_EXTRA_X509_SMALL + /* test with an empty domain component */ + tmp = empty; + sz = sizeof(empty); + ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); + ExpectIntEQ(X509_NAME_entry_count(d2i_name), 2); + + /* size of empty emailAddress will be 0 */ + tmp = buf; + ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress, + (char*)tmp, sizeof(buf)), 0); + + /* should contain no organization name */ + tmp = buf; + ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName, + (char*)tmp, sizeof(buf)), -1); + X509_NAME_free(d2i_name); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NAME_hash(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO) + BIO* bio = NULL; + X509* x509 = NULL; + X509_NAME* name = NULL; + + ExpectIntEQ(X509_NAME_hash(NULL), 0); + ExpectNotNull(name = wolfSSL_X509_NAME_new_ex(NULL)); + ExpectIntEQ(X509_NAME_hash(name), 0); + X509_NAME_free(name); + + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); + ExpectIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0x137DC03F); + ExpectIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0xFDB2DA4); + X509_free(x509); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NAME_print_ex(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) && \ + !defined(NO_BIO) && !defined(NO_RSA) + int memSz = 0; + byte* mem = NULL; + BIO* bio = NULL; + BIO* membio = NULL; + X509* x509 = NULL; + X509_NAME* name = NULL; + X509_NAME* empty = NULL; + + const char* expNormal = "C=US, CN=wolfssl.com"; + const char* expEqSpace = "C = US, CN = wolfssl.com"; + const char* expReverse = "CN=wolfssl.com, C=US"; + + const char* expNotEscaped = "C= US,+\"\\ , CN=#wolfssl.com<>;"; + const char* expNotEscapedRev = "CN=#wolfssl.com<>;, C= US,+\"\\ "; + const char* expRFC5523 = + "CN=\\#wolfssl.com\\<\\>\\;, C=\\ US\\,\\+\\\"\\\\\\ "; + + /* Test with real cert (svrCertFile) first */ + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); + ExpectNotNull(name = X509_get_subject_name(x509)); + + /* Test without flags */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectNotNull(empty = wolfSSL_X509_NAME_new()); + ExpectIntEQ(X509_NAME_print_ex(NULL, NULL, 0, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex(membio, NULL, 0, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex(NULL, name, 0, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex(membio, empty, 0, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + wolfSSL_X509_NAME_free(empty); + BIO_free(membio); + membio = NULL; + + /* Test flag: XN_FLAG_RFC2253 */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253), WOLFSSL_SUCCESS); + BIO_free(membio); + membio = NULL; + + /* Test flag: XN_FLAG_RFC2253 | XN_FLAG_DN_REV */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253 | XN_FLAG_DN_REV), WOLFSSL_SUCCESS); + BIO_free(membio); + membio = NULL; + + X509_free(x509); + BIO_free(bio); + name = NULL; + + /* Test with empty issuer cert empty-issuer-cert.pem. + * See notes in certs/test/gen-testcerts.sh for how it was generated. */ + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, noIssuerCertFile), 0); + ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); + ExpectNotNull(name = X509_get_subject_name(x509)); + + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + /* Should be empty string "" */ + ExpectIntEQ((memSz = BIO_get_mem_data(membio, &mem)), 0); + + BIO_free(membio); + membio = NULL; + X509_free(x509); + BIO_free(bio); + name = NULL; + + /* Test normal case without escaped characters */ + { + /* Create name: "/C=US/CN=wolfssl.com" */ + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", + MBSTRING_UTF8, (byte*)"US", 2, -1, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", + MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), + WOLFSSL_SUCCESS); + + /* Test without flags */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expNormal)); + ExpectIntEQ(XSTRNCMP((char*)mem, expNormal, XSTRLEN(expNormal)), 0); + BIO_free(membio); + membio = NULL; + + /* Test with XN_FLAG_ONELINE which should enable XN_FLAG_SPC_EQ for + spaces around '=' */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_ONELINE), + WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expEqSpace)); + ExpectIntEQ(XSTRNCMP((char*)mem, expEqSpace, XSTRLEN(expEqSpace)), 0); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_RFC2253 - should be reversed */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expReverse)); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_DN_REV - reversed */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_DN_REV), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expReverse)); + ExpectIntEQ(XSTRNCMP((char*)mem, expReverse, XSTRLEN(expReverse)), 0); + BIO_free(membio); + membio = NULL; + + X509_NAME_free(name); + name = NULL; + } + + /* Test RFC2253 characters are escaped with backslashes */ + { + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", + /* space at beginning and end, and: ,+"\ */ + MBSTRING_UTF8, (byte*)" US,+\"\\ ", 8, -1, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", + /* # at beginning, and: <>;*/ + MBSTRING_UTF8, (byte*)"#wolfssl.com<>;", 15, -1, 0), + WOLFSSL_SUCCESS); + /* Test without flags */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expNotEscaped)); + ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscaped, + XSTRLEN(expNotEscaped)), 0); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_RFC5523 - should be reversed and escaped */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expRFC5523)); + ExpectIntEQ(XSTRNCMP((char*)mem, expRFC5523, XSTRLEN(expRFC5523)), 0); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_DN_REV - reversed but not escaped */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_DN_REV), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expNotEscapedRev)); + ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscapedRev, + XSTRLEN(expNotEscapedRev)), 0); + BIO_free(membio); + + X509_NAME_free(name); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NAME_ENTRY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) + X509* x509 = NULL; +#ifndef NO_BIO + X509* empty = NULL; + BIO* bio = NULL; +#endif + X509_NAME* nm = NULL; + X509_NAME_ENTRY* entry = NULL; + WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries = NULL; + unsigned char cn[] = "another name to add"; +#ifdef OPENSSL_ALL + int i; + int names_len = 0; +#endif + + ExpectNotNull(x509 = + wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); +#ifndef NO_BIO + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(bio, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, x509), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(bio, empty), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS); + wolfSSL_X509_free(empty); +#endif + +#ifdef WOLFSSL_CERT_REQ + { + X509_REQ* req = NULL; +#ifndef NO_BIO + X509_REQ* emptyReq = NULL; + BIO* bReq = NULL; +#endif + + ExpectNotNull(req = + wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); +#ifndef NO_BIO + ExpectNotNull(emptyReq = wolfSSL_X509_REQ_new()); + ExpectNotNull(bReq = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, req), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, emptyReq), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS); + + BIO_free(bReq); + X509_REQ_free(emptyReq); +#endif + X509_free(req); + } +#endif + + ExpectNotNull(nm = X509_get_subject_name(x509)); + + /* Test add entry */ + ExpectNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, + 0x0c, cn, (int)sizeof(cn))); + ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); + + /* @TODO the internal name entry set value needs investigated for matching + * behavior with OpenSSL. At the moment the getter function for the set + * value is being tested only in that it succeeds in getting the internal + * value. */ + ExpectIntGT(X509_NAME_ENTRY_set(X509_NAME_get_entry(nm, 1)), 0); + +#ifdef WOLFSSL_CERT_EXT + ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, NULL, MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, NULL, MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS); + ExpectNull(wolfSSL_X509_NAME_delete_entry(NULL, -1)); + ExpectNull(wolfSSL_X509_NAME_delete_entry(nm, -1)); + ExpectNotNull(wolfSSL_X509_NAME_delete_entry(nm, 0)); +#endif + X509_NAME_ENTRY_free(entry); + entry = NULL; + +#ifdef WOLFSSL_CERT_REQ + { + unsigned char srv_pkcs9p[] = "Server"; + unsigned char rfc822Mlbx[] = "support@wolfssl.com"; + unsigned char fvrtDrnk[] = "tequila"; + unsigned char* der = NULL; + char* subject = NULL; + + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType, + MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS); + + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_rfc822Mailbox, + MBSTRING_ASC, rfc822Mlbx, -1, -1, 0), SSL_SUCCESS); + + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_favouriteDrink, + MBSTRING_ASC, fvrtDrnk, -1, -1, 0), SSL_SUCCESS); + + ExpectIntEQ(wolfSSL_i2d_X509_NAME(NULL, &der), BAD_FUNC_ARG); + ExpectIntGT(wolfSSL_i2d_X509_NAME(nm, &der), 0); + ExpectNotNull(der); + + ExpectNotNull(subject = X509_NAME_oneline(nm, NULL, 0)); + ExpectNotNull(XSTRSTR(subject, "rfc822Mailbox=support@wolfssl.com")); + ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila")); + ExpectNotNull(XSTRSTR(subject, "contentType=Server")); + #ifdef DEBUG_WOLFSSL + if (subject != NULL) { + fprintf(stderr, "\n\t%s\n", subject); + } + #endif + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + } +#endif + + ExpectNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, NULL, 0x0c, cn, + (int)sizeof(cn))); + /* Test add entry by text */ + ExpectNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName", + 0x0c, cn, (int)sizeof(cn))); + ExpectPtrEq(X509_NAME_ENTRY_create_by_txt(&entry, "commonName", + 0x0c, cn, (int)sizeof(cn)), entry); + #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \ + || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) + ExpectNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown", + V_ASN1_UTF8STRING, cn, (int)sizeof(cn))); + #endif + ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); + X509_NAME_ENTRY_free(entry); + entry = NULL; + + /* Test add entry by NID */ + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8, + cn, -1, -1, 0), SSL_SUCCESS); + +#ifdef OPENSSL_ALL + /* stack of name entry */ + ExpectIntGT((names_len = sk_X509_NAME_ENTRY_num(nm->entries)), 0); + for (i = 0; i < names_len; i++) { + ExpectNotNull(entry = sk_X509_NAME_ENTRY_value(nm->entries, i)); + } +#endif + + ExpectNotNull(entries = wolfSSL_sk_X509_NAME_ENTRY_new(NULL)); + ExpectIntEQ(sk_X509_NAME_ENTRY_num(NULL), BAD_FUNC_ARG); + ExpectIntEQ(sk_X509_NAME_ENTRY_num(entries), 0); + ExpectNull(sk_X509_NAME_ENTRY_value(NULL, 0)); + ExpectNull(sk_X509_NAME_ENTRY_value(entries, 0)); + wolfSSL_sk_X509_NAME_ENTRY_free(entries); +#ifndef NO_BIO + BIO_free(bio); +#endif + X509_free(x509); /* free's nm */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NAME_ENTRY_get_object(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509 *x509 = NULL; + X509_NAME* name = NULL; + int idx = 0; + X509_NAME_ENTRY *ne = NULL; + ASN1_OBJECT *object = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(X509_NAME_get_index_by_NID(NULL, NID_commonName, -1), + BAD_FUNC_ARG); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -2), 0); + + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNull(X509_NAME_ENTRY_get_object(NULL)); + ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_ossl_x509_name.h b/tests/api/test_ossl_x509_name.h new file mode 100644 index 000000000..130f7fa87 --- /dev/null +++ b/tests/api/test_ossl_x509_name.h @@ -0,0 +1,42 @@ +/* test_ossl_x509_name.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_NAME_H +#define WOLFCRYPT_TEST_OSSL_X509_NAME_H + +#include + +int test_wolfSSL_X509_NAME_get_entry(void); +int test_wolfSSL_X509_NAME(void); +int test_wolfSSL_X509_NAME_hash(void); +int test_wolfSSL_X509_NAME_print_ex(void); +int test_wolfSSL_X509_NAME_ENTRY(void); +int test_wolfSSL_X509_NAME_ENTRY_get_object(void); + +#define TEST_OSSL_X509_NAME_DECLS \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME_get_entry), \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME), \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME_hash), \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME_print_ex), \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME_ENTRY), \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME_ENTRY_get_object) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_NAME_H */ diff --git a/tests/api/test_ossl_x509_pk.c b/tests/api/test_ossl_x509_pk.c new file mode 100644 index 000000000..6e978d3be --- /dev/null +++ b/tests/api/test_ossl_x509_pk.c @@ -0,0 +1,350 @@ +/* test_ossl_x509_pk.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +int test_wolfSSL_X509_get_X509_PUBKEY(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) + X509* x509 = NULL; + X509_PUBKEY* pubKey; + + ExpectNotNull(x509 = X509_new()); + + ExpectNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL)); + ExpectNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_PUBKEY_RSA(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_SHA256) && !defined(NO_RSA) + X509* x509 = NULL; + ASN1_OBJECT* obj = NULL; + const ASN1_OBJECT* pa_oid = NULL; + X509_PUBKEY* pubKey = NULL; + X509_PUBKEY* pubKey2 = NULL; + EVP_PKEY* evpKey = NULL; + byte buf[1024]; + byte* tmp; + + const unsigned char *pk = NULL; + int ppklen; + int pptype; + X509_ALGOR *pa = NULL; + const void *pval; + + ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + + ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509)); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectNotNull(pubKey); + ExpectIntGT(ppklen, 0); + + tmp = buf; + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, NULL), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, &tmp), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, NULL), 294); + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, &tmp), 294); + + ExpectIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption); + + ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey)); + ExpectNotNull(pubKey2 = X509_PUBKEY_new()); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, NULL), 0); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 0); + ExpectIntEQ(X509_PUBKEY_set(NULL, NULL), 0); + ExpectIntEQ(X509_PUBKEY_set(&pubKey2, NULL), 0); + ExpectIntEQ(X509_PUBKEY_set(NULL, evpKey), 0); + ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(NULL, NULL, NULL, NULL, pubKey2), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectIntGT(ppklen, 0); + X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); + ExpectNotNull(pa_oid); + ExpectNull(pval); + ExpectIntEQ(pptype, V_ASN1_NULL); + ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA); + + X509_PUBKEY_free(NULL); + X509_PUBKEY_free(pubKey2); + X509_free(x509); + EVP_PKEY_free(evpKey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_PUBKEY_EC(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC) + X509* x509 = NULL; + ASN1_OBJECT* obj = NULL; + ASN1_OBJECT* poid = NULL; + const ASN1_OBJECT* pa_oid = NULL; + X509_PUBKEY* pubKey = NULL; + X509_PUBKEY* pubKey2 = NULL; + EVP_PKEY* evpKey = NULL; + + const unsigned char *pk = NULL; + int ppklen; + int pptype; + X509_ALGOR *pa = NULL; + const void *pval; + char buf[50]; + + ExpectNotNull(x509 = X509_load_certificate_file(cliEccCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509)); + ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey)); + ExpectNotNull(pubKey2 = X509_PUBKEY_new()); + ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectIntGT(ppklen, 0); + X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); + ExpectNotNull(pa_oid); + ExpectNotNull(pval); + ExpectIntEQ(pptype, V_ASN1_OBJECT); + ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC); + poid = (ASN1_OBJECT *)pval; + ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0); + ExpectIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1); + + X509_PUBKEY_free(pubKey2); + X509_free(x509); + EVP_PKEY_free(evpKey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_PUBKEY_DSA(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA) + word32 bytes; +#ifdef USE_CERT_BUFFERS_1024 + byte tmp[ONEK_BUF]; +#elif defined(USE_CERT_BUFFERS_2048) + byte tmp[TWOK_BUF]; +#else + byte tmp[TWOK_BUF]; +#endif /* END USE_CERT_BUFFERS_1024 */ + const unsigned char* dsaKeyDer = tmp; + + ASN1_OBJECT* obj = NULL; + ASN1_STRING* str; + const ASN1_OBJECT* pa_oid = NULL; + X509_PUBKEY* pubKey = NULL; + EVP_PKEY* evpKey = NULL; + + const unsigned char *pk = NULL; + int ppklen, pptype; + X509_ALGOR *pa = NULL; + const void *pval; + +#ifdef USE_CERT_BUFFERS_1024 + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); + bytes = sizeof_dsa_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); + bytes = sizeof_dsa_key_der_2048; +#else + { + XFILE fp = XBADFILE; + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); + ExpectIntGT(bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); + } +#endif + + /* Initialize pkey with der format dsa key */ + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes)); + + ExpectNotNull(pubKey = X509_PUBKEY_new()); + ExpectIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectIntGT(ppklen, 0); + X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); + ExpectNotNull(pa_oid); + ExpectNotNull(pval); + ExpectIntEQ(pptype, V_ASN1_SEQUENCE); + ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA); + str = (ASN1_STRING *)pval; + DEBUG_WRITE_DER(ASN1_STRING_data(str), ASN1_STRING_length(str), "str.der"); +#ifdef USE_CERT_BUFFERS_1024 + ExpectIntEQ(ASN1_STRING_length(str), 291); +#else + ExpectIntEQ(ASN1_STRING_length(str), 549); +#endif /* END USE_CERT_BUFFERS_1024 */ + + X509_PUBKEY_free(pubKey); + EVP_PKEY_free(evpKey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_PUBKEY_get(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_X509_PUBKEY pubkey; + WOLFSSL_X509_PUBKEY* key; + WOLFSSL_EVP_PKEY evpkey ; + WOLFSSL_EVP_PKEY* evpPkey; + WOLFSSL_EVP_PKEY* retEvpPkey; + + XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY)); + XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY)); + + key = &pubkey; + evpPkey = &evpkey; + + evpPkey->type = WOLFSSL_SUCCESS; + key->pkey = evpPkey; + + ExpectNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); + ExpectIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS); + + ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL)); + + key->pkey = NULL; + ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_pubkey(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_X509* x509 = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + +#if !defined(NO_RSA) + { + WOLFSSL_RSA* rsa = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_RSA; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + ExpectNotNull(rsa = wolfSSL_RSA_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa), + WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_RSA_free(rsa); + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif +#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ + defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA) + { + WOLFSSL_DSA* dsa = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_DSA; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + ExpectNotNull(dsa = wolfSSL_DSA_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_DSA, dsa), + WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_DSA_free(dsa); + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif +#if defined(HAVE_ECC) + { + WOLFSSL_EC_KEY* ec = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_EC; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + ExpectNotNull(ec = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ec), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_EC, ec), + WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_EC_KEY_free(ec); + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif +#if !defined(NO_DH) + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_DH; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_ossl_x509_pk.h b/tests/api/test_ossl_x509_pk.h new file mode 100644 index 000000000..77b37859c --- /dev/null +++ b/tests/api/test_ossl_x509_pk.h @@ -0,0 +1,42 @@ +/* test_ossl_x509_pk.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_PK_H +#define WOLFCRYPT_TEST_OSSL_X509_PK_H + +#include + +int test_wolfSSL_X509_get_X509_PUBKEY(void); +int test_wolfSSL_X509_PUBKEY_RSA(void); +int test_wolfSSL_X509_PUBKEY_EC(void); +int test_wolfSSL_X509_PUBKEY_DSA(void); +int test_wolfSSL_X509_PUBKEY_get(void); +int test_wolfSSL_X509_set_pubkey(void); + +#define TEST_OSSL_X509_PK_DECLS \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_get_X509_PUBKEY), \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_PUBKEY_RSA), \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_PUBKEY_EC), \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_PUBKEY_DSA), \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_PUBKEY_get), \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_set_pubkey) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_PK_H */ diff --git a/tests/api/test_ossl_x509_str.c b/tests/api/test_ossl_x509_str.c new file mode 100644 index 000000000..e0c481b50 --- /dev/null +++ b/tests/api/test_ossl_x509_str.c @@ -0,0 +1,1590 @@ +/* test_ossl_x509_str.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#ifdef OPENSSL_EXTRA + #include + #include +#endif +#include +#include + +int test_wolfSSL_X509_STORE_CTX_set_time(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + WOLFSSL_X509_STORE_CTX* ctx = NULL; + time_t c_time; + + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + c_time = 365*24*60*60; + wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time); + ExpectTrue((ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == + WOLFSSL_USE_CHECK_TIME); + ExpectTrue(ctx->param->check_time == c_time); + wolfSSL_X509_STORE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_CTX_get0_store(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE_CTX* ctx_no_init = NULL; + + ExpectNotNull((store = X509_STORE_new())); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(ctx_no_init = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS); + + ExpectNull(X509_STORE_CTX_get0_store(NULL)); + /* should return NULL if ctx has not bee initialized */ + ExpectNull(X509_STORE_CTX_get0_store(ctx_no_init)); + ExpectNotNull(X509_STORE_CTX_get0_store(ctx)); + + wolfSSL_X509_STORE_CTX_free(ctx); + wolfSSL_X509_STORE_CTX_free(ctx_no_init); + X509_STORE_free(store); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) +static int verify_cb(int ok, X509_STORE_CTX *ctx) +{ + (void) ok; + (void) ctx; + fprintf(stderr, "ENTER verify_cb\n"); + return SSL_SUCCESS; +} +#endif + +int test_wolfSSL_X509_STORE_CTX(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + X509* x509 = NULL; +#ifdef OPENSSL_ALL + X509* x5092 = NULL; + STACK_OF(X509) *sk = NULL; + STACK_OF(X509) *sk2 = NULL; + STACK_OF(X509) *sk3 = NULL; +#endif + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull((x509 = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS); +#ifdef OPENSSL_ALL + /* sk_X509_new only in OPENSSL_ALL */ + sk = sk_X509_new_null(); + ExpectNotNull(sk); + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS); +#else + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS); +#endif + ExpectIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0); + X509_STORE_CTX_set_error(ctx, -5); + X509_STORE_CTX_set_error(NULL, -5); + + X509_STORE_CTX_free(ctx); + ctx = NULL; +#ifdef OPENSSL_ALL + sk_X509_pop_free(sk, NULL); + sk = NULL; +#endif + X509_STORE_free(str); + str = NULL; + X509_free(x509); + x509 = NULL; + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + X509_STORE_CTX_set_verify_cb(ctx, verify_cb); + X509_STORE_CTX_free(ctx); + ctx = NULL; + +#ifdef OPENSSL_ALL + /* test X509_STORE_CTX_get(1)_chain */ + ExpectNotNull((x509 = X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM))); + ExpectNotNull((x5092 = X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM))); + ExpectNotNull((sk = sk_X509_new_null())); + ExpectIntEQ(sk_X509_push(sk, x509), 1); + if (EXPECT_FAIL()) { + X509_free(x509); + x509 = NULL; + } + ExpectNotNull((str = X509_STORE_new())); + ExpectNotNull((ctx = X509_STORE_CTX_new())); + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1); + ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL))); + ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx))); + ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL))); + ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); + X509_STORE_CTX_free(ctx); + ctx = NULL; + X509_STORE_free(str); + str = NULL; + /* CTX certs not freed yet */ + X509_free(x5092); + x5092 = NULL; + sk_X509_pop_free(sk, NULL); + sk = NULL; + /* sk3 is dup so free here */ + sk_X509_pop_free(sk3, NULL); + sk3 = NULL; +#endif + + /* test X509_STORE_CTX_get/set_ex_data */ + { + int i = 0, tmpData = 5; + void* tmpDataRet; + ExpectNotNull(ctx = X509_STORE_CTX_new()); + #ifdef HAVE_EX_DATA + for (i = 0; i < MAX_EX_DATA; i++) { + ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), + WOLFSSL_SUCCESS); + tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); + ExpectNotNull(tmpDataRet); + ExpectIntEQ(tmpData, *(int*)tmpDataRet); + } + #else + ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); + ExpectNull(tmpDataRet); + #endif + X509_STORE_CTX_free(ctx); + ctx = NULL; + } + + /* test X509_STORE_get/set_ex_data */ + { + int i = 0, tmpData = 99; + void* tmpDataRet; + ExpectNotNull(str = X509_STORE_new()); + #ifdef HAVE_EX_DATA + for (i = 0; i < MAX_EX_DATA; i++) { + ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), + WOLFSSL_SUCCESS); + tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); + ExpectNotNull(tmpDataRet); + ExpectIntEQ(tmpData, *(int*)tmpDataRet); + } + #else + ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); + ExpectNull(tmpDataRet); + #endif + X509_STORE_free(str); + str = NULL; + } + +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + +typedef struct { + const char *caFile; + const char *caIntFile; + const char *caInt2File; + const char *leafFile; + X509 *x509Ca; + X509 *x509CaInt; + X509 *x509CaInt2; + X509 *x509Leaf; + STACK_OF(X509)* expectedChain; +} X509_STORE_test_data; + +static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file) +{ + XFILE fp = XBADFILE; + X509 *x = NULL; + + fp = XFOPEN(file, "rb"); + if (fp == NULL) { + return NULL; + } + x = PEM_read_X509(fp, 0, 0, 0); + XFCLOSE(fp); + + return x; +} + +static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 1, add X509 certs to store and verify */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 2, add certs by filename to store and verify */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caIntFile, NULL), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caInt2File, NULL), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 3, mix and match X509 with files */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* inter = NULL; + int i = 0; + + /* Test case 4, CA loaded by file, intermediates passed on init */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectNotNull(inter = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(inter); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* trusted = NULL; + int i = 0; + + /* Test case 5, manually set trusted stack */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(trusted); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* trusted = NULL; + STACK_OF(X509)* inter = NULL; + int i = 0; + + /* Test case 6, manually set trusted stack will be unified with + * any intermediates provided on init */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectNotNull(inter = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(trusted); + sk_X509_free(inter); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 7, certs added to store after ctx init are still used */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 8, Only full chain verifies */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE_CTX* ctx2 = NULL; + STACK_OF(X509)* trusted = NULL; + + /* Test case 9, certs added to store should not be reflected in ctx that + * has been manually set with a trusted stack, but are reflected in ctx + * that has not set trusted stack */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(ctx2 = X509_STORE_CTX_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntNE(X509_verify_cert(ctx2), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + /* CTX1 should now verify */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectIntNE(X509_verify_cert(ctx2), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + /* CTX2 should now verify */ + ExpectIntEQ(X509_verify_cert(ctx2), 1); + X509_STORE_CTX_free(ctx); + X509_STORE_CTX_free(ctx2); + X509_STORE_free(store); + sk_X509_free(trusted); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + + /* Test case 10, ensure partial chain flag works */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + /* Fails because chain is incomplete */ + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1); + /* Partial chain now OK */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + + /* Test case 11, test partial chain flag on ctx itself */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + /* Fails because chain is incomplete */ + ExpectIntNE(X509_verify_cert(ctx), 1); + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN); + /* Partial chain now OK */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +#ifdef HAVE_ECC +static int test_wolfSSL_X509_STORE_CTX_ex12(void) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + X509* rootEccX509 = NULL; + X509* badAkiX509 = NULL; + X509* ca1X509 = NULL; + + const char* intCARootECCFile = "./certs/ca-ecc-cert.pem"; + const char* intCA1ECCFile = "./certs/intermediate/ca-int-ecc-cert.pem"; + const char* intCABadAKIECCFile = "./certs/intermediate/ca-ecc-bad-aki.pem"; + + /* Test case 12, multiple CAs with the same SKI including 1 with + intentionally bad/unregistered AKI. x509_verify_cert should still form a + valid chain using the valid CA, ignoring the bad CA. Developed from + customer provided reproducer. */ + + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(rootEccX509 = test_wolfSSL_X509_STORE_CTX_ex_helper( + intCARootECCFile)); + ExpectIntEQ(X509_STORE_add_cert(store, rootEccX509), 1); + ExpectNotNull(badAkiX509 = test_wolfSSL_X509_STORE_CTX_ex_helper( + intCABadAKIECCFile)); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, badAkiX509, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 0); + X509_STORE_CTX_cleanup(ctx); + + ExpectIntEQ(X509_STORE_add_cert(store, badAkiX509), 1); + ExpectNotNull(ca1X509 = test_wolfSSL_X509_STORE_CTX_ex_helper( + intCA1ECCFile)); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, ca1X509, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + X509_free(rootEccX509); + X509_free(badAkiX509); + X509_free(ca1X509); + return EXPECT_RESULT(); +} +#endif +#endif + +int test_wolfSSL_X509_STORE_CTX_ex(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_test_data testData; + XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data)); + testData.caFile = "./certs/ca-cert.pem"; + testData.caIntFile = "./certs/intermediate/ca-int-cert.pem"; + testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem"; + testData.leafFile = "./certs/intermediate/server-chain.pem"; + + ExpectNotNull(testData.x509Ca = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile)); + ExpectNotNull(testData.x509CaInt = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile)); + ExpectNotNull(testData.x509CaInt2 = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File)); + ExpectNotNull(testData.x509Leaf = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile)); + ExpectNotNull(testData.expectedChain = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1); + + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1); +#ifdef HAVE_ECC + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex12(), 1); +#endif + + if(testData.x509Ca) { + X509_free(testData.x509Ca); + } + if(testData.x509CaInt) { + X509_free(testData.x509CaInt); + } + if(testData.x509CaInt2) { + X509_free(testData.x509CaInt2); + } + if(testData.x509Leaf) { + X509_free(testData.x509Leaf); + } + if (testData.expectedChain) { + sk_X509_free(testData.expectedChain); + } + +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) +static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename, + STACK_OF(X509)* chain) +{ + EXPECT_DECLS; + XFILE fp = XBADFILE; + X509* cert = NULL; + + ExpectTrue((fp = XFOPEN(filename, "rb")) + != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(sk_X509_push(chain, cert), 0); + if (EXPECT_FAIL()) + X509_free(cert); + + return EXPECT_RESULT(); +} + +static int test_X509_STORE_untrusted_certs(const char** filenames, int ret, + int err, int loadCA) +{ + EXPECT_DECLS; + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + XFILE fp = XBADFILE; + X509* cert = NULL; + STACK_OF(X509)* untrusted = NULL; + + ExpectTrue((fp = XFOPEN("./certs/intermediate/server-int-cert.pem", "rb")) + != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(str = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(untrusted = sk_X509_new_null()); + + ExpectIntEQ(X509_STORE_set_flags(str, 0), 1); + if (loadCA) { + ExpectIntEQ(X509_STORE_load_locations(str, "./certs/ca-cert.pem", NULL), + 1); + } + for (; *filenames; filenames++) { + ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(*filenames, + untrusted), TEST_SUCCESS); + } + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); + ExpectIntEQ(X509_verify_cert(ctx), ret); + ExpectIntEQ(X509_STORE_CTX_get_error(ctx), err); + + X509_free(cert); + X509_STORE_free(str); + X509_STORE_CTX_free(ctx); + sk_X509_pop_free(untrusted, NULL); + + return EXPECT_RESULT(); +} +#endif + +int test_X509_STORE_untrusted(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + const char* untrusted1[] = { + "./certs/intermediate/ca-int2-cert.pem", + NULL + }; + const char* untrusted2[] = { + "./certs/intermediate/ca-int-cert.pem", + "./certs/intermediate/ca-int2-cert.pem", + NULL + }; + const char* untrusted3[] = { + "./certs/intermediate/ca-int-cert.pem", + "./certs/intermediate/ca-int2-cert.pem", + "./certs/ca-cert.pem", + NULL + }; + /* Adding unrelated certs that should be ignored */ + const char* untrusted4[] = { + "./certs/client-ca.pem", + "./certs/intermediate/ca-int-cert.pem", + "./certs/server-cert.pem", + "./certs/intermediate/ca-int2-cert.pem", + NULL + }; + + /* Only immediate issuer in untrusted chain. Fails since can't build chain + * to loaded CA. */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted1, 0, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 1), TEST_SUCCESS); + /* Succeeds because path to loaded CA is available. */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1), + TEST_SUCCESS); + /* Root CA in untrusted chain is OK so long as CA has been loaded + * properly */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1), + TEST_SUCCESS); + /* Still needs properly loaded CA, while including it in untrusted + * list is not an error, it also doesn't count for verify */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), + TEST_SUCCESS); + /* Succeeds because path to loaded CA is available. */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1), + TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + +static int last_errcode; +static int last_errdepth; + +static int X509Callback(int ok, X509_STORE_CTX *ctx) +{ + + if (!ok) { + last_errcode = X509_STORE_CTX_get_error(ctx); + last_errdepth = X509_STORE_CTX_get_error_depth(ctx); + } + /* Always return OK to allow verification to continue.*/ + return 1; +} + +#endif + +int test_X509_STORE_InvalidCa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + const char* filename = "./certs/intermediate/ca_false_intermediate/" + "test_int_not_cacert.pem"; + const char* srvfile = "./certs/intermediate/ca_false_intermediate/" + "test_sign_bynoca_srv.pem"; + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + XFILE fp = XBADFILE; + X509* cert = NULL; + STACK_OF(X509)* untrusted = NULL; + + last_errcode = 0; + last_errdepth = 0; + + ExpectTrue((fp = XFOPEN(srvfile, "rb")) + != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(str = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(untrusted = sk_X509_new_null()); + + /* create cert chain stack */ + ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(filename, + untrusted), TEST_SUCCESS); + + X509_STORE_set_verify_cb(str, X509Callback); + + ExpectIntEQ(X509_STORE_load_locations(str, + "./certs/intermediate/ca_false_intermediate/test_ca.pem", + NULL), 1); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectIntEQ(last_errcode, X509_V_ERR_INVALID_CA); + + X509_free(cert); + X509_STORE_free(str); + X509_STORE_CTX_free(ctx); + sk_X509_pop_free(untrusted, NULL); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) + X509_STORE_CTX_cleanup(NULL); + X509_STORE_CTX_trusted_stack(NULL, NULL); + + res = TEST_SUCCESS; +#endif + return res; +} + +int test_wolfSSL_X509_STORE_CTX_get_issuer(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + X509* x509Ca = NULL; + X509* x509Svr = NULL; + X509* issuer = NULL; + X509_NAME* caName = NULL; + X509_NAME* issuerName = NULL; + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull((x509Ca = + wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS); + ExpectNotNull((x509Svr = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); + + /* Issuer0 is not set until chain is built for verification */ + ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); + ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); + + /* Issuer1 will use the store to make a new issuer */ + ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1); + ExpectNotNull(issuer); + X509_free(issuer); + + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); + ExpectNotNull(caName = X509_get_subject_name(x509Ca)); + ExpectNotNull(issuerName = X509_get_subject_name(issuer)); +#ifdef WOLFSSL_SIGNER_DER_CERT + ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0); +#endif + + X509_STORE_CTX_free(ctx); + X509_free(x509Svr); + X509_STORE_free(str); + X509_free(x509Ca); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_set_flags(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE* store = NULL; + X509* x509 = NULL; + + ExpectNotNull((store = wolfSSL_X509_STORE_new())); + ExpectNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS); + +#ifdef HAVE_CRL + ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); +#else + ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + + wolfSSL_X509_free(x509); + wolfSSL_X509_STORE_free(store); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) + X509_STORE *store = NULL; + +#ifdef HAVE_CRL + X509_STORE_CTX *storeCtx = NULL; + X509 *ca = NULL; + X509 *cert = NULL; + const char srvCert[] = "./certs/server-revoked-cert.pem"; + const char caCert[] = "./certs/ca-cert.pem"; +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP + X509_CRL *crl = NULL; + const char crlPem[] = "./certs/crl/crl.revoked"; + XFILE fp = XBADFILE; +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + ExpectIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS); + X509_STORE_free(store); + store = NULL; + X509_STORE_CTX_free(storeCtx); + storeCtx = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; + +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP + /* should fail to verify now after adding in CRL */ + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + ExpectTrue((fp = XFOPEN(crlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) + XFCLOSE(fp); + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS); + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + ExpectIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), + WOLFSSL_X509_V_ERR_CERT_REVOKED); + X509_CRL_free(crl); + crl = NULL; + X509_STORE_free(store); + store = NULL; + X509_STORE_CTX_free(storeCtx); + storeCtx = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ +#endif /* HAVE_CRL */ + +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM) + { + #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + int i; + for (i = 0; i < 2; i++) { + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); + #endif + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + SSL_CTX_set_cert_store(ctx, store); + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + SSL_CTX_set_cert_store(ctx, store); + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + ExpectIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile, + SSL_FILETYPE_PEM), SSL_SUCCESS); + ExpectIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + SSL_FILETYPE_PEM), SSL_SUCCESS); + ExpectNotNull(ssl = SSL_new(ctx)); + if (i == 0) { + ExpectIntEQ(SSL_set0_verify_cert_store(ssl, store), + SSL_SUCCESS); + } + else { + ExpectIntEQ(SSL_set1_verify_cert_store(ssl, store), + SSL_SUCCESS); + #ifdef OPENSSL_ALL + ExpectIntEQ(SSL_CTX_set1_verify_cert_store(ctx, store), + SSL_SUCCESS); + #endif + } + if (EXPECT_FAIL() || (i == 1)) { + X509_STORE_free(store); + store = NULL; + } + SSL_free(ssl); + ssl = NULL; + SSL_CTX_free(ctx); + ctx = NULL; + } + #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ + } +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_load_locations(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) && \ + !defined(NO_TLS) + SSL_CTX *ctx = NULL; + X509_STORE *store = NULL; + + const char ca_file[] = "./certs/ca-cert.pem"; + const char client_pem_file[] = "./certs/client-cert.pem"; + const char client_der_file[] = "./certs/client-cert.der"; + const char ecc_file[] = "./certs/ecc-key.pem"; + const char certs_path[] = "./certs/"; + const char bad_path[] = "./bad-path/"; +#ifdef HAVE_CRL + const char crl_path[] = "./certs/crl/"; + const char crl_file[] = "./certs/crl/crl.pem"; +#endif + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); +#endif + ExpectNotNull(store = SSL_CTX_get_cert_store(ctx)); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), + WOLFSSL_SUCCESS); + + /* Test bad arguments */ + ExpectIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, bad_path), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + +#ifdef HAVE_CRL + /* Test with CRL */ + ExpectIntEQ(X509_STORE_load_locations(store, crl_file, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, crl_path), + WOLFSSL_SUCCESS); +#endif + + /* Test with CA */ + ExpectIntEQ(X509_STORE_load_locations(store, ca_file, NULL), + WOLFSSL_SUCCESS); + + /* Test with client_cert and certs path */ + ExpectIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, certs_path), + WOLFSSL_SUCCESS); + +#if defined(XGETENV) && !defined(NO_GETENV) && defined(_POSIX_C_SOURCE) && \ + _POSIX_C_SOURCE >= 200112L + ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS); + /* Test with env vars */ + ExpectIntEQ(setenv("SSL_CERT_FILE", client_pem_file, 1), 0); + ExpectIntEQ(setenv("SSL_CERT_DIR", certs_path, 1), 0); + ExpectIntEQ(X509_STORE_set_default_paths(store), WOLFSSL_SUCCESS); +#endif + +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + /* Clear nodes */ + ERR_clear_error(); +#endif + + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +int test_X509_STORE_get0_objects(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) + X509_STORE *store = NULL; + X509_STORE *store_cpy = NULL; + SSL_CTX *ctx = NULL; + X509_OBJECT *obj = NULL; +#ifdef HAVE_CRL + X509_OBJECT *objCopy = NULL; +#endif + STACK_OF(X509_OBJECT) *objs = NULL; + STACK_OF(X509_OBJECT) *objsCopy = NULL; + int i; + + /* Setup store */ +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); +#endif + ExpectNotNull(store_cpy = X509_STORE_new()); + ExpectNotNull(store = SSL_CTX_get_cert_store(ctx)); + ExpectIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), + WOLFSSL_SUCCESS); +#ifdef HAVE_CRL + ExpectIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), + WOLFSSL_SUCCESS); +#endif + /* Store ready */ + + /* Similar to HaProxy ssl_set_cert_crl_file use case */ + ExpectNotNull(objs = X509_STORE_get0_objects(store)); +#ifdef HAVE_CRL +#ifdef WOLFSSL_SIGNER_DER_CERT + ExpectIntEQ(sk_X509_OBJECT_num(objs), 4); +#else + ExpectIntEQ(sk_X509_OBJECT_num(objs), 1); +#endif +#else +#ifdef WOLFSSL_SIGNER_DER_CERT + ExpectIntEQ(sk_X509_OBJECT_num(objs), 3); +#else + ExpectIntEQ(sk_X509_OBJECT_num(objs), 0); +#endif +#endif + ExpectIntEQ(sk_X509_OBJECT_num(NULL), 0); + ExpectNull(sk_X509_OBJECT_value(NULL, 0)); + ExpectNull(sk_X509_OBJECT_value(NULL, 1)); + ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs))); + ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs) + 1)); +#ifndef NO_WOLFSSL_STUB + ExpectNull(sk_X509_OBJECT_delete(objs, 0)); +#endif + ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL)); + ExpectIntEQ(sk_X509_OBJECT_num(objs), sk_X509_OBJECT_num(objsCopy)); + for (i = 0; i < sk_X509_OBJECT_num(objs) && EXPECT_SUCCESS(); i++) { + obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i); + #ifdef HAVE_CRL + objCopy = (X509_OBJECT*)sk_X509_OBJECT_value(objsCopy, i); + #endif + switch (X509_OBJECT_get_type(obj)) { + case X509_LU_X509: + { + X509* x509 = NULL; + X509_NAME *subj_name = NULL; + ExpectNull(X509_OBJECT_get0_X509_CRL(NULL)); + ExpectNull(X509_OBJECT_get0_X509_CRL(obj)); + ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj)); + ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS); + ExpectNotNull(subj_name = X509_get_subject_name(x509)); + ExpectPtrEq(obj, X509_OBJECT_retrieve_by_subject(objs, X509_LU_X509, + subj_name)); + + break; + } + case X509_LU_CRL: +#ifdef HAVE_CRL + { + X509_CRL* crl = NULL; + ExpectNull(X509_OBJECT_get0_X509(NULL)); + ExpectNull(X509_OBJECT_get0_X509(obj)); + ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj)); + ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS); + ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy)); + break; + } +#endif + case X509_LU_NONE: + default: + Fail(("X509_OBJECT_get_type should return x509 or crl " + "(when built with crl support)"), + ("Unrecognized X509_OBJECT type or none")); + } + } + + X509_STORE_free(store_cpy); + SSL_CTX_free(ctx); + + wolfSSL_sk_X509_OBJECT_free(NULL); + objs = NULL; + wolfSSL_sk_pop_free(objsCopy, NULL); + objsCopy = NULL; + ExpectNotNull(objs = wolfSSL_sk_X509_OBJECT_new()); + ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(objs, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, obj), WOLFSSL_FAILURE); + ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL)); + wolfSSL_sk_X509_OBJECT_free(objsCopy); + wolfSSL_sk_X509_OBJECT_free(objs); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_get1_certs(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_CTX *storeCtx = NULL; + X509_STORE *store = NULL; + X509 *caX509 = NULL; + X509 *svrX509 = NULL; + X509_NAME *subject = NULL; + WOLF_STACK_OF(WOLFSSL_X509) *certs = NULL; + + ExpectNotNull(caX509 = X509_load_certificate_file(caCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull((svrX509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM))); + ExpectNotNull(storeCtx = X509_STORE_CTX_new()); + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(subject = X509_get_subject_name(caX509)); + + /* Errors */ + ExpectNull(X509_STORE_get1_certs(storeCtx, subject)); + ExpectNull(X509_STORE_get1_certs(NULL, subject)); + ExpectNull(X509_STORE_get1_certs(storeCtx, NULL)); + + ExpectIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), + SSL_SUCCESS); + + /* Should find the cert */ + ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); + ExpectIntEQ(1, wolfSSL_sk_X509_num(certs)); + + sk_X509_pop_free(certs, NULL); + certs = NULL; + + /* Should not find the cert */ + ExpectNotNull(subject = X509_get_subject_name(svrX509)); + ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); + ExpectIntEQ(0, wolfSSL_sk_X509_num(certs)); + + sk_X509_pop_free(certs, NULL); + certs = NULL; + + X509_STORE_free(store); + X509_STORE_CTX_free(storeCtx); + X509_free(svrX509); + X509_free(caX509); +#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ + return EXPECT_RESULT(); +} + +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) +static int test_wolfSSL_X509_STORE_set_get_crl_provider(X509_STORE_CTX* ctx, + X509_CRL** crl_out, X509* cert) { + X509_CRL *crl = NULL; + XFILE fp = XBADFILE; + char* cert_issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); + int ret = 0; + + (void)ctx; + + if (cert_issuer == NULL) + return 0; + + if ((fp = XFOPEN("certs/crl/crl.pem", "rb")) != XBADFILE) { + PEM_read_X509_CRL(fp, &crl, NULL, NULL); + XFCLOSE(fp); + if (crl != NULL) { + char* crl_issuer = X509_NAME_oneline( + X509_CRL_get_issuer(crl), NULL, 0); + if ((crl_issuer != NULL) && + (XSTRCMP(cert_issuer, crl_issuer) == 0)) { + *crl_out = X509_CRL_dup(crl); + if (*crl_out != NULL) + ret = 1; + } + OPENSSL_free(crl_issuer); + } + } + + X509_CRL_free(crl); + OPENSSL_free(cert_issuer); + return ret; +} + +static int test_wolfSSL_X509_STORE_set_get_crl_provider2(X509_STORE_CTX* ctx, + X509_CRL** crl_out, X509* cert) { + (void)ctx; + (void)cert; + *crl_out = NULL; + return 1; +} + +#ifndef NO_WOLFSSL_STUB +static int test_wolfSSL_X509_STORE_set_get_crl_check(X509_STORE_CTX* ctx, + X509_CRL* crl) { + (void)ctx; + (void)crl; + return 1; +} +#endif + +static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok, + X509_STORE_CTX* ctx) { + int cert_error = X509_STORE_CTX_get_error(ctx); + X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx); + int flags = X509_VERIFY_PARAM_get_flags(param); + if ((flags & (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) != + (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) { + /* Make sure the flags are set */ + return 0; + } + /* Ignore CRL missing error */ +#ifndef OPENSSL_COMPATIBLE_DEFAULTS + if (cert_error == WC_NO_ERR_TRACE(CRL_MISSING)) +#else + if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL) +#endif + return 1; + return ok; +} + +static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + X509_STORE* cert_store = NULL; + + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); + X509_STORE_set_get_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_provider); +#ifndef NO_WOLFSSL_STUB + X509_STORE_set_check_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_check); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + X509_STORE* cert_store = NULL; + X509_VERIFY_PARAM* param = NULL; + + SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); + X509_STORE_set_get_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_provider2); +#ifndef NO_WOLFSSL_STUB + X509_STORE_set_check_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_check); +#endif + X509_STORE_set_verify_cb(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_verify); + ExpectNotNull(X509_STORE_get0_param(cert_store)); + ExpectNotNull(param = X509_VERIFY_PARAM_new()); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(NULL, NULL) , WOLFSSL_SUCCESS); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, NULL) , WOLFSSL_SUCCESS); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, + X509_STORE_get0_param(cert_store)), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, + X509_STORE_get0_param(cert_store)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set_flags( + param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); + ExpectIntEQ(X509_STORE_set1_param(cert_store, param), 1); + ExpectIntEQ(X509_STORE_set_flags(cert_store, + X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); + + + X509_VERIFY_PARAM_free(param); + return EXPECT_RESULT(); +} +#endif + +/* This test mimics the usage of the CRL provider in gRPC */ +int test_wolfSSL_X509_STORE_set_get_crl(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_CA_num(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + defined(HAVE_ECC) && !defined(NO_RSA) + WOLFSSL_X509_STORE *store = NULL; + WOLFSSL_X509 *x509_1 = NULL; + WOLFSSL_X509 *x509_2 = NULL; + int ca_num = 0; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_1), 1); + ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 1); + + ExpectNotNull(x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_2), 1); + ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 2); + + wolfSSL_X509_free(x509_1); + wolfSSL_X509_free(x509_2); + wolfSSL_X509_STORE_free(store); +#endif + return EXPECT_RESULT(); +} + +/* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS + * returns 0) */ +int test_X509_STORE_No_SSL_CTX(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ + (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ + defined(HAVE_CRL) && !defined(NO_RSA) + + X509_STORE * store = NULL; + X509_STORE_CTX * storeCtx = NULL; + X509_CRL * crl = NULL; + X509 * ca = NULL; + X509 * cert = NULL; + const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; + const char srvCert[] = "./certs/server-cert.pem"; + const char caCert[] = "./certs/ca-cert.pem"; + const char caDir[] = "./certs/crl/hash_pem"; + XFILE fp = XBADFILE; + X509_LOOKUP * lookup = NULL; + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + + /* Set up store with CA */ + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + + /* Add CRL lookup directory to store + * NOTE: test uses ./certs/crl/hash_pem/0fdb2da4.r0, which is a copy + * of crl.pem */ + ExpectNotNull((lookup = X509_STORE_add_lookup(store, + X509_LOOKUP_hash_dir()))); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir, + X509_FILETYPE_PEM, NULL), SSL_SUCCESS); + + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), + SSL_SUCCESS); + + /* Add CRL to store NOT containing the verified certificate, which + * forces use of the CRL lookup directory */ + ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) + XFCLOSE(fp); + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + + /* Create verification context outside of an SSL session */ + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + + /* Perform verification, which should NOT indicate CRL missing due to the + * store CM's X509 store pointer being NULL */ + ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING)); + + X509_CRL_free(crl); + X509_STORE_free(store); + X509_STORE_CTX_free(storeCtx); + X509_free(cert); + X509_free(ca); +#endif + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_ossl_x509_str.h b/tests/api/test_ossl_x509_str.h new file mode 100644 index 000000000..3337141a6 --- /dev/null +++ b/tests/api/test_ossl_x509_str.h @@ -0,0 +1,66 @@ +/* test_ossl_x509_str.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_STR_H +#define WOLFCRYPT_TEST_OSSL_X509_STR_H + +#include + +int test_wolfSSL_X509_STORE_CTX_set_time(void); +int test_wolfSSL_X509_STORE_CTX_get0_store(void); +int test_wolfSSL_X509_STORE_CTX(void); +int test_wolfSSL_X509_STORE_CTX_ex(void); +int test_X509_STORE_untrusted(void); +int test_X509_STORE_InvalidCa(void); +int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void); +int test_wolfSSL_X509_STORE_CTX_get_issuer(void); +int test_wolfSSL_X509_STORE_set_flags(void); +int test_wolfSSL_X509_STORE(void); +int test_wolfSSL_X509_STORE_load_locations(void); +int test_X509_STORE_get0_objects(void); +int test_wolfSSL_X509_STORE_get1_certs(void); +int test_wolfSSL_X509_STORE_set_get_crl(void); +int test_wolfSSL_X509_CA_num(void); +int test_X509_STORE_No_SSL_CTX(void); + +#define TEST_OSSL_X509_STORE_DECLS \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_CTX_set_time), \ + TEST_DECL_GROUP("ossl_x509_store", \ + test_wolfSSL_X509_STORE_CTX_get0_store), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_CTX), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_CTX_ex), \ + TEST_DECL_GROUP("ossl_x509_store", test_X509_STORE_untrusted), \ + TEST_DECL_GROUP("ossl_x509_store", test_X509_STORE_InvalidCa), \ + TEST_DECL_GROUP("ossl_x509_store", \ + test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup), \ + TEST_DECL_GROUP("ossl_x509_store", \ + test_wolfSSL_X509_STORE_CTX_get_issuer), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_set_flags), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE), \ + TEST_DECL_GROUP("ossl_x509_store", \ + test_wolfSSL_X509_STORE_load_locations), \ + TEST_DECL_GROUP("ossl_x509_store", test_X509_STORE_get0_objects), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_get1_certs), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_set_get_crl), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_CA_num), \ + TEST_DECL_GROUP("ossl_x509_store", test_X509_STORE_No_SSL_CTX) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_STR_H */ diff --git a/tests/api/test_ossl_x509_vp.c b/tests/api/test_ossl_x509_vp.c new file mode 100644 index 000000000..1ed80fee6 --- /dev/null +++ b/tests/api/test_ossl_x509_vp.c @@ -0,0 +1,276 @@ +/* test_ossl_x509_vp.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include + +int test_wolfSSL_X509_VERIFY_PARAM(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + X509_VERIFY_PARAM *paramTo = NULL; + X509_VERIFY_PARAM *paramFrom = NULL; + char testIPv4[] = "127.0.0.1"; + char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32"; + char testhostName1[] = "foo.hoge.com"; + char testhostName2[] = "foobar.hoge.com"; + + ExpectNotNull(paramTo = X509_VERIFY_PARAM_new()); + ExpectNotNull(XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM))); + + ExpectNotNull(paramFrom = X509_VERIFY_PARAM_new()); + ExpectNotNull(XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM))); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1, + (int)XSTRLEN(testhostName1)), 1); + ExpectIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + + X509_VERIFY_PARAM_set_hostflags(NULL, 0x00); + + X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01); + ExpectIntEQ(0x01, paramFrom->hostFlags); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4), 0); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4), 1); + ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL), 1); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6), 1); + ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* null pointer */ + ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, paramFrom), 0); + /* in the case of "from" null, returns success */ + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, NULL), 1); + + ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, NULL), 0); + + /* inherit flags test : VPARAM_DEFAULT */ + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + ExpectIntEQ(0x01, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* inherit flags test : VPARAM OVERWRITE */ + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, + (int)XSTRLEN(testhostName2)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); + X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); + + if (paramTo != NULL) { + paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE; + } + + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + ExpectIntEQ(0x01, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* inherit flags test : VPARAM_RESET_FLAGS */ + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, + (int)XSTRLEN(testhostName2)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); + X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10); + + if (paramTo != NULL) { + paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS; + } + + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + ExpectIntEQ(0x01, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* inherit flags test : VPARAM_LOCKED */ + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, + (int)XSTRLEN(testhostName2)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); + X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); + + if (paramTo != NULL) { + paramTo->inherit_flags = X509_VP_FLAG_LOCKED; + } + + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2, + (int)XSTRLEN(testhostName2))); + ExpectIntEQ(0x00, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); + + /* test for incorrect parameters */ + ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL), + 0); + + ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, 0), 0); + + /* inherit flags test : VPARAM_ONCE, not testable yet */ + + ExpectIntEQ(X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL), + 1); + + ExpectIntEQ(X509_VERIFY_PARAM_get_flags(NULL), 0); + ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), + X509_V_FLAG_CRL_CHECK_ALL); + + ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL), + WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(paramTo, + X509_V_FLAG_CRL_CHECK_ALL), 1); + + ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), 0); + + ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(NULL)); + ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup("")); + ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_client")); + ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_server")); + + X509_VERIFY_PARAM_free(paramTo); + X509_VERIFY_PARAM_free(paramFrom); + X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) + unsigned char buf[16] = {0}; + WOLFSSL_X509_VERIFY_PARAM* param = NULL; + + ExpectNotNull(param = X509_VERIFY_PARAM_new()); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 16), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 4), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, buf, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 16), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 4), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 16), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 4), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 0), WOLFSSL_FAILURE); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 0), WOLFSSL_SUCCESS); + + /* test 127.0.0.1 */ + buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0); + + /* test 2001:db8:3333:4444:5555:6666:7777:8888 */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68; + buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102; + buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, + "2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0); + + /* test 2001:db8:: */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; + buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0); + + /* test ::1234:5678 */ + buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0; + buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; + buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0); + + + /* test 2001:db8::1234:5678 */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; + buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678", + sizeof(param->ipasc)), 0); + + /* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/ + /* 2001:db8:1::ab9:c0a8:102 */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185; + buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102", + sizeof(param->ipasc)), 0); + + XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + const char host[] = "www.example.com"; + WOLFSSL_X509_VERIFY_PARAM* pParam = NULL; + + ExpectNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( + sizeof(WOLFSSL_X509_VERIFY_PARAM), HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); + if (pParam != NULL) { + XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(NULL, host, sizeof(host)), + WOLFSSL_FAILURE); + + X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host)); + + ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); + + XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + + ExpectIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); + + XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + } +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + diff --git a/tests/api/test_ossl_x509_vp.h b/tests/api/test_ossl_x509_vp.h new file mode 100644 index 000000000..dc3737955 --- /dev/null +++ b/tests/api/test_ossl_x509_vp.h @@ -0,0 +1,36 @@ +/* test_ossl_x509_vp.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_VP_H +#define WOLFCRYPT_TEST_OSSL_X509_VP_H + +#include + +int test_wolfSSL_X509_VERIFY_PARAM(void); +int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void); +int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void); + +#define TEST_OSSL_X509_VFY_PARAMS_DECLS \ + TEST_DECL_GROUP("ossl_x509_vp", test_wolfSSL_X509_VERIFY_PARAM), \ + TEST_DECL_GROUP("ossl_x509_vp", test_wolfSSL_X509_VERIFY_PARAM_set1_ip), \ + TEST_DECL_GROUP("ossl_x509_vp", test_wolfSSL_X509_VERIFY_PARAM_set1_host) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_VP_H */ diff --git a/tests/utils.c b/tests/utils.c index 08150c3e3..3ad6e6735 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -770,3 +770,26 @@ int test_memio_setup(struct test_memio_ctx *ctx, } #endif /* HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES */ + +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_UNIT_TEST_CERTS) +/* Used when debugging name constraint tests. Not static to allow use in + * multiple locations with complex define guards. */ +void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName) +{ + BIO* out = BIO_new_file(fileName, "wb"); + if (out != NULL) { + PEM_write_bio_X509(out, x509); + BIO_free(out); + } +} +void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName) +{ + BIO* out = BIO_new_file(fileName, "wb"); + if (out != NULL) { + BIO_write(out, der, derSz); + BIO_free(out); + } +} +#endif + diff --git a/tests/utils.h b/tests/utils.h index aa5c2d436..34ba47d34 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -82,4 +82,13 @@ int test_memio_modify_message_len(struct test_memio_ctx *ctx, int client, int ms int test_memio_remove_from_buffer(struct test_memio_ctx *ctx, int client, int off, int sz); #endif +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_UNIT_TEST_CERTS) +void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName); +void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName); +#else +#define DEBUG_WRITE_CERT_X509(x509, fileName) WC_DO_NOTHING +#define DEBUG_WRITE_DER(der, derSz, fileName) WC_DO_NOTHING +#endif + #endif /* TESTS_UTILS_H */ diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 797e64e6b..041a10334 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1038,7 +1038,7 @@ static const bench_alg bench_cipher_opt[] = { #ifdef HAVE_AESGCM { "-aes-gmac", BENCH_AES_GMAC }, #endif -#ifdef WOLFSSL_AES_DIRECT +#if defined(HAVE_AES_ECB) || (defined(HAVE_FIPS) && defined(WOLFSSL_AES_DIRECT)) { "-aes-ecb", BENCH_AES_ECB }, #endif #ifdef WOLFSSL_AES_XTS @@ -3844,7 +3844,7 @@ static void* benchmarks_do(void* args) #endif } #endif -#ifdef HAVE_AES_ECB +#if defined(HAVE_AES_ECB) || (defined(HAVE_FIPS) && defined(WOLFSSL_AES_DIRECT)) if (bench_all || (bench_cipher_algs & BENCH_AES_ECB)) { #ifndef NO_SW_BENCH bench_aesecb(0); @@ -5604,7 +5604,7 @@ void bench_gmac(int useDeviceID) #endif /* HAVE_AESGCM */ -#ifdef HAVE_AES_ECB +#if defined(HAVE_AES_ECB) || (defined(HAVE_FIPS) && defined(WOLFSSL_AES_DIRECT)) static void bench_aesecb_internal(int useDeviceID, const byte* key, word32 keySz, const char* encLabel, const char* decLabel) @@ -5773,7 +5773,7 @@ void bench_aesecb(int useDeviceID) "AES-256-ECB-enc", "AES-256-ECB-dec"); #endif } -#endif /* HAVE_AES_ECB */ +#endif /* HAVE_AES_ECB || (HAVE_FIPS && WOLFSSL_AES_DIRECT) */ #ifdef WOLFSSL_AES_CFB static void bench_aescfb_internal(const byte* key, @@ -12040,6 +12040,7 @@ void bench_ecc(int useDeviceID, int curveId) int ret = 0, i, times, count, pending = 0; int deviceID; int keySize; + int dgstSize; char name[BENCH_ECC_NAME_SZ]; WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, sizeof(ecc_key), HEAP_HINT); @@ -12068,7 +12069,7 @@ void bench_ecc(int useDeviceID, int curveId) WC_DECLARE_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT); WC_DECLARE_ARRAY(digest, byte, - BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); + BENCH_MAX_PENDING, WC_MAX_DIGEST_SIZE, HEAP_HINT); #endif bench_stats_prepare(); @@ -12099,6 +12100,29 @@ void bench_ecc(int useDeviceID, int curveId) deviceID = useDeviceID ? devId : INVALID_DEVID; keySize = wc_ecc_get_curve_size_from_id(curveId); + if (keySize < 28) { + /* SHA-1 */ + dgstSize = 20; + } + else if (keySize < 32) { + /* SHA-224/SHA512-224/SHA3-224 */ + dgstSize = 28; + } + else if (keySize < 48) { + /* SHA-256/SHA512-256/SHA3-256 */ + dgstSize = 32; + } + else if (keySize < 64) { + /* SHA-384/SHA3-384 */ + dgstSize = 48; + } + else { + /* SHA-512/SHA3-512 */ + dgstSize = 64; + } + if (dgstSize > WC_MAX_DIGEST_SIZE) { + dgstSize = WC_MAX_DIGEST_SIZE; + } /* init keys */ for (i = 0; i < BENCH_MAX_PENDING; i++) { @@ -12187,7 +12211,7 @@ exit_ecdhe: /* Init digest to sign */ for (i = 0; i < BENCH_MAX_PENDING; i++) { - for (count = 0; count < keySize; count++) { + for (count = 0; count < dgstSize; count++) { digest[i][count] = (byte)count; } } @@ -12207,7 +12231,7 @@ exit_ecdhe: x[i] = ECC_MAX_SIG_SIZE; } - ret = wc_ecc_sign_hash(digest[i], (word32)keySize, sig[i], + ret = wc_ecc_sign_hash(digest[i], (word32)dgstSize, sig[i], &x[i], GLOBAL_RNG, genKey[i]); if (!bench_async_handle(&ret, @@ -12259,7 +12283,7 @@ exit_ecdsa_sign: } ret = wc_ecc_verify_hash(sig[i], x[i], digest[i], - (word32)keySize, &verify[i], + (word32)dgstSize, &verify[i], genKey[i]); if (!bench_async_handle(&ret, diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 09a96762f..0dd3658c9 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -806,54 +806,95 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits } #endif /* HAVE_AES_DECRYPT */ -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#elif defined(WOLFSSL_ARMASM) +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER; - #define NEED_AES_TABLES +static void Check_CPU_support_HwCrypto(Aes* aes) +{ + cpuid_get_flags_ex(&cpuid_flags); + aes->use_aes_hw_crypto = IS_AARCH64_AES(cpuid_flags); +#ifdef HAVE_AESGCM + aes->use_pmull_hw_crypto = IS_AARCH64_PMULL(cpuid_flags); + aes->use_sha3_hw_crypto = IS_AARCH64_SHA3(cpuid_flags); +#endif +} +#endif /* __aarch64__ && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ - static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER; - - static void Check_CPU_support_HwCrypto(Aes* aes) - { - cpuid_get_flags_ex(&cpuid_flags); - aes->use_aes_hw_crypto = IS_AARCH64_AES(cpuid_flags); - #ifdef HAVE_AESGCM - aes->use_pmull_hw_crypto = IS_AARCH64_PMULL(cpuid_flags); - aes->use_sha3_hw_crypto = IS_AARCH64_SHA3(cpuid_flags); - #endif - } - -#elif !defined(__aarch64__) && defined(WOLFSSL_ARMASM) - -#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) +#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) || \ + defined(WOLFSSL_AESGCM_STREAM) static WARN_UNUSED_RESULT int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) { #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#if !defined(__aarch64__) AES_encrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); #else - AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key, - (int)aes->rounds); + if (aes->use_aes_hw_crypto) { + AES_encrypt_AARCH64(inBlock, outBlock, (byte*)aes->key, + (int)aes->rounds); + } + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) +#else + if (0) #endif + { + AES_ECB_encrypt_NEON(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } + else +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key, + (int)aes->rounds); + } +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ return 0; } #endif -#ifdef HAVE_AES_DECRYPT -#ifdef WOLFSSL_AES_DIRECT +#if defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_DIRECT) static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) { #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#if !defined(__aarch64__) AES_decrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); #else - AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key, - (int)aes->rounds); + if (aes->use_aes_hw_crypto) { + AES_decrypt_AARCH64(inBlock, outBlock, (byte*)aes->key, + (int)aes->rounds); + } + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) +#else + if (0) #endif + { + AES_ECB_decrypt_NEON(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (byte*)aes->key, (int)aes->rounds); + } + else +#endif +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key, + (int)aes->rounds); + } +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ return 0; } -#endif -#endif +#endif /* HAVE_AES_DECRYPT && WOLFSSL_AES_DIRECT */ #elif defined(FREESCALE_MMCAU) /* Freescale mmCAU hardware AES support for Direct, CBC, CCM, GCM modes @@ -1169,8 +1210,7 @@ static const FLASH_QUALIFIER word32 rcon[] = { #endif /* ESP32 */ #endif /* __aarch64__ || !WOLFSSL_ARMASM */ -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) || defined(WOLFSSL_AES_DIRECT) || \ +#if !defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AES_DIRECT) || \ defined(HAVE_AESCCM) #ifndef WOLFSSL_AES_SMALL_TABLES static const FLASH_QUALIFIER word32 Te[4][256] = { @@ -1824,8 +1864,7 @@ static WARN_UNUSED_RESULT word32 inv_col_mul( #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) || \ defined(HAVE_AESCCM) || defined(HAVE_AESGCM) -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) || defined(WOLFSSL_AES_DIRECT) || \ +#if !defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AES_DIRECT) || \ defined(HAVE_AESCCM) @@ -3042,20 +3081,36 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( printf("Skipping AES-NI\n"); #endif } -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#elif defined(WOLFSSL_ARMASM) +#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#if !defined(__aarch64__) + AES_encrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); +#else if (aes->use_aes_hw_crypto) { AES_encrypt_AARCH64(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); - return 0; } -#elif !defined(__aarch64__) && defined(WOLFSSL_ARMASM) -#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO - AES_encrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) #else - AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds); + if (0) #endif + { + AES_ECB_encrypt_NEON(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } + else +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ return 0; #endif /* WOLFSSL_AESNI */ #if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES) @@ -3815,20 +3870,36 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( printf("Skipping AES-NI\n"); #endif } -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#elif defined(WOLFSSL_ARMASM) +#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#if !defined(__aarch64__) + AES_decrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); +#else if (aes->use_aes_hw_crypto) { AES_decrypt_AARCH64(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); - return 0; } -#elif !defined(__aarch64__) && defined(WOLFSSL_ARMASM) -#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO - AES_decrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) #else - AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds); + if (0) #endif + { + AES_ECB_decrypt_NEON(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } + else +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ return 0; #endif /* WOLFSSL_AESNI */ #if defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES) @@ -4455,8 +4526,7 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( #ifdef NEED_AES_TABLES #ifndef WC_AES_BITSLICED -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if !defined(WOLFSSL_ARMASM) /* Set the AES key and expand. * * @param [in] aes AES object. @@ -4940,14 +5010,47 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) } #endif /* WOLFSSL_AESNI */ - #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + #ifndef __aarch64__ + AES_set_key_AARCH32(userKey, keylen, (byte*)aes->key, dir); + #else Check_CPU_support_HwCrypto(aes); if (aes->use_aes_hw_crypto) { AES_set_key_AARCH64(userKey, keylen, (byte*)aes->key, dir); - return 0; } - #endif + else + #endif /* __aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + #if !defined(WOLFSSL_ARMASM_NO_NEON) + if (1) { + AES_set_encrypt_key_NEON(userKey, keylen * 8, (byte*)aes->key); + #ifdef HAVE_AES_DECRYPT + if (dir == AES_DECRYPTION) { + AES_invert_key_NEON((byte*)aes->key, aes->rounds); + } + #else + (void)dir; + #endif + } + else + #endif /* !WOLFSSL_ARMASM_NO_NEON */ +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key); + #ifdef HAVE_AES_DECRYPT + if (dir == AES_DECRYPTION) { + AES_invert_key((byte*)aes->key, aes->rounds); + } + #else + (void)dir; + #endif + } + #endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ + return 0; +#endif /* WOLFSSL_ARMASM */ #ifdef WOLFSSL_KCAPI_AES XMEMCPY(aes->devKey, userKey, keylen); @@ -5171,8 +5274,8 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #else /* !WOLFSSL_AESNI */ -#define VECTOR_REGISTERS_PUSH { WC_DO_NOTHING -#define VECTOR_REGISTERS_POP } WC_DO_NOTHING +#define VECTOR_REGISTERS_PUSH WC_DO_NOTHING +#define VECTOR_REGISTERS_POP WC_DO_NOTHING #endif /* !WOLFSSL_AESNI */ @@ -6171,7 +6274,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM) word32 blocks; int ret; #endif @@ -6184,7 +6287,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) return 0; } -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM) blocks = sz / WC_AES_BLOCK_SIZE; #endif #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS @@ -6234,14 +6337,37 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) } #endif /* WOLFSSL_ASYNC_CRYPT */ -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #if !defined(__aarch64__) AES_CBC_encrypt_AARCH32(in, out, sz, (byte*)aes->reg, (byte*)aes->key, (int)aes->rounds); -#else - AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key, - aes->rounds, (unsigned char*)aes->reg); -#endif + #else + if (aes->use_aes_hw_crypto) { + AES_CBC_encrypt_AARCH64(in, out, sz, (byte*)aes->reg, + (byte*)aes->key, (int)aes->rounds); + } + else + #endif /* __aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) + #else + if (0) + #endif + { + AES_CBC_encrypt_NEON(in, out, sz, (const unsigned char*)aes->key, + aes->rounds, (unsigned char*)aes->reg); + } + else + #endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key, + aes->rounds, (unsigned char*)aes->reg); + } + #endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ return 0; #else #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) @@ -6312,14 +6438,6 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) } } else - #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { - AES_CBC_encrypt_AARCH64(in, out, sz, (byte*)aes->reg, - (byte*)aes->key, (int)aes->rounds); - ret = 0; - } - else #endif { ret = 0; @@ -6347,7 +6465,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) /* Software AES - CBC Decrypt */ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM) word32 blocks; int ret; #endif @@ -6375,7 +6493,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) } #endif -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM) blocks = sz / WC_AES_BLOCK_SIZE; #endif if (sz % WC_AES_BLOCK_SIZE) { @@ -6434,14 +6552,37 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) } #endif -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #if !defined(__aarch64__) AES_CBC_decrypt_AARCH32(in, out, sz, (byte*)aes->reg, (byte*)aes->key, (int)aes->rounds); -#else - AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key, - aes->rounds, (unsigned char*)aes->reg); -#endif + #else + if (aes->use_aes_hw_crypto) { + AES_CBC_decrypt_AARCH64(in, out, sz, (byte*)aes->reg, + (byte*)aes->key, (int)aes->rounds); + } + else + #endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) + #else + if (sz >= 64) + #endif + { + AES_CBC_decrypt_NEON(in, out, sz, (const unsigned char*)aes->key, + aes->rounds, (unsigned char*)aes->reg); + } + else + #endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key, + aes->rounds, (unsigned char*)aes->reg); + } + #endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ return 0; #else VECTOR_REGISTERS_PUSH; @@ -6475,14 +6616,6 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) ret = 0; } else - #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { - AES_CBC_decrypt_AARCH64(in, out, sz, (byte*)aes->reg, - (byte*)aes->key, (int)aes->rounds); - ret = 0; - } - else #endif { ret = 0; @@ -6777,8 +6910,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) #endif #ifdef NEED_AES_CTR_SOFT - #if !(!defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) + #ifndef WOLFSSL_ARMASM /* Increment AES counter */ static WC_INLINE void IncrementAesCounter(byte* inOutCtr) { @@ -6789,7 +6921,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) return; } } - #endif + #endif /* Software AES - CTR Encrypt */ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) @@ -6798,7 +6930,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) byte scratch[WC_AES_BLOCK_SIZE]; #endif - #if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) + #if !defined(WOLFSSL_ARMASM) int ret = 0; #endif word32 processed; @@ -6833,11 +6965,21 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) aes->left -= processed; sz -= processed; - #if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) - #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #if defined(WOLFSSL_ARMASM) + #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #ifndef __aarch64__ AES_CTR_encrypt_AARCH32(in, out, sz, (byte*)aes->reg, (byte*)aes->key, (byte*)aes->tmp, &aes->left, aes->rounds); - #else + #else + if (aes->use_aes_hw_crypto) { + AES_CTR_encrypt_AARCH64(in, out, sz, (byte*)aes->reg, + (byte*)aes->key, (byte*)aes->tmp, &aes->left, aes->rounds); + return 0; + } + else + #endif /* !__aarch64__ */ + #endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) { word32 numBlocks; byte* tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left; @@ -6851,8 +6993,23 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) /* do as many block size ops as possible */ numBlocks = sz / WC_AES_BLOCK_SIZE; if (numBlocks > 0) { - AES_CTR_encrypt(in, out, numBlocks * WC_AES_BLOCK_SIZE, - (byte*)aes->key, aes->rounds, (byte*)aes->reg); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) + #else + if (sz >= 32) + #endif + { + AES_CTR_encrypt_NEON(in, out, + numBlocks * WC_AES_BLOCK_SIZE, (byte*)aes->key, + aes->rounds, (byte*)aes->reg); + } + else + #endif + { + AES_CTR_encrypt(in, out, numBlocks * WC_AES_BLOCK_SIZE, + (byte*)aes->key, aes->rounds, (byte*)aes->reg); + } sz -= numBlocks * WC_AES_BLOCK_SIZE; out += numBlocks * WC_AES_BLOCK_SIZE; @@ -6864,8 +7021,24 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) byte zeros[WC_AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - AES_CTR_encrypt(zeros, (byte*)aes->tmp, WC_AES_BLOCK_SIZE, - (byte*)aes->key, aes->rounds, (byte*)aes->reg); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) + #else + if (0) + #endif + { + AES_CTR_encrypt_NEON(zeros, (byte*)aes->tmp, + WC_AES_BLOCK_SIZE, (byte*)aes->key, aes->rounds, + (byte*)aes->reg); + } + else + #endif + { + AES_CTR_encrypt(zeros, (byte*)aes->tmp, + WC_AES_BLOCK_SIZE, (byte*)aes->key, aes->rounds, + (byte*)aes->reg); + } aes->left = WC_AES_BLOCK_SIZE; tmp = (byte*)aes->tmp; @@ -6876,18 +7049,9 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) } } } - #endif + #endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ return 0; #else - #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { - AES_CTR_encrypt_AARCH64(in, out, sz, (byte*)aes->reg, - (byte*)aes->key, (byte*)aes->tmp, &aes->left, aes->rounds); - return 0; - } - #endif - VECTOR_REGISTERS_PUSH; #if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ @@ -7041,6 +7205,8 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) #else /* software + AESNI implementation */ #if !defined(FREESCALE_LTC_AES_GCM) +#if (!(defined(__aarch64__) && defined(WOLFSSL_ARMASM))) || \ + defined(WOLFSSL_AESGCM_STREAM) static WC_INLINE void IncrementGcmCounter(byte* inOutCtr) { int i; @@ -7051,6 +7217,7 @@ static WC_INLINE void IncrementGcmCounter(byte* inOutCtr) return; } } +#endif #endif /* !FREESCALE_LTC_AES_GCM */ #if !defined(WOLFSSL_ARMASM) || defined(__aarch64__) || \ @@ -7177,22 +7344,28 @@ void GenerateM0(Gcm* gcm) XMEMCPY(m[0xf], m[0x8], WC_AES_BLOCK_SIZE); xorbuf (m[0xf], m[0x7], WC_AES_BLOCK_SIZE); -#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__) && \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - for (i = 0; i < 16; i++) { - word32* m32 = (word32*)gcm->M0[i]; - m32[0] = ByteReverseWord32(m32[0]); - m32[1] = ByteReverseWord32(m32[1]); - m32[2] = ByteReverseWord32(m32[2]); - m32[3] = ByteReverseWord32(m32[3]); - } -#endif - #if !defined(WC_16BIT_CPU) for (i = 0; i < 16; i++) { Shift4_M0(m[16+i], m[i]); } #endif + +#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + for (i = 0; i < 32; i++) { + #if !defined(__aarch64__) + word32* m32 = (word32*)gcm->M0[i]; + m32[0] = ByteReverseWord32(m32[0]); + m32[1] = ByteReverseWord32(m32[1]); + m32[2] = ByteReverseWord32(m32[2]); + m32[3] = ByteReverseWord32(m32[3]); + #else + word64* m64 = (word64*)gcm->M0[i]; + m64[0] = ByteReverseWord64(m64[0]); + m64[1] = ByteReverseWord64(m64[1]); + #endif + } +#endif + } #endif /* GCM_TABLE */ @@ -7269,26 +7442,42 @@ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) return ret; #endif /* WOLFSSL_RENESAS_RSIP && WOLFSSL_RENESAS_FSPSM_CRYPTONLY*/ -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) if (ret == 0) { - #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #if !defined(__aarch64__) AES_GCM_set_key_AARCH32(iv, (byte*)aes->key, aes->gcm.H, aes->rounds); #else - AES_ECB_encrypt(iv, aes->gcm.H, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds); + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { + AES_GCM_set_key_AARCH64(iv, (byte*)aes->key, aes->gcm.H, + aes->rounds); + } + else + #endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) + #else + if (0) + #endif + { + AES_ECB_encrypt_NEON(iv, aes->gcm.H, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } + else +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_ECB_encrypt(iv, aes->gcm.H, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) GenerateM0(&aes->gcm); #endif /* GCM_TABLE */ - #endif + } +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ } #else -#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (ret == 0 && aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { - AES_GCM_set_key_AARCH64(iv, (byte*)aes->key, aes->gcm.H, aes->rounds); - } - else -#endif #if !defined(FREESCALE_LTC_AES_GCM) && !defined(WOLFSSL_PSOC6_CRYPTO) if (ret == 0) { VECTOR_REGISTERS_PUSH; @@ -7510,7 +7699,8 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, while (0) #endif /* WOLFSSL_AESGCM_STREAM */ -#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__) +#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) static void GCM_gmult_len_armasm_C( byte* x, const byte* h, const unsigned char* a, unsigned long len) { @@ -7541,14 +7731,30 @@ static void GCM_gmult_len_armasm_C( #define GCM_GMULT_LEN(gcm, x, a, len) \ GCM_gmult_len_armasm_C(x, (gcm)->H, a, len) -#endif /* WOLFSSL_ARMASM && !__aarch64__ */ +#endif /* WOLFSSL_ARMASM && !__aarch64__ && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ + +#if defined(WOLFSSL_ARMASM) && (defined(__aarch64__) || \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) +#if !defined(WOLFSSL_ARMASM_NO_NEON) && defined(__aarch64__) +#define GCM_GMULT_LEN(gcm, x, a, len) \ + GCM_gmult_len_NEON(x, (const byte*)((gcm)->H), a, len) +#else +#define GCM_GMULT_LEN(gcm, x, a, len) \ + GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len) +#endif +#endif #elif defined(GCM_TABLE) -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if defined(WOLFSSL_ARMASM) && (defined(__aarch64__) || \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) +#if !defined(WOLFSSL_ARMASM_NO_NEON) && defined(__aarch64__) +#define GCM_GMULT_LEN(gcm, x, a, len) \ + GCM_gmult_len_NEON(x, (const byte*)((gcm)->H), a, len) +#else #define GCM_GMULT_LEN(gcm, x, a, len) \ GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len) +#endif #else ALIGN16 static const byte R[256][2] = { {0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46}, @@ -7812,10 +8018,19 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, /* end GCM_TABLE */ #elif defined(GCM_TABLE_4BIT) -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if defined(WOLFSSL_ARMASM) && (defined(__aarch64__) || \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) +#if !defined(WOLFSSL_ARMASM_NO_NEON) && defined(__aarch64__) +#define GCM_GMULT_LEN(gcm, x, a, len) \ + GCM_gmult_len_NEON(x, (const byte*)((gcm)->H), a, len) +#define GMULT(x, m) \ + GCM_gmult_NEON(x, (const byte**)m) +#else #define GCM_GMULT_LEN(gcm, x, a, len) \ GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len) +#define GMULT(x, m) \ + GCM_gmult(x, (const byte**)m) +#endif #else /* remainder = x^7 + x^2 + x^1 + 1 => 0xe1 * R shifts right a reverse bit pair of bytes such that: @@ -8270,7 +8485,16 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, */ #define GHASH_INIT_EXTRA(aes) WC_DO_NOTHING -/* GHASH one block of data.. +#ifdef GCM_GMULT_LEN +/* GHASH one block of data. + * + * @param [in, out] aes AES GCM object. + * @param [in] block Block of AAD or cipher text. + */ +#define GHASH_ONE_BLOCK_SW(aes, block) \ + GCM_GMULT_LEN(&(aes)->gcm, AES_TAG(aes), block, WC_AES_BLOCK_SIZE) +#else +/* GHASH one block of data. * * XOR block into tag and GMULT with H using pre-computed table. * @@ -8283,6 +8507,7 @@ void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c, GMULT(AES_TAG(aes), (aes)->gcm.M0); \ } \ while (0) +#endif #endif /* WOLFSSL_AESGCM_STREAM */ #elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) @@ -9320,7 +9545,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32( #endif /* STM32_CRYPTO_AES_GCM */ -#if !defined(WOLFSSL_ARMASM) || defined(__aarch64__) +#if !defined(WOLFSSL_ARMASM) #ifdef WOLFSSL_AESNI /* For performance reasons, this code needs to be not inlined. */ WARN_UNUSED_RESULT int AES_GCM_encrypt_C( @@ -9435,8 +9660,8 @@ WARN_UNUSED_RESULT int AES_GCM_encrypt_C( return ret; } -#elif defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) -static int AES_GCM_encrypt_AARCH32(Aes* aes, byte* out, const byte* in, +#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +static int AES_GCM_encrypt_ARM(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { @@ -9477,16 +9702,44 @@ static int AES_GCM_encrypt_AARCH32(Aes* aes, byte* out, const byte* in, blocks = sz / WC_AES_BLOCK_SIZE; partial = sz % WC_AES_BLOCK_SIZE; if (blocks > 0) { - AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds, counter); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) + #else + if (sz >= 32) + #endif + { + AES_GCM_encrypt_NEON(in, out, blocks * WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + else + #endif + { + AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } GCM_GMULT_LEN(&aes->gcm, x, out, blocks * WC_AES_BLOCK_SIZE); in += blocks * WC_AES_BLOCK_SIZE; out += blocks * WC_AES_BLOCK_SIZE; } /* take care of partial block sizes leftover */ if (partial != 0) { - AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds, counter); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) + #else + if (0) + #endif + { + AES_GCM_encrypt_NEON(in, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + else + #endif + { + AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } XMEMCPY(out, scratch, partial); XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE); @@ -9508,8 +9761,22 @@ static int AES_GCM_encrypt_AARCH32(Aes* aes, byte* out, const byte* in, } /* Auth tag calculation. */ - AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds); +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) +#else + if (0) +#endif + { + AES_ECB_encrypt_NEON(initialCounter, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } + else +#endif + { + AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } xorbuf(authTag, scratch, authTagSz); return 0; @@ -9608,16 +9875,39 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, VECTOR_REGISTERS_PUSH; -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#if !defined(__aarch64__) AES_GCM_encrypt_AARCH32(in, out, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); ret = 0; #else - ret = AES_GCM_encrypt_AARCH32(aes, out, in, sz, iv, ivSz, authTag, - authTagSz, authIn, authInSz); -#endif + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { + #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 + if (aes->use_sha3_hw_crypto) { + AES_GCM_encrypt_AARCH64_EOR3(in, out, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, + (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); + } + else + #endif + { + AES_GCM_encrypt_AARCH64(in, out, sz, iv, ivSz, authTag, authTagSz, + authIn, authInSz, (byte*)aes->key, aes->gcm.H, (byte*)aes->tmp, + (byte*)aes->reg, aes->rounds); + } + ret = 0; + } + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + ret = AES_GCM_encrypt_ARM(aes, out, in, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz); + } +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ #else #ifdef WOLFSSL_AESNI if (aes->use_aesni) { @@ -9643,25 +9933,6 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, } } else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { - #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 - if (aes->use_sha3_hw_crypto) { - AES_GCM_encrypt_AARCH64_EOR3(in, out, sz, iv, ivSz, authTag, - authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, - (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); - } - else - #endif - { - AES_GCM_encrypt_AARCH64(in, out, sz, iv, ivSz, authTag, authTagSz, - authIn, authInSz, (byte*)aes->key, aes->gcm.H, (byte*)aes->tmp, - (byte*)aes->reg, aes->rounds); - } - ret = 0; - } - else #endif /* WOLFSSL_AESNI */ { ret = AES_GCM_encrypt_C(aes, out, in, sz, iv, ivSz, authTag, authTagSz, @@ -9977,7 +10248,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32( #endif /* STM32_CRYPTO_AES_GCM */ -#if !defined(WOLFSSL_ARMASM) || defined(__aarch64__) +#if !defined(WOLFSSL_ARMASM) #ifdef WOLFSSL_AESNI /* For performance reasons, this code needs to be not inlined. */ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( @@ -10125,8 +10396,8 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( #endif return ret; } -#elif defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) -static int AES_GCM_decrypt_AARCH32(Aes* aes, byte* out, const byte* in, +#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +static int AES_GCM_decrypt_ARM(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { @@ -10169,8 +10440,22 @@ static int AES_GCM_decrypt_AARCH32(Aes* aes, byte* out, const byte* in, if (blocks > 0) { GCM_GMULT_LEN(&aes->gcm, x, in, blocks * WC_AES_BLOCK_SIZE); - AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds, counter); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) + #else + if (sz >= 32) + #endif + { + AES_GCM_encrypt_NEON(in, out, blocks * WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + else + #endif + { + AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } in += blocks * WC_AES_BLOCK_SIZE; out += blocks * WC_AES_BLOCK_SIZE; } @@ -10179,8 +10464,22 @@ static int AES_GCM_decrypt_AARCH32(Aes* aes, byte* out, const byte* in, XMEMCPY(scratch, in, partial); GCM_GMULT_LEN(&aes->gcm, x, scratch, WC_AES_BLOCK_SIZE); - AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds, counter); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) + #else + if (0) + #endif + { + AES_GCM_encrypt_NEON(in, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + else + #endif + { + AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } XMEMCPY(out, scratch, partial); } @@ -10188,8 +10487,22 @@ static int AES_GCM_decrypt_AARCH32(Aes* aes, byte* out, const byte* in, FlattenSzInBits(&scratch[0], authInSz); FlattenSzInBits(&scratch[8], sz); GCM_GMULT_LEN(&aes->gcm, x, scratch, WC_AES_BLOCK_SIZE); - AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds); +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) +#else + if (0) +#endif + { + AES_ECB_encrypt_NEON(initialCounter, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } + else +#endif + { + AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } xorbuf(x, scratch, authTagSz); if (authTag != NULL) { if (ConstantCompare(authTag, x, authTagSz) != 0) { @@ -10293,15 +10606,37 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, VECTOR_REGISTERS_PUSH; -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#ifndef __aarch64__ ret = AES_GCM_decrypt_AARCH32(in, out, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); #else - ret = AES_GCM_decrypt_AARCH32(aes, out, in, sz, iv, ivSz, authTag, - authTagSz, authIn, authInSz); -#endif + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { + #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 + if (aes->use_sha3_hw_crypto) { + ret = AES_GCM_decrypt_AARCH64_EOR3(in, out, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, + (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); + } + else + #endif + { + ret = AES_GCM_decrypt_AARCH64(in, out, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, + (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); + } + } + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + ret = AES_GCM_decrypt_ARM(aes, out, in, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz); + } +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ #else #ifdef WOLFSSL_AESNI if (aes->use_aesni) { @@ -10337,24 +10672,6 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, } } else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { - #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 - if (aes->use_sha3_hw_crypto) { - ret = AES_GCM_decrypt_AARCH64_EOR3(in, out, sz, iv, ivSz, authTag, - authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, - (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); - } - else - #endif - { - ret = AES_GCM_decrypt_AARCH64(in, out, sz, iv, ivSz, authTag, - authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, - (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); - } - } - else #endif /* WOLFSSL_AESNI */ { ret = AES_GCM_decrypt_C(aes, out, in, sz, iv, ivSz, authTag, authTagSz, @@ -13388,19 +13705,36 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt( #else AES_ECB_encrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds); #endif +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_encrypt_blocks_AARCH64(in, out, sz, (byte*)aes->key, + (int)aes->rounds); + } + else +#endif +#if !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) +#else + if (sz >= 32) +#endif + { + AES_ECB_encrypt_NEON(in, out, sz, (const unsigned char*)aes->key, + aes->rounds); + } + else +#endif + { + AES_ECB_encrypt(in, out, sz, (const unsigned char*)aes->key, + aes->rounds); + } #else #ifdef WOLFSSL_AESNI if (aes->use_aesni) { AES_ECB_encrypt_AESNI(in, out, sz, (byte*)aes->key, (int)aes->rounds); } else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { - AES_encrypt_blocks_AARCH64(in, out, sz, (byte*)aes->key, - (int)aes->rounds); - } - else #endif { #if defined(NEED_AES_TABLES) @@ -13455,19 +13789,36 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt( #else AES_ECB_decrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds); #endif +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_decrypt_blocks_AARCH64(in, out, sz, (byte*)aes->key, + (int)aes->rounds); + } + else +#endif +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) +#else + if (sz >= 64) +#endif + { + AES_ECB_decrypt_NEON(in, out, sz, (const unsigned char*)aes->key, + aes->rounds); + } + else +#endif + { + AES_ECB_decrypt(in, out, sz, (const unsigned char*)aes->key, + aes->rounds); + } #else #ifdef WOLFSSL_AESNI if (aes->use_aesni) { AES_ECB_decrypt_AESNI(in, out, sz, (byte*)aes->key, (int)aes->rounds); } else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { - AES_decrypt_blocks_AARCH64(in, out, sz, (byte*)aes->key, - (int)aes->rounds); - } - else #endif { #if defined(NEED_AES_TABLES) @@ -14898,14 +15249,34 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, RESTORE_VECTOR_REGISTERS(); } else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) if (aes->use_aes_hw_crypto) { AES_XTS_encrypt_AARCH64(in, out, sz, i, (byte*)xaes->aes.key, (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); ret = 0; } else +#endif +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) +#else + if (sz >= 32) +#endif + { + AES_XTS_encrypt_NEON(in, out, sz, i, (byte*)xaes->aes.key, + (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); + ret = 0; + } + else +#endif + if (1) { + AES_XTS_encrypt(in, out, sz, i, (byte*)xaes->aes.key, + (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); + ret = 0; + } + else #endif { ret = AesXtsEncrypt_sw(xaes, out, in, sz, i); @@ -15352,14 +15723,34 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, RESTORE_VECTOR_REGISTERS(); } else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) if (aes->use_aes_hw_crypto) { AES_XTS_decrypt_AARCH64(in, out, sz, i, (byte*)xaes->aes.key, (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); ret = 0; } else +#endif +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (1) +#else + if (sz >= 64) +#endif + { + AES_XTS_decrypt_NEON(in, out, sz, i, (byte*)xaes->aes.key, + (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); + ret = 0; + } + else +#endif + if (1) { + AES_XTS_decrypt(in, out, sz, i, (byte*)xaes->aes.key, + (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); + ret = 0; + } + else #endif { ret = AesXtsDecrypt_sw(xaes, out, in, sz, i); diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 45092a2da..b24a7710d 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -315,7 +315,7 @@ const char* wc_GetErrorString(int error) return "Random Number Generator failed"; case HMAC_MIN_KEYLEN_E: - return "FIPS Mode HMAC Minimum Key Length error"; + return "FIPS Mode HMAC Minimum Key or Salt Length error"; case RSA_PAD_E: return "Rsa Padding error"; diff --git a/wolfcrypt/src/port/arm/armv8-aes-asm.S b/wolfcrypt/src/port/arm/armv8-aes-asm.S index 1ac5b953b..431dbb1dd 100644 --- a/wolfcrypt/src/port/arm/armv8-aes-asm.S +++ b/wolfcrypt/src/port/arm/armv8-aes-asm.S @@ -43117,6 +43117,14152 @@ L_aes_xts_decrypt_arm64_crypto_done: #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_XTS */ #endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#ifndef WOLFSSL_ARMASM_NO_NEON +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +#ifndef __APPLE__ + .text + .type L_AES_ARM64_NEON_te, %object + .section .rodata + .size L_AES_ARM64_NEON_te, 256 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_AES_ARM64_NEON_te: + .byte 0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5 + .byte 0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76 + .byte 0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0 + .byte 0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0 + .byte 0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc + .byte 0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15 + .byte 0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a + .byte 0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75 + .byte 0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0 + .byte 0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84 + .byte 0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b + .byte 0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf + .byte 0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85 + .byte 0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8 + .byte 0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5 + .byte 0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2 + .byte 0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17 + .byte 0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73 + .byte 0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88 + .byte 0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb + .byte 0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c + .byte 0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79 + .byte 0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9 + .byte 0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08 + .byte 0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6 + .byte 0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a + .byte 0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e + .byte 0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e + .byte 0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94 + .byte 0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf + .byte 0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68 + .byte 0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16 +#ifndef __APPLE__ + .text + .type L_AES_ARM64_NEON_shift_rows_shuffle, %object + .section .rodata + .size L_AES_ARM64_NEON_shift_rows_shuffle, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_AES_ARM64_NEON_shift_rows_shuffle: + .byte 0x0c,0x09,0x06,0x03,0x00,0x0d,0x0a,0x07 + .byte 0x04,0x01,0x0e,0x0b,0x08,0x05,0x02,0x0f +#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || + * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#ifndef __APPLE__ +.text +.globl AES_invert_key_NEON +.type AES_invert_key_NEON,@function +.align 2 +AES_invert_key_NEON: +#else +.section __TEXT,__text +.globl _AES_invert_key_NEON +.p2align 2 +_AES_invert_key_NEON: +#endif /* __APPLE__ */ + add x3, x0, x1, lsl 4 + mov x2, x0 + mov w4, w1 +L_AES_invert_key_NEON_loop: + ld1 {v0.2d}, [x2] + ld1 {v1.2d}, [x3] + st1 {v0.2d}, [x3] + st1 {v1.2d}, [x2], #16 + subs w4, w4, #2 + sub x3, x3, #16 + bne L_AES_invert_key_NEON_loop + movi v2.16b, #27 + add x2, x0, #16 + sub w4, w1, #1 +L_AES_invert_key_NEON_mix_loop: + ld1 {v0.2d}, [x2] + sshr v5.16b, v0.16b, #7 + ushr v6.16b, v0.16b, #6 + ushr v3.16b, v0.16b, #5 + and v5.16b, v5.16b, v2.16b + pmul v6.16b, v6.16b, v2.16b + pmul v3.16b, v3.16b, v2.16b + shl v4.16b, v0.16b, #1 + eor v5.16b, v5.16b, v4.16b + shl v4.16b, v0.16b, #3 + eor v3.16b, v3.16b, v4.16b + shl v4.16b, v0.16b, #2 + eor v6.16b, v6.16b, v4.16b + eor v4.16b, v5.16b, v3.16b + eor v3.16b, v3.16b, v0.16b + eor v5.16b, v6.16b, v3.16b + eor v6.16b, v6.16b, v4.16b + eor v4.16b, v4.16b, v0.16b + shl v0.4s, v4.4s, #8 + rev32 v5.8h, v5.8h + sri v0.4s, v4.4s, #24 + eor v0.16b, v0.16b, v6.16b + shl v4.4s, v3.4s, #24 + eor v0.16b, v0.16b, v5.16b + sri v4.4s, v3.4s, #8 + eor v0.16b, v0.16b, v4.16b + st1 {v0.2d}, [x2], #16 + subs w4, w4, #1 + bne L_AES_invert_key_NEON_mix_loop + ret +#ifndef __APPLE__ + .size AES_invert_key_NEON,.-AES_invert_key_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AES_DECRYPT */ +#ifndef __APPLE__ + .text + .type L_AES_ARM64_NEON_rcon, %object + .section .rodata + .size L_AES_ARM64_NEON_rcon, 40 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_AES_ARM64_NEON_rcon: + .word 0x01000000 + .word 0x02000000 + .word 0x04000000 + .word 0x08000000 + .word 0x10000000 + .word 0x20000000 + .word 0x40000000 + .word 0x80000000 + .word 0x1b000000 + .word 0x36000000 +#ifndef __APPLE__ +.text +.globl AES_set_encrypt_key_NEON +.type AES_set_encrypt_key_NEON,@function +.align 2 +AES_set_encrypt_key_NEON: +#else +.section __TEXT,__text +.globl _AES_set_encrypt_key_NEON +.p2align 2 +_AES_set_encrypt_key_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x4, L_AES_ARM64_NEON_rcon + add x4, x4, :lo12:L_AES_ARM64_NEON_rcon +#else + adrp x4, L_AES_ARM64_NEON_rcon@PAGE + add x4, x4, :lo12:L_AES_ARM64_NEON_rcon@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_NEON_te + add x5, x5, :lo12:L_AES_ARM64_NEON_te +#else + adrp x5, L_AES_ARM64_NEON_te@PAGE + add x5, x5, :lo12:L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v6.16b, v7.16b, v8.16b, v9.16b}, [x5], #0x40 + ld1 {v10.16b, v11.16b, v12.16b, v13.16b}, [x5], #0x40 + ld1 {v14.16b, v15.16b, v16.16b, v17.16b}, [x5], #0x40 + ld1 {v18.16b, v19.16b, v20.16b, v21.16b}, [x5] + movi v2.16b, #0x40 + movi v3.16b, #0x80 + movi v4.16b, #0xc0 + movi v5.16b, #27 + eor v26.16b, v26.16b, v26.16b + cmp x1, #0x80 + beq L_AES_set_encrypt_key_NEON_start_128 + cmp x1, #0xc0 + beq L_AES_set_encrypt_key_NEON_start_192 + ld1 {v0.16b}, [x0], #16 + ld1 {v1.16b}, [x0] + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + st1 {v0.2d}, [x2], #16 + st1 {v1.2d}, [x2], #16 + mov x3, #6 +L_AES_set_encrypt_key_NEON_loop_256: + eor v22.16b, v1.16b, v2.16b + eor v23.16b, v1.16b, v3.16b + eor v24.16b, v1.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + shl v22.4s, v25.4s, #8 + sri v22.4s, v25.4s, #24 + eor v0.16b, v0.16b, v22.16b + ld1r {v25.4s}, [x4], #4 + dup v22.4s, v0.s[0] + dup v23.2s, v0.s[1] + dup v24.2s, v0.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v0.16b, v0.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v0.16b, v0.16b, v23.16b + eor v0.16b, v0.16b, v24.16b + eor v0.16b, v0.16b, v25.16b + st1 {v0.2d}, [x2], #16 + eor v22.16b, v0.16b, v2.16b + eor v23.16b, v0.16b, v3.16b + eor v24.16b, v0.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v0.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + eor v1.16b, v1.16b, v25.16b + dup v22.4s, v1.s[0] + dup v23.2s, v1.s[1] + dup v24.2s, v1.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v1.16b, v1.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v1.16b, v1.16b, v23.16b + eor v1.16b, v1.16b, v24.16b + st1 {v1.2d}, [x2], #16 + subs x3, x3, #1 + bne L_AES_set_encrypt_key_NEON_loop_256 + eor v22.16b, v1.16b, v2.16b + eor v23.16b, v1.16b, v3.16b + eor v24.16b, v1.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + shl v22.4s, v25.4s, #8 + sri v22.4s, v25.4s, #24 + eor v0.16b, v0.16b, v22.16b + ld1r {v25.4s}, [x4], #4 + dup v22.4s, v0.s[0] + dup v23.2s, v0.s[1] + dup v24.2s, v0.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v0.16b, v0.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v0.16b, v0.16b, v23.16b + eor v0.16b, v0.16b, v24.16b + eor v0.16b, v0.16b, v25.16b + st1 {v0.2d}, [x2], #16 + b L_AES_set_encrypt_key_NEON_end +L_AES_set_encrypt_key_NEON_start_192: + ld1 {v0.16b}, [x0], #16 + ld1 {v1.8b}, [x0] + rev32 v0.16b, v0.16b + rev32 v1.8b, v1.8b + st1 {v0.16b}, [x2], #16 + st1 {v1.8b}, [x2], #8 + ext v1.16b, v1.16b, v1.16b, #8 + mov x3, #7 +L_AES_set_encrypt_key_NEON_loop_192: + eor v22.16b, v1.16b, v2.16b + eor v23.16b, v1.16b, v3.16b + eor v24.16b, v1.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + shl v22.4s, v25.4s, #8 + sri v22.4s, v25.4s, #24 + eor v0.16b, v0.16b, v22.16b + ld1r {v25.4s}, [x4], #4 + dup v22.4s, v0.s[0] + dup v23.2s, v0.s[1] + dup v24.2s, v0.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v0.16b, v0.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v0.16b, v0.16b, v23.16b + eor v0.16b, v0.16b, v24.16b + eor v0.16b, v0.16b, v25.16b + st1 {v0.2d}, [x2], #16 + mov v23.16b, v26.16b + mov v23.s[2], v0.s[3] + eor v1.16b, v1.16b, v23.16b + mov v23.16b, v26.16b + mov v23.s[3], v1.s[2] + eor v1.16b, v1.16b, v23.16b + st1 {v1.d}[1], [x2], #8 + subs x3, x3, #1 + bne L_AES_set_encrypt_key_NEON_loop_192 + eor v22.16b, v1.16b, v2.16b + eor v23.16b, v1.16b, v3.16b + eor v24.16b, v1.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + shl v22.4s, v25.4s, #8 + sri v22.4s, v25.4s, #24 + eor v0.16b, v0.16b, v22.16b + ld1r {v25.4s}, [x4], #4 + dup v22.4s, v0.s[0] + dup v23.2s, v0.s[1] + dup v24.2s, v0.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v0.16b, v0.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v0.16b, v0.16b, v23.16b + eor v0.16b, v0.16b, v24.16b + eor v0.16b, v0.16b, v25.16b + st1 {v0.2d}, [x2], #16 + b L_AES_set_encrypt_key_NEON_end +L_AES_set_encrypt_key_NEON_start_128: + ld1 {v0.16b}, [x0] + rev32 v0.16b, v0.16b + st1 {v0.2d}, [x2], #16 + mov x3, #10 +L_AES_set_encrypt_key_NEON_loop_128: + eor v22.16b, v0.16b, v2.16b + eor v23.16b, v0.16b, v3.16b + eor v24.16b, v0.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v0.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + shl v22.4s, v25.4s, #8 + sri v22.4s, v25.4s, #24 + eor v0.16b, v0.16b, v22.16b + ld1r {v25.4s}, [x4], #4 + dup v22.4s, v0.s[0] + dup v23.2s, v0.s[1] + dup v24.2s, v0.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v0.16b, v0.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v0.16b, v0.16b, v23.16b + eor v0.16b, v0.16b, v24.16b + eor v0.16b, v0.16b, v25.16b + st1 {v0.2d}, [x2], #16 + subs x3, x3, #1 + bne L_AES_set_encrypt_key_NEON_loop_128 +L_AES_set_encrypt_key_NEON_end: + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_set_encrypt_key_NEON,.-AES_set_encrypt_key_NEON +#endif /* __APPLE__ */ +#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_ECB) +#ifndef __APPLE__ +.text +.globl AES_ECB_encrypt_NEON +.type AES_ECB_encrypt_NEON,@function +.align 2 +AES_ECB_encrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_ECB_encrypt_NEON +.p2align 2 +_AES_ECB_encrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_NEON_te + add x5, x5, :lo12:L_AES_ARM64_NEON_te +#else + adrp x5, L_AES_ARM64_NEON_te@PAGE + add x5, x5, :lo12:L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_NEON_shift_rows_shuffle + add x6, x6, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x6, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x6, x6, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x5], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x5], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x5], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x5] + cmp x2, #0x40 + blt L_AES_ECB_encrypt_NEON_start_2 +L_AES_ECB_encrypt_NEON_loop_4: + mov x8, x3 + ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_encrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + movi v4.16b, #27 + and v8.16b, v8.16b, v4.16b + and v9.16b, v9.16b, v4.16b + and v10.16b, v10.16b, v4.16b + and v11.16b, v11.16b, v4.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + eor v6.16b, v10.16b, v2.16b + eor v7.16b, v11.16b, v3.16b + shl v12.4s, v4.4s, #8 + shl v13.4s, v5.4s, #8 + shl v14.4s, v6.4s, #8 + shl v15.4s, v7.4s, #8 + sri v12.4s, v4.4s, #24 + sri v13.4s, v5.4s, #24 + sri v14.4s, v6.4s, #24 + sri v15.4s, v7.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + shl v6.4s, v2.4s, #24 + shl v7.4s, v3.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + sri v6.4s, v2.4s, #8 + sri v7.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + # Round Done + subs w7, w7, #2 + bne L_AES_ECB_encrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + sub x2, x2, #0x40 + cmp x2, #0x40 + bge L_AES_ECB_encrypt_NEON_loop_4 +L_AES_ECB_encrypt_NEON_start_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + cmp x2, #16 + beq L_AES_ECB_encrypt_NEON_start_1 + blt L_AES_ECB_encrypt_NEON_data_done +L_AES_ECB_encrypt_NEON_loop_2: + mov x8, x3 + ld1 {v0.16b, v1.16b}, [x0], #32 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_encrypt_NEON_loop_nr_2: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v10.16b, v0.16b, #1 + shl v11.16b, v1.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + shl v10.4s, v4.4s, #8 + shl v11.4s, v5.4s, #8 + sri v10.4s, v4.4s, #24 + sri v11.4s, v5.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # Round Done + subs w7, w7, #2 + bne L_AES_ECB_encrypt_NEON_loop_nr_2 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + st1 {v0.16b, v1.16b}, [x1], #32 + sub x2, x2, #32 + cmp x2, #0 + beq L_AES_ECB_encrypt_NEON_data_done +L_AES_ECB_encrypt_NEON_start_1: + ld1 {v3.2d}, [x6] + mov x8, x3 + ld1 {v0.16b}, [x0], #16 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_encrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x8], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x8], #16 + sshr v10.16b, v0.16b, #7 + shl v9.16b, v0.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v0.8h + eor v11.16b, v10.16b, v0.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v0.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v0.4s, #8 + sri v8.4s, v11.4s, #24 + eor v0.16b, v10.16b, v9.16b + eor v0.16b, v0.16b, v8.16b + subs w7, w7, #2 + bne L_AES_ECB_encrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x8], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x8], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + st1 {v0.16b}, [x1], #16 +L_AES_ECB_encrypt_NEON_data_done: + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_ECB_encrypt_NEON,.-AES_ECB_encrypt_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || + * WOLFSSL_AES_COUNTER || HAVE_AES_ECB */ +#ifdef HAVE_AES_CBC +#ifndef __APPLE__ +.text +.globl AES_CBC_encrypt_NEON +.type AES_CBC_encrypt_NEON,@function +.align 2 +AES_CBC_encrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_CBC_encrypt_NEON +.p2align 2 +_AES_CBC_encrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_NEON_te + add x6, x6, :lo12:L_AES_ARM64_NEON_te +#else + adrp x6, L_AES_ARM64_NEON_te@PAGE + add x6, x6, :lo12:L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x7, L_AES_ARM64_NEON_shift_rows_shuffle + add x7, x7, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x7, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x7, x7, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v10.16b, v11.16b, v12.16b, v13.16b}, [x6], #0x40 + ld1 {v14.16b, v15.16b, v16.16b, v17.16b}, [x6], #0x40 + ld1 {v18.16b, v19.16b, v20.16b, v21.16b}, [x6], #0x40 + ld1 {v22.16b, v23.16b, v24.16b, v25.16b}, [x6] + movi v6.16b, #0x40 + movi v7.16b, #0x80 + movi v8.16b, #0xc0 + movi v9.16b, #27 + ld1 {v0.2d}, [x5] + ld1 {v26.2d}, [x7] +L_AES_CBC_encrypt_NEON_loop_block: + add x9, x3, #16 + ld1 {v1.16b}, [x0], #16 + ld1 {v2.16b}, [x3] + eor v0.16b, v0.16b, v1.16b + rev32 v0.16b, v0.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v2.16b + sub w8, w4, #2 +L_AES_CBC_encrypt_NEON_loop_nr: + eor v2.16b, v0.16b, v6.16b + eor v3.16b, v0.16b, v7.16b + eor v4.16b, v0.16b, v8.16b + tbl v1.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v0.16b + tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b + tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b + tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b + orr v1.16b, v1.16b, v2.16b + orr v3.16b, v3.16b, v4.16b + orr v1.16b, v1.16b, v3.16b + tbl v1.16b, {v1.16b}, v26.16b + ld1 {v0.2d}, [x9], #16 + sshr v4.16b, v1.16b, #7 + shl v3.16b, v1.16b, #1 + and v4.16b, v4.16b, v9.16b + eor v4.16b, v4.16b, v3.16b + rev32 v2.8h, v1.8h + eor v5.16b, v4.16b, v1.16b + eor v4.16b, v4.16b, v2.16b + shl v3.4s, v1.4s, #24 + shl v2.4s, v5.4s, #8 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + sri v3.4s, v1.4s, #8 + sri v2.4s, v5.4s, #24 + eor v1.16b, v4.16b, v3.16b + eor v1.16b, v1.16b, v2.16b + eor v2.16b, v1.16b, v6.16b + eor v3.16b, v1.16b, v7.16b + eor v4.16b, v1.16b, v8.16b + tbl v0.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v1.16b + tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b + tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b + tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b + orr v0.16b, v0.16b, v2.16b + orr v3.16b, v3.16b, v4.16b + orr v0.16b, v0.16b, v3.16b + tbl v0.16b, {v0.16b}, v26.16b + ld1 {v1.2d}, [x9], #16 + sshr v4.16b, v0.16b, #7 + shl v3.16b, v0.16b, #1 + and v4.16b, v4.16b, v9.16b + eor v4.16b, v4.16b, v3.16b + rev32 v2.8h, v0.8h + eor v5.16b, v4.16b, v0.16b + eor v4.16b, v4.16b, v2.16b + shl v3.4s, v0.4s, #24 + shl v2.4s, v5.4s, #8 + # XOR in Key Schedule + eor v4.16b, v4.16b, v1.16b + sri v3.4s, v0.4s, #8 + sri v2.4s, v5.4s, #24 + eor v0.16b, v4.16b, v3.16b + eor v0.16b, v0.16b, v2.16b + subs w8, w8, #2 + bne L_AES_CBC_encrypt_NEON_loop_nr + eor v2.16b, v0.16b, v6.16b + eor v3.16b, v0.16b, v7.16b + eor v4.16b, v0.16b, v8.16b + tbl v1.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v0.16b + tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b + tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b + tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b + orr v1.16b, v1.16b, v2.16b + orr v3.16b, v3.16b, v4.16b + orr v1.16b, v1.16b, v3.16b + tbl v1.16b, {v1.16b}, v26.16b + ld1 {v0.2d}, [x9], #16 + sshr v4.16b, v1.16b, #7 + shl v3.16b, v1.16b, #1 + and v4.16b, v4.16b, v9.16b + eor v4.16b, v4.16b, v3.16b + rev32 v2.8h, v1.8h + eor v5.16b, v4.16b, v1.16b + eor v4.16b, v4.16b, v2.16b + shl v3.4s, v1.4s, #24 + shl v2.4s, v5.4s, #8 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + sri v3.4s, v1.4s, #8 + sri v2.4s, v5.4s, #24 + eor v1.16b, v4.16b, v3.16b + eor v1.16b, v1.16b, v2.16b + eor v2.16b, v1.16b, v6.16b + eor v3.16b, v1.16b, v7.16b + eor v4.16b, v1.16b, v8.16b + tbl v0.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v1.16b + tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b + tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b + tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b + orr v0.16b, v0.16b, v2.16b + orr v3.16b, v3.16b, v4.16b + orr v0.16b, v0.16b, v3.16b + tbl v0.16b, {v0.16b}, v26.16b + ld1 {v1.2d}, [x9], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v1.16b + rev32 v0.16b, v0.16b + st1 {v0.16b}, [x1], #16 + subs x2, x2, #16 + bne L_AES_CBC_encrypt_NEON_loop_block + st1 {v0.2d}, [x5] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_CBC_encrypt_NEON,.-AES_CBC_encrypt_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AES_CBC */ +#ifdef WOLFSSL_AES_COUNTER +#ifndef __APPLE__ +.text +.globl AES_CTR_encrypt_NEON +.type AES_CTR_encrypt_NEON,@function +.align 2 +AES_CTR_encrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_CTR_encrypt_NEON +.p2align 2 +_AES_CTR_encrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_NEON_te + add x6, x6, :lo12:L_AES_ARM64_NEON_te +#else + adrp x6, L_AES_ARM64_NEON_te@PAGE + add x6, x6, :lo12:L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x7, L_AES_ARM64_NEON_shift_rows_shuffle + add x7, x7, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x7, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x7, x7, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x6], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x6], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x6], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x6] + ld1 {v2.2d}, [x5] + rev64 v8.16b, v2.16b + rev32 v2.16b, v2.16b + mov x10, v8.d[1] + mov x11, v8.d[0] + cmp x2, #0x40 + blt L_AES_CTR_encrypt_NEON_start_2 +L_AES_CTR_encrypt_NEON_loop_4: + mov x9, x3 + ld1 {v4.2d}, [x9], #16 + mov v8.d[1], x10 + mov v8.d[0], x11 + rev64 v8.16b, v8.16b + rev32 v8.16b, v8.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v8.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v8.d[1], x10 + mov v8.d[0], x11 + rev64 v8.16b, v8.16b + rev32 v8.16b, v8.16b + eor v1.16b, v8.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v8.d[1], x10 + mov v8.d[0], x11 + rev64 v8.16b, v8.16b + rev32 v8.16b, v8.16b + eor v2.16b, v8.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v8.d[1], x10 + mov v8.d[0], x11 + rev64 v8.16b, v8.16b + rev32 v8.16b, v8.16b + eor v3.16b, v8.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v8.d[1], x10 + mov v8.d[0], x11 + rev64 v8.16b, v8.16b + rev32 v8.16b, v8.16b + sub w8, w4, #2 +L_AES_CTR_encrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x7] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x7] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + movi v4.16b, #27 + and v8.16b, v8.16b, v4.16b + and v9.16b, v9.16b, v4.16b + and v10.16b, v10.16b, v4.16b + and v11.16b, v11.16b, v4.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + eor v6.16b, v10.16b, v2.16b + eor v7.16b, v11.16b, v3.16b + shl v12.4s, v4.4s, #8 + shl v13.4s, v5.4s, #8 + shl v14.4s, v6.4s, #8 + shl v15.4s, v7.4s, #8 + sri v12.4s, v4.4s, #24 + sri v13.4s, v5.4s, #24 + sri v14.4s, v6.4s, #24 + sri v15.4s, v7.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + shl v6.4s, v2.4s, #24 + shl v7.4s, v3.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + sri v6.4s, v2.4s, #8 + sri v7.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + # Round Done + subs w8, w8, #2 + bne L_AES_CTR_encrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x7] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x7] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [x0], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + sub x2, x2, #0x40 + cmp x2, #0x40 + bge L_AES_CTR_encrypt_NEON_loop_4 + mov v2.d[1], x10 + mov v2.d[0], x11 + rev64 v2.16b, v2.16b + rev32 v2.16b, v2.16b +L_AES_CTR_encrypt_NEON_start_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + cmp x2, #16 + beq L_AES_CTR_encrypt_NEON_start_1 + blt L_AES_CTR_encrypt_NEON_data_done +L_AES_CTR_encrypt_NEON_loop_2: + mov x9, x3 + ld1 {v4.2d}, [x9], #16 + # Round: 0 - XOR in key schedule + eor v0.16b, v2.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v2.d[1], x10 + mov v2.d[0], x11 + rev64 v2.16b, v2.16b + rev32 v2.16b, v2.16b + eor v1.16b, v2.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v2.d[1], x10 + mov v2.d[0], x11 + rev64 v2.16b, v2.16b + rev32 v2.16b, v2.16b + sub w8, w4, #2 +L_AES_CTR_encrypt_NEON_loop_nr_2: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x7] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x7] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v10.16b, v0.16b, #1 + shl v11.16b, v1.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + shl v10.4s, v4.4s, #8 + shl v11.4s, v5.4s, #8 + sri v10.4s, v4.4s, #24 + sri v11.4s, v5.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # Round Done + subs w8, w8, #2 + bne L_AES_CTR_encrypt_NEON_loop_nr_2 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x7] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x7] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + ld1 {v4.16b, v5.16b}, [x0], #32 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + st1 {v0.16b, v1.16b}, [x1], #32 + sub x2, x2, #32 + cmp x2, #0 + beq L_AES_CTR_encrypt_NEON_data_done +L_AES_CTR_encrypt_NEON_start_1: + ld1 {v3.2d}, [x7] + mov x9, x3 + ld1 {v4.2d}, [x9], #16 + # Round: 0 - XOR in key schedule + eor v0.16b, v2.16b, v4.16b + sub w8, w4, #2 +L_AES_CTR_encrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x9], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x9], #16 + sshr v10.16b, v0.16b, #7 + shl v9.16b, v0.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v0.8h + eor v11.16b, v10.16b, v0.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v0.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v0.4s, #8 + sri v8.4s, v11.4s, #24 + eor v0.16b, v10.16b, v9.16b + eor v0.16b, v0.16b, v8.16b + subs w8, w8, #2 + bne L_AES_CTR_encrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x9], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x9], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + ld1 {v4.16b}, [x0], #16 + eor v0.16b, v0.16b, v4.16b + st1 {v0.16b}, [x1], #16 + adds x10, x10, #1 + adc x11, x11, xzr + mov v2.d[1], x10 + mov v2.d[0], x11 + rev64 v2.16b, v2.16b + rev32 v2.16b, v2.16b +L_AES_CTR_encrypt_NEON_data_done: + rev32 v2.16b, v2.16b + st1 {v2.2d}, [x5] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_CTR_encrypt_NEON,.-AES_CTR_encrypt_NEON +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +#ifndef __APPLE__ + .text + .type L_AES_ARM64_NEON_td, %object + .section .rodata + .size L_AES_ARM64_NEON_td, 256 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_AES_ARM64_NEON_td: + .byte 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38 + .byte 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb + .byte 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87 + .byte 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb + .byte 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d + .byte 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e + .byte 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2 + .byte 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25 + .byte 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16 + .byte 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92 + .byte 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda + .byte 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84 + .byte 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a + .byte 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06 + .byte 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02 + .byte 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b + .byte 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea + .byte 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73 + .byte 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85 + .byte 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e + .byte 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89 + .byte 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b + .byte 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20 + .byte 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4 + .byte 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31 + .byte 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f + .byte 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d + .byte 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef + .byte 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0 + .byte 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61 + .byte 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26 + .byte 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d +#ifndef __APPLE__ + .text + .type L_AES_ARM64_NEON_shift_rows_invshuffle, %object + .section .rodata + .size L_AES_ARM64_NEON_shift_rows_invshuffle, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_AES_ARM64_NEON_shift_rows_invshuffle: + .byte 0x04,0x09,0x0e,0x03,0x08,0x0d,0x02,0x07 + .byte 0x0c,0x01,0x06,0x0b,0x00,0x05,0x0a,0x0f +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) +#ifndef __APPLE__ +.text +.globl AES_ECB_decrypt_NEON +.type AES_ECB_decrypt_NEON,@function +.align 2 +AES_ECB_decrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_ECB_decrypt_NEON +.p2align 2 +_AES_ECB_decrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_NEON_td + add x5, x5, :lo12:L_AES_ARM64_NEON_td +#else + adrp x5, L_AES_ARM64_NEON_td@PAGE + add x5, x5, :lo12:L_AES_ARM64_NEON_td@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_NEON_shift_rows_invshuffle + add x6, x6, :lo12:L_AES_ARM64_NEON_shift_rows_invshuffle +#else + adrp x6, L_AES_ARM64_NEON_shift_rows_invshuffle@PAGE + add x6, x6, :lo12:L_AES_ARM64_NEON_shift_rows_invshuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x5], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x5], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x5], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x5] + cmp x2, #0x40 + blt L_AES_ECB_decrypt_NEON_start_2 +L_AES_ECB_decrypt_NEON_loop_4: + mov x8, x3 + ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_decrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + movi v28.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + ushr v14.16b, v6.16b, #6 + ushr v15.16b, v7.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + shl v2.16b, v6.16b, #2 + shl v3.16b, v7.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + eor v14.16b, v14.16b, v2.16b + eor v15.16b, v15.16b, v3.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + ushr v2.16b, v6.16b, #5 + ushr v3.16b, v7.16b, #5 + pmul v0.16b, v0.16b, v28.16b + pmul v1.16b, v1.16b, v28.16b + pmul v2.16b, v2.16b, v28.16b + pmul v3.16b, v3.16b, v28.16b + shl v28.16b, v4.16b, #3 + shl v29.16b, v5.16b, #3 + shl v30.16b, v6.16b, #3 + shl v31.16b, v7.16b, #3 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + eor v28.16b, v8.16b, v0.16b + eor v29.16b, v9.16b, v1.16b + eor v30.16b, v10.16b, v2.16b + eor v31.16b, v11.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v10.16b, v14.16b, v2.16b + eor v11.16b, v15.16b, v3.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v4.16b + eor v29.16b, v29.16b, v5.16b + eor v30.16b, v30.16b, v6.16b + eor v31.16b, v31.16b, v7.16b + shl v4.4s, v28.4s, #8 + shl v5.4s, v29.4s, #8 + shl v6.4s, v30.4s, #8 + shl v7.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v4.4s, v28.4s, #24 + sri v5.4s, v29.4s, #24 + sri v6.4s, v30.4s, #24 + sri v7.4s, v31.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + shl v28.4s, v0.4s, #24 + shl v29.4s, v1.4s, #24 + shl v30.4s, v2.4s, #24 + shl v31.4s, v3.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + sri v28.4s, v0.4s, #8 + sri v29.4s, v1.4s, #8 + sri v30.4s, v2.4s, #8 + sri v31.4s, v3.4s, #8 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x5] + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + movi v28.16b, #27 + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v0.16b, #6 + ushr v13.16b, v1.16b, #6 + ushr v14.16b, v2.16b, #6 + ushr v15.16b, v3.16b, #6 + shl v4.16b, v0.16b, #2 + shl v5.16b, v1.16b, #2 + shl v6.16b, v2.16b, #2 + shl v7.16b, v3.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + eor v14.16b, v14.16b, v6.16b + eor v15.16b, v15.16b, v7.16b + ushr v4.16b, v0.16b, #5 + ushr v5.16b, v1.16b, #5 + ushr v6.16b, v2.16b, #5 + ushr v7.16b, v3.16b, #5 + pmul v4.16b, v4.16b, v28.16b + pmul v5.16b, v5.16b, v28.16b + pmul v6.16b, v6.16b, v28.16b + pmul v7.16b, v7.16b, v28.16b + shl v28.16b, v0.16b, #3 + shl v29.16b, v1.16b, #3 + shl v30.16b, v2.16b, #3 + shl v31.16b, v3.16b, #3 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + eor v28.16b, v8.16b, v4.16b + eor v29.16b, v9.16b, v5.16b + eor v30.16b, v10.16b, v6.16b + eor v31.16b, v11.16b, v7.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + eor v8.16b, v12.16b, v4.16b + eor v9.16b, v13.16b, v5.16b + eor v10.16b, v14.16b, v6.16b + eor v11.16b, v15.16b, v7.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v0.16b + eor v29.16b, v29.16b, v1.16b + eor v30.16b, v30.16b, v2.16b + eor v31.16b, v31.16b, v3.16b + shl v0.4s, v28.4s, #8 + shl v1.4s, v29.4s, #8 + shl v2.4s, v30.4s, #8 + shl v3.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v0.4s, v28.4s, #24 + sri v1.4s, v29.4s, #24 + sri v2.4s, v30.4s, #24 + sri v3.4s, v31.4s, #24 + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + shl v28.4s, v4.4s, #24 + shl v29.4s, v5.4s, #24 + shl v30.4s, v6.4s, #24 + shl v31.4s, v7.4s, #24 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + sri v28.4s, v4.4s, #8 + sri v29.4s, v5.4s, #8 + sri v30.4s, v6.4s, #8 + sri v31.4s, v7.4s, #8 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x5] + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + subs w7, w7, #2 + bne L_AES_ECB_decrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + movi v28.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + ushr v14.16b, v6.16b, #6 + ushr v15.16b, v7.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + shl v2.16b, v6.16b, #2 + shl v3.16b, v7.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + eor v14.16b, v14.16b, v2.16b + eor v15.16b, v15.16b, v3.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + ushr v2.16b, v6.16b, #5 + ushr v3.16b, v7.16b, #5 + pmul v0.16b, v0.16b, v28.16b + pmul v1.16b, v1.16b, v28.16b + pmul v2.16b, v2.16b, v28.16b + pmul v3.16b, v3.16b, v28.16b + shl v28.16b, v4.16b, #3 + shl v29.16b, v5.16b, #3 + shl v30.16b, v6.16b, #3 + shl v31.16b, v7.16b, #3 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + eor v28.16b, v8.16b, v0.16b + eor v29.16b, v9.16b, v1.16b + eor v30.16b, v10.16b, v2.16b + eor v31.16b, v11.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v10.16b, v14.16b, v2.16b + eor v11.16b, v15.16b, v3.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v4.16b + eor v29.16b, v29.16b, v5.16b + eor v30.16b, v30.16b, v6.16b + eor v31.16b, v31.16b, v7.16b + shl v4.4s, v28.4s, #8 + shl v5.4s, v29.4s, #8 + shl v6.4s, v30.4s, #8 + shl v7.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v4.4s, v28.4s, #24 + sri v5.4s, v29.4s, #24 + sri v6.4s, v30.4s, #24 + sri v7.4s, v31.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + shl v28.4s, v0.4s, #24 + shl v29.4s, v1.4s, #24 + shl v30.4s, v2.4s, #24 + shl v31.4s, v3.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + sri v28.4s, v0.4s, #8 + sri v29.4s, v1.4s, #8 + sri v30.4s, v2.4s, #8 + sri v31.4s, v3.4s, #8 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x5] + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + sub x2, x2, #0x40 + cmp x2, #0x40 + bge L_AES_ECB_decrypt_NEON_loop_4 +L_AES_ECB_decrypt_NEON_start_2: + cmp x2, #16 + beq L_AES_ECB_decrypt_NEON_start_1 + blt L_AES_ECB_decrypt_NEON_data_done +L_AES_ECB_decrypt_NEON_loop_2: + mov x8, x3 + ld1 {v0.16b, v1.16b}, [x0], #32 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_decrypt_NEON_loop_nr_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + movi v10.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + pmul v0.16b, v0.16b, v10.16b + pmul v1.16b, v1.16b, v10.16b + shl v10.16b, v4.16b, #3 + shl v11.16b, v5.16b, #3 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + eor v10.16b, v8.16b, v0.16b + eor v11.16b, v9.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v5.16b + shl v4.4s, v10.4s, #8 + shl v5.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v4.4s, v10.4s, #24 + sri v5.4s, v11.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + shl v10.4s, v0.4s, #24 + shl v11.4s, v1.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + sri v10.4s, v0.4s, #8 + sri v11.4s, v1.4s, #8 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + movi v10.16b, #27 + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v0.16b, #6 + ushr v13.16b, v1.16b, #6 + shl v4.16b, v0.16b, #2 + shl v5.16b, v1.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + ushr v4.16b, v0.16b, #5 + ushr v5.16b, v1.16b, #5 + pmul v4.16b, v4.16b, v10.16b + pmul v5.16b, v5.16b, v10.16b + shl v10.16b, v0.16b, #3 + shl v11.16b, v1.16b, #3 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + eor v10.16b, v8.16b, v4.16b + eor v11.16b, v9.16b, v5.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v8.16b, v12.16b, v4.16b + eor v9.16b, v13.16b, v5.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v0.16b + eor v11.16b, v11.16b, v1.16b + shl v0.4s, v10.4s, #8 + shl v1.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v0.4s, v10.4s, #24 + sri v1.4s, v11.4s, #24 + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + shl v10.4s, v4.4s, #24 + shl v11.4s, v5.4s, #24 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + sri v10.4s, v4.4s, #8 + sri v11.4s, v5.4s, #8 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + subs w7, w7, #2 + bne L_AES_ECB_decrypt_NEON_loop_nr_2 + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + movi v10.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + pmul v0.16b, v0.16b, v10.16b + pmul v1.16b, v1.16b, v10.16b + shl v10.16b, v4.16b, #3 + shl v11.16b, v5.16b, #3 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + eor v10.16b, v8.16b, v0.16b + eor v11.16b, v9.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v5.16b + shl v4.4s, v10.4s, #8 + shl v5.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v4.4s, v10.4s, #24 + sri v5.4s, v11.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + shl v10.4s, v0.4s, #24 + shl v11.4s, v1.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + sri v10.4s, v0.4s, #8 + sri v11.4s, v1.4s, #8 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + st1 {v0.16b, v1.16b}, [x1], #32 + sub x2, x2, #32 + cmp x2, #0 + beq L_AES_ECB_decrypt_NEON_data_done +L_AES_ECB_decrypt_NEON_start_1: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + ld1 {v3.2d}, [x6] + mov x8, x3 + ld1 {v0.16b}, [x0], #16 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_decrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x8], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + sshr v10.16b, v0.16b, #7 + ushr v11.16b, v0.16b, #6 + ushr v8.16b, v0.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v0.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v0.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v0.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v0.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v0.16b + shl v0.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v0.4s, v9.4s, #24 + eor v0.16b, v0.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v0.16b, v0.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v0.16b, v0.16b, v9.16b + ld1 {v4.2d}, [x8], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + subs w7, w7, #2 + bne L_AES_ECB_decrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x8], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x8], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + st1 {v0.16b}, [x1], #16 +L_AES_ECB_decrypt_NEON_data_done: + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_ECB_decrypt_NEON,.-AES_ECB_decrypt_NEON +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ +#ifdef HAVE_AES_CBC +#ifndef __APPLE__ +.text +.globl AES_CBC_decrypt_NEON +.type AES_CBC_decrypt_NEON,@function +.align 2 +AES_CBC_decrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_CBC_decrypt_NEON +.p2align 2 +_AES_CBC_decrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-160]! + add x29, sp, #0 + stp d8, d9, [x29, #96] + stp d10, d11, [x29, #112] + stp d12, d13, [x29, #128] + stp d14, d15, [x29, #144] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_NEON_td + add x6, x6, :lo12:L_AES_ARM64_NEON_td +#else + adrp x6, L_AES_ARM64_NEON_td@PAGE + add x6, x6, :lo12:L_AES_ARM64_NEON_td@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x7, L_AES_ARM64_NEON_shift_rows_invshuffle + add x7, x7, :lo12:L_AES_ARM64_NEON_shift_rows_invshuffle +#else + adrp x7, L_AES_ARM64_NEON_shift_rows_invshuffle@PAGE + add x7, x7, :lo12:L_AES_ARM64_NEON_shift_rows_invshuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x6], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x6], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x6], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x6] + ld1 {v3.2d}, [x5] + add x10, x29, #16 + cmp x2, #0x40 + blt L_AES_CBC_decrypt_NEON_start_2 +L_AES_CBC_decrypt_NEON_loop_4: + mov x9, x3 + ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [x0], #0x40 + st1 {v3.2d, v4.2d, v5.2d, v6.2d}, [x10] + str q7, [x10, #64] + ld1 {v8.2d}, [x9], #16 + rev32 v4.16b, v4.16b + rev32 v5.16b, v5.16b + rev32 v6.16b, v6.16b + rev32 v7.16b, v7.16b + # Round: 0 - XOR in key schedule + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + eor v6.16b, v6.16b, v8.16b + eor v7.16b, v7.16b, v8.16b + sub w8, w4, #2 +L_AES_CBC_decrypt_NEON_loop_nr_4: + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v10.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v11.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v5.16b, v12.16b + eor v2.16b, v6.16b, v12.16b + eor v3.16b, v7.16b, v12.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b + tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + eor v0.16b, v4.16b, v13.16b + eor v1.16b, v5.16b, v13.16b + eor v2.16b, v6.16b, v13.16b + eor v3.16b, v7.16b, v13.16b + tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + eor v0.16b, v4.16b, v14.16b + eor v1.16b, v5.16b, v14.16b + eor v2.16b, v6.16b, v14.16b + eor v3.16b, v7.16b, v14.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld1 {v4.16b}, [x7] + tbl v8.16b, {v8.16b}, v4.16b + tbl v9.16b, {v9.16b}, v4.16b + tbl v10.16b, {v10.16b}, v4.16b + tbl v11.16b, {v11.16b}, v4.16b + movi v28.16b, #27 + sshr v0.16b, v8.16b, #7 + sshr v1.16b, v9.16b, #7 + sshr v2.16b, v10.16b, #7 + sshr v3.16b, v11.16b, #7 + shl v12.16b, v8.16b, #1 + shl v13.16b, v9.16b, #1 + shl v14.16b, v10.16b, #1 + shl v15.16b, v11.16b, #1 + and v0.16b, v0.16b, v28.16b + and v1.16b, v1.16b, v28.16b + and v2.16b, v2.16b, v28.16b + and v3.16b, v3.16b, v28.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + ushr v12.16b, v8.16b, #6 + ushr v13.16b, v9.16b, #6 + ushr v14.16b, v10.16b, #6 + ushr v15.16b, v11.16b, #6 + shl v4.16b, v8.16b, #2 + shl v5.16b, v9.16b, #2 + shl v6.16b, v10.16b, #2 + shl v7.16b, v11.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + eor v14.16b, v14.16b, v6.16b + eor v15.16b, v15.16b, v7.16b + ushr v4.16b, v8.16b, #5 + ushr v5.16b, v9.16b, #5 + ushr v6.16b, v10.16b, #5 + ushr v7.16b, v11.16b, #5 + pmul v4.16b, v4.16b, v28.16b + pmul v5.16b, v5.16b, v28.16b + pmul v6.16b, v6.16b, v28.16b + pmul v7.16b, v7.16b, v28.16b + shl v28.16b, v8.16b, #3 + shl v29.16b, v9.16b, #3 + shl v30.16b, v10.16b, #3 + shl v31.16b, v11.16b, #3 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + eor v28.16b, v0.16b, v4.16b + eor v29.16b, v1.16b, v5.16b + eor v30.16b, v2.16b, v6.16b + eor v31.16b, v3.16b, v7.16b + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v0.16b, v12.16b, v4.16b + eor v1.16b, v13.16b, v5.16b + eor v2.16b, v14.16b, v6.16b + eor v3.16b, v15.16b, v7.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v8.16b + eor v29.16b, v29.16b, v9.16b + eor v30.16b, v30.16b, v10.16b + eor v31.16b, v31.16b, v11.16b + shl v8.4s, v28.4s, #8 + shl v9.4s, v29.4s, #8 + shl v10.4s, v30.4s, #8 + shl v11.4s, v31.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + sri v8.4s, v28.4s, #24 + sri v9.4s, v29.4s, #24 + sri v10.4s, v30.4s, #24 + sri v11.4s, v31.4s, #24 + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + shl v28.4s, v4.4s, #24 + shl v29.4s, v5.4s, #24 + shl v30.4s, v6.4s, #24 + shl v31.4s, v7.4s, #24 + eor v8.16b, v8.16b, v0.16b + eor v9.16b, v9.16b, v1.16b + eor v10.16b, v10.16b, v2.16b + eor v11.16b, v11.16b, v3.16b + sri v28.4s, v4.4s, #8 + sri v29.4s, v5.4s, #8 + sri v30.4s, v6.4s, #8 + sri v31.4s, v7.4s, #8 + eor v8.16b, v8.16b, v28.16b + eor v9.16b, v9.16b, v29.16b + eor v10.16b, v10.16b, v30.16b + eor v11.16b, v11.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x6] + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v4.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v4.16b + # Round Done + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v10.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v11.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v9.16b, v12.16b + eor v2.16b, v10.16b, v12.16b + eor v3.16b, v11.16b, v12.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b + tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + eor v0.16b, v8.16b, v13.16b + eor v1.16b, v9.16b, v13.16b + eor v2.16b, v10.16b, v13.16b + eor v3.16b, v11.16b, v13.16b + tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + eor v0.16b, v8.16b, v14.16b + eor v1.16b, v9.16b, v14.16b + eor v2.16b, v10.16b, v14.16b + eor v3.16b, v11.16b, v14.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + ld1 {v8.16b}, [x7] + tbl v4.16b, {v4.16b}, v8.16b + tbl v5.16b, {v5.16b}, v8.16b + tbl v6.16b, {v6.16b}, v8.16b + tbl v7.16b, {v7.16b}, v8.16b + movi v28.16b, #27 + sshr v0.16b, v4.16b, #7 + sshr v1.16b, v5.16b, #7 + sshr v2.16b, v6.16b, #7 + sshr v3.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + and v0.16b, v0.16b, v28.16b + and v1.16b, v1.16b, v28.16b + and v2.16b, v2.16b, v28.16b + and v3.16b, v3.16b, v28.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + ushr v14.16b, v6.16b, #6 + ushr v15.16b, v7.16b, #6 + shl v8.16b, v4.16b, #2 + shl v9.16b, v5.16b, #2 + shl v10.16b, v6.16b, #2 + shl v11.16b, v7.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v8.16b + eor v13.16b, v13.16b, v9.16b + eor v14.16b, v14.16b, v10.16b + eor v15.16b, v15.16b, v11.16b + ushr v8.16b, v4.16b, #5 + ushr v9.16b, v5.16b, #5 + ushr v10.16b, v6.16b, #5 + ushr v11.16b, v7.16b, #5 + pmul v8.16b, v8.16b, v28.16b + pmul v9.16b, v9.16b, v28.16b + pmul v10.16b, v10.16b, v28.16b + pmul v11.16b, v11.16b, v28.16b + shl v28.16b, v4.16b, #3 + shl v29.16b, v5.16b, #3 + shl v30.16b, v6.16b, #3 + shl v31.16b, v7.16b, #3 + eor v8.16b, v8.16b, v28.16b + eor v9.16b, v9.16b, v29.16b + eor v10.16b, v10.16b, v30.16b + eor v11.16b, v11.16b, v31.16b + eor v28.16b, v0.16b, v8.16b + eor v29.16b, v1.16b, v9.16b + eor v30.16b, v2.16b, v10.16b + eor v31.16b, v3.16b, v11.16b + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v5.16b + eor v10.16b, v10.16b, v6.16b + eor v11.16b, v11.16b, v7.16b + eor v0.16b, v12.16b, v8.16b + eor v1.16b, v13.16b, v9.16b + eor v2.16b, v14.16b, v10.16b + eor v3.16b, v15.16b, v11.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v4.16b + eor v29.16b, v29.16b, v5.16b + eor v30.16b, v30.16b, v6.16b + eor v31.16b, v31.16b, v7.16b + shl v4.4s, v28.4s, #8 + shl v5.4s, v29.4s, #8 + shl v6.4s, v30.4s, #8 + shl v7.4s, v31.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + sri v4.4s, v28.4s, #24 + sri v5.4s, v29.4s, #24 + sri v6.4s, v30.4s, #24 + sri v7.4s, v31.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + shl v28.4s, v8.4s, #24 + shl v29.4s, v9.4s, #24 + shl v30.4s, v10.4s, #24 + shl v31.4s, v11.4s, #24 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + sri v28.4s, v8.4s, #8 + sri v29.4s, v9.4s, #8 + sri v30.4s, v10.4s, #8 + sri v31.4s, v11.4s, #8 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x6] + # XOR in Key Schedule + ld1 {v8.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + eor v6.16b, v6.16b, v8.16b + eor v7.16b, v7.16b, v8.16b + # Round Done + subs w8, w8, #2 + bne L_AES_CBC_decrypt_NEON_loop_nr_4 + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v10.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v11.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v5.16b, v12.16b + eor v2.16b, v6.16b, v12.16b + eor v3.16b, v7.16b, v12.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b + tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + eor v0.16b, v4.16b, v13.16b + eor v1.16b, v5.16b, v13.16b + eor v2.16b, v6.16b, v13.16b + eor v3.16b, v7.16b, v13.16b + tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + eor v0.16b, v4.16b, v14.16b + eor v1.16b, v5.16b, v14.16b + eor v2.16b, v6.16b, v14.16b + eor v3.16b, v7.16b, v14.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld1 {v4.16b}, [x7] + tbl v8.16b, {v8.16b}, v4.16b + tbl v9.16b, {v9.16b}, v4.16b + tbl v10.16b, {v10.16b}, v4.16b + tbl v11.16b, {v11.16b}, v4.16b + movi v28.16b, #27 + sshr v0.16b, v8.16b, #7 + sshr v1.16b, v9.16b, #7 + sshr v2.16b, v10.16b, #7 + sshr v3.16b, v11.16b, #7 + shl v12.16b, v8.16b, #1 + shl v13.16b, v9.16b, #1 + shl v14.16b, v10.16b, #1 + shl v15.16b, v11.16b, #1 + and v0.16b, v0.16b, v28.16b + and v1.16b, v1.16b, v28.16b + and v2.16b, v2.16b, v28.16b + and v3.16b, v3.16b, v28.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + ushr v12.16b, v8.16b, #6 + ushr v13.16b, v9.16b, #6 + ushr v14.16b, v10.16b, #6 + ushr v15.16b, v11.16b, #6 + shl v4.16b, v8.16b, #2 + shl v5.16b, v9.16b, #2 + shl v6.16b, v10.16b, #2 + shl v7.16b, v11.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + eor v14.16b, v14.16b, v6.16b + eor v15.16b, v15.16b, v7.16b + ushr v4.16b, v8.16b, #5 + ushr v5.16b, v9.16b, #5 + ushr v6.16b, v10.16b, #5 + ushr v7.16b, v11.16b, #5 + pmul v4.16b, v4.16b, v28.16b + pmul v5.16b, v5.16b, v28.16b + pmul v6.16b, v6.16b, v28.16b + pmul v7.16b, v7.16b, v28.16b + shl v28.16b, v8.16b, #3 + shl v29.16b, v9.16b, #3 + shl v30.16b, v10.16b, #3 + shl v31.16b, v11.16b, #3 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + eor v28.16b, v0.16b, v4.16b + eor v29.16b, v1.16b, v5.16b + eor v30.16b, v2.16b, v6.16b + eor v31.16b, v3.16b, v7.16b + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v0.16b, v12.16b, v4.16b + eor v1.16b, v13.16b, v5.16b + eor v2.16b, v14.16b, v6.16b + eor v3.16b, v15.16b, v7.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v8.16b + eor v29.16b, v29.16b, v9.16b + eor v30.16b, v30.16b, v10.16b + eor v31.16b, v31.16b, v11.16b + shl v8.4s, v28.4s, #8 + shl v9.4s, v29.4s, #8 + shl v10.4s, v30.4s, #8 + shl v11.4s, v31.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + sri v8.4s, v28.4s, #24 + sri v9.4s, v29.4s, #24 + sri v10.4s, v30.4s, #24 + sri v11.4s, v31.4s, #24 + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + shl v28.4s, v4.4s, #24 + shl v29.4s, v5.4s, #24 + shl v30.4s, v6.4s, #24 + shl v31.4s, v7.4s, #24 + eor v8.16b, v8.16b, v0.16b + eor v9.16b, v9.16b, v1.16b + eor v10.16b, v10.16b, v2.16b + eor v11.16b, v11.16b, v3.16b + sri v28.4s, v4.4s, #8 + sri v29.4s, v5.4s, #8 + sri v30.4s, v6.4s, #8 + sri v31.4s, v7.4s, #8 + eor v8.16b, v8.16b, v28.16b + eor v9.16b, v9.16b, v29.16b + eor v10.16b, v10.16b, v30.16b + eor v11.16b, v11.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x6] + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v4.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v4.16b + # Round Done + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v10.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v11.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v9.16b, v12.16b + eor v2.16b, v10.16b, v12.16b + eor v3.16b, v11.16b, v12.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b + tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + eor v0.16b, v8.16b, v13.16b + eor v1.16b, v9.16b, v13.16b + eor v2.16b, v10.16b, v13.16b + eor v3.16b, v11.16b, v13.16b + tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + eor v0.16b, v8.16b, v14.16b + eor v1.16b, v9.16b, v14.16b + eor v2.16b, v10.16b, v14.16b + eor v3.16b, v11.16b, v14.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + ld1 {v8.16b}, [x7] + tbl v4.16b, {v4.16b}, v8.16b + tbl v5.16b, {v5.16b}, v8.16b + tbl v6.16b, {v6.16b}, v8.16b + tbl v7.16b, {v7.16b}, v8.16b + # XOR in Key Schedule + ld1 {v8.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + eor v6.16b, v6.16b, v8.16b + eor v7.16b, v7.16b, v8.16b + # Round Done + rev32 v4.16b, v4.16b + rev32 v5.16b, v5.16b + rev32 v6.16b, v6.16b + rev32 v7.16b, v7.16b + ld1 {v8.2d, v9.2d, v10.2d, v11.2d}, [x10] + ldr q3, [x10, #64] + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + st1 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + sub x2, x2, #0x40 + cmp x2, #0x40 + bge L_AES_CBC_decrypt_NEON_loop_4 +L_AES_CBC_decrypt_NEON_start_2: + cmp x2, #16 + beq L_AES_CBC_decrypt_NEON_start_1 + blt L_AES_CBC_decrypt_NEON_data_done +L_AES_CBC_decrypt_NEON_loop_2: + mov x9, x3 + ld1 {v4.16b, v5.16b}, [x0], #32 + st1 {v3.2d, v4.2d, v5.2d}, [x10] + ld1 {v8.2d}, [x9], #16 + rev32 v4.16b, v4.16b + rev32 v5.16b, v5.16b + # Round: 0 - XOR in key schedule + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + sub w8, w4, #2 +L_AES_CBC_decrypt_NEON_loop_nr_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v5.16b, v12.16b + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + eor v2.16b, v4.16b, v13.16b + eor v3.16b, v5.16b, v13.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + eor v0.16b, v4.16b, v14.16b + eor v1.16b, v5.16b, v14.16b + orr v8.16b, v8.16b, v2.16b + orr v9.16b, v9.16b, v3.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + ld1 {v4.16b}, [x7] + tbl v8.16b, {v8.16b}, v4.16b + tbl v9.16b, {v9.16b}, v4.16b + movi v2.16b, #27 + sshr v0.16b, v8.16b, #7 + sshr v1.16b, v9.16b, #7 + shl v12.16b, v8.16b, #1 + shl v13.16b, v9.16b, #1 + and v0.16b, v0.16b, v2.16b + and v1.16b, v1.16b, v2.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + ushr v12.16b, v8.16b, #6 + ushr v13.16b, v9.16b, #6 + shl v4.16b, v8.16b, #2 + shl v5.16b, v9.16b, #2 + pmul v12.16b, v12.16b, v2.16b + pmul v13.16b, v13.16b, v2.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + ushr v4.16b, v8.16b, #5 + ushr v5.16b, v9.16b, #5 + pmul v4.16b, v4.16b, v2.16b + pmul v5.16b, v5.16b, v2.16b + shl v2.16b, v8.16b, #3 + shl v3.16b, v9.16b, #3 + eor v4.16b, v4.16b, v2.16b + eor v5.16b, v5.16b, v3.16b + eor v2.16b, v0.16b, v4.16b + eor v3.16b, v1.16b, v5.16b + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v0.16b, v12.16b, v4.16b + eor v1.16b, v13.16b, v5.16b + eor v12.16b, v12.16b, v2.16b + eor v13.16b, v13.16b, v3.16b + eor v2.16b, v2.16b, v8.16b + eor v3.16b, v3.16b, v9.16b + shl v8.4s, v2.4s, #8 + shl v9.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + sri v8.4s, v2.4s, #24 + sri v9.4s, v3.4s, #24 + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + shl v2.4s, v4.4s, #24 + shl v3.4s, v5.4s, #24 + eor v8.16b, v8.16b, v0.16b + eor v9.16b, v9.16b, v1.16b + sri v2.4s, v4.4s, #8 + sri v3.4s, v5.4s, #8 + eor v8.16b, v8.16b, v2.16b + eor v9.16b, v9.16b, v3.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v4.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v9.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + eor v2.16b, v8.16b, v13.16b + eor v3.16b, v9.16b, v13.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + eor v0.16b, v8.16b, v14.16b + eor v1.16b, v9.16b, v14.16b + orr v4.16b, v4.16b, v2.16b + orr v5.16b, v5.16b, v3.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + ld1 {v8.16b}, [x7] + tbl v4.16b, {v4.16b}, v8.16b + tbl v5.16b, {v5.16b}, v8.16b + movi v2.16b, #27 + sshr v0.16b, v4.16b, #7 + sshr v1.16b, v5.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + and v0.16b, v0.16b, v2.16b + and v1.16b, v1.16b, v2.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + shl v8.16b, v4.16b, #2 + shl v9.16b, v5.16b, #2 + pmul v12.16b, v12.16b, v2.16b + pmul v13.16b, v13.16b, v2.16b + eor v12.16b, v12.16b, v8.16b + eor v13.16b, v13.16b, v9.16b + ushr v8.16b, v4.16b, #5 + ushr v9.16b, v5.16b, #5 + pmul v8.16b, v8.16b, v2.16b + pmul v9.16b, v9.16b, v2.16b + shl v2.16b, v4.16b, #3 + shl v3.16b, v5.16b, #3 + eor v8.16b, v8.16b, v2.16b + eor v9.16b, v9.16b, v3.16b + eor v2.16b, v0.16b, v8.16b + eor v3.16b, v1.16b, v9.16b + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v5.16b + eor v0.16b, v12.16b, v8.16b + eor v1.16b, v13.16b, v9.16b + eor v12.16b, v12.16b, v2.16b + eor v13.16b, v13.16b, v3.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v5.16b + shl v4.4s, v2.4s, #8 + shl v5.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + sri v4.4s, v2.4s, #24 + sri v5.4s, v3.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + shl v2.4s, v8.4s, #24 + shl v3.4s, v9.4s, #24 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + sri v2.4s, v8.4s, #8 + sri v3.4s, v9.4s, #8 + eor v4.16b, v4.16b, v2.16b + eor v5.16b, v5.16b, v3.16b + # XOR in Key Schedule + ld1 {v8.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + # Round Done + subs w8, w8, #2 + bne L_AES_CBC_decrypt_NEON_loop_nr_2 + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v5.16b, v12.16b + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + eor v2.16b, v4.16b, v13.16b + eor v3.16b, v5.16b, v13.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + eor v0.16b, v4.16b, v14.16b + eor v1.16b, v5.16b, v14.16b + orr v8.16b, v8.16b, v2.16b + orr v9.16b, v9.16b, v3.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + ld1 {v4.16b}, [x7] + tbl v8.16b, {v8.16b}, v4.16b + tbl v9.16b, {v9.16b}, v4.16b + movi v2.16b, #27 + sshr v0.16b, v8.16b, #7 + sshr v1.16b, v9.16b, #7 + shl v12.16b, v8.16b, #1 + shl v13.16b, v9.16b, #1 + and v0.16b, v0.16b, v2.16b + and v1.16b, v1.16b, v2.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + ushr v12.16b, v8.16b, #6 + ushr v13.16b, v9.16b, #6 + shl v4.16b, v8.16b, #2 + shl v5.16b, v9.16b, #2 + pmul v12.16b, v12.16b, v2.16b + pmul v13.16b, v13.16b, v2.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + ushr v4.16b, v8.16b, #5 + ushr v5.16b, v9.16b, #5 + pmul v4.16b, v4.16b, v2.16b + pmul v5.16b, v5.16b, v2.16b + shl v2.16b, v8.16b, #3 + shl v3.16b, v9.16b, #3 + eor v4.16b, v4.16b, v2.16b + eor v5.16b, v5.16b, v3.16b + eor v2.16b, v0.16b, v4.16b + eor v3.16b, v1.16b, v5.16b + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v0.16b, v12.16b, v4.16b + eor v1.16b, v13.16b, v5.16b + eor v12.16b, v12.16b, v2.16b + eor v13.16b, v13.16b, v3.16b + eor v2.16b, v2.16b, v8.16b + eor v3.16b, v3.16b, v9.16b + shl v8.4s, v2.4s, #8 + shl v9.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + sri v8.4s, v2.4s, #24 + sri v9.4s, v3.4s, #24 + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + shl v2.4s, v4.4s, #24 + shl v3.4s, v5.4s, #24 + eor v8.16b, v8.16b, v0.16b + eor v9.16b, v9.16b, v1.16b + sri v2.4s, v4.4s, #8 + sri v3.4s, v5.4s, #8 + eor v8.16b, v8.16b, v2.16b + eor v9.16b, v9.16b, v3.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v4.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v9.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + eor v2.16b, v8.16b, v13.16b + eor v3.16b, v9.16b, v13.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + eor v0.16b, v8.16b, v14.16b + eor v1.16b, v9.16b, v14.16b + orr v4.16b, v4.16b, v2.16b + orr v5.16b, v5.16b, v3.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + ld1 {v8.16b}, [x7] + tbl v4.16b, {v4.16b}, v8.16b + tbl v5.16b, {v5.16b}, v8.16b + # XOR in Key Schedule + ld1 {v8.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + # Round Done + rev32 v4.16b, v4.16b + rev32 v5.16b, v5.16b + ld1 {v1.16b, v2.16b, v3.16b}, [x10] + eor v4.16b, v4.16b, v1.16b + eor v5.16b, v5.16b, v2.16b + st1 {v4.16b, v5.16b}, [x1], #32 + sub x2, x2, #32 + cmp x2, #32 + bge L_AES_CBC_decrypt_NEON_loop_2 + cmp x2, #0 + beq L_AES_CBC_decrypt_NEON_data_done +L_AES_CBC_decrypt_NEON_start_1: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + ld1 {v7.2d}, [x7] + mov x9, x3 + ld1 {v4.16b}, [x0], #16 + mov v10.16b, v3.16b + mov v11.16b, v4.16b + ld1 {v8.16b}, [x9], #16 + rev32 v4.16b, v4.16b + # Round: 0 - XOR in key schedule + eor v4.16b, v4.16b, v8.16b + sub w8, w4, #2 +L_AES_CBC_decrypt_NEON_loop_nr_1: + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v4.16b, v13.16b + eor v2.16b, v4.16b, v14.16b + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + orr v8.16b, v8.16b, v0.16b + orr v1.16b, v1.16b, v2.16b + orr v8.16b, v8.16b, v1.16b + tbl v8.16b, {v8.16b}, v7.16b + sshr v2.16b, v8.16b, #7 + ushr v3.16b, v8.16b, #6 + ushr v0.16b, v8.16b, #5 + and v2.16b, v2.16b, v15.16b + pmul v3.16b, v3.16b, v15.16b + pmul v0.16b, v0.16b, v15.16b + shl v1.16b, v8.16b, #1 + eor v2.16b, v2.16b, v1.16b + shl v1.16b, v8.16b, #3 + eor v0.16b, v0.16b, v1.16b + shl v1.16b, v8.16b, #2 + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v2.16b, v0.16b + eor v0.16b, v0.16b, v8.16b + eor v2.16b, v3.16b, v0.16b + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v1.16b, v8.16b + shl v8.4s, v1.4s, #8 + rev32 v2.8h, v2.8h + sri v8.4s, v1.4s, #24 + eor v8.16b, v8.16b, v3.16b + shl v1.4s, v0.4s, #24 + eor v8.16b, v8.16b, v2.16b + sri v1.4s, v0.4s, #8 + eor v8.16b, v8.16b, v1.16b + ld1 {v4.2d}, [x9], #16 + # XOR in Key Schedule + eor v8.16b, v8.16b, v4.16b + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v8.16b, v13.16b + eor v2.16b, v8.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + orr v4.16b, v4.16b, v0.16b + orr v1.16b, v1.16b, v2.16b + orr v4.16b, v4.16b, v1.16b + tbl v4.16b, {v4.16b}, v7.16b + sshr v2.16b, v4.16b, #7 + ushr v3.16b, v4.16b, #6 + ushr v0.16b, v4.16b, #5 + and v2.16b, v2.16b, v15.16b + pmul v3.16b, v3.16b, v15.16b + pmul v0.16b, v0.16b, v15.16b + shl v1.16b, v4.16b, #1 + eor v2.16b, v2.16b, v1.16b + shl v1.16b, v4.16b, #3 + eor v0.16b, v0.16b, v1.16b + shl v1.16b, v4.16b, #2 + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v2.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + eor v2.16b, v3.16b, v0.16b + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v1.16b, v4.16b + shl v4.4s, v1.4s, #8 + rev32 v2.8h, v2.8h + sri v4.4s, v1.4s, #24 + eor v4.16b, v4.16b, v3.16b + shl v1.4s, v0.4s, #24 + eor v4.16b, v4.16b, v2.16b + sri v1.4s, v0.4s, #8 + eor v4.16b, v4.16b, v1.16b + ld1 {v8.2d}, [x9], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v8.16b + subs w8, w8, #2 + bne L_AES_CBC_decrypt_NEON_loop_nr_1 + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v4.16b, v13.16b + eor v2.16b, v4.16b, v14.16b + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + orr v8.16b, v8.16b, v0.16b + orr v1.16b, v1.16b, v2.16b + orr v8.16b, v8.16b, v1.16b + tbl v8.16b, {v8.16b}, v7.16b + sshr v2.16b, v8.16b, #7 + ushr v3.16b, v8.16b, #6 + ushr v0.16b, v8.16b, #5 + and v2.16b, v2.16b, v15.16b + pmul v3.16b, v3.16b, v15.16b + pmul v0.16b, v0.16b, v15.16b + shl v1.16b, v8.16b, #1 + eor v2.16b, v2.16b, v1.16b + shl v1.16b, v8.16b, #3 + eor v0.16b, v0.16b, v1.16b + shl v1.16b, v8.16b, #2 + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v2.16b, v0.16b + eor v0.16b, v0.16b, v8.16b + eor v2.16b, v3.16b, v0.16b + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v1.16b, v8.16b + shl v8.4s, v1.4s, #8 + rev32 v2.8h, v2.8h + sri v8.4s, v1.4s, #24 + eor v8.16b, v8.16b, v3.16b + shl v1.4s, v0.4s, #24 + eor v8.16b, v8.16b, v2.16b + sri v1.4s, v0.4s, #8 + eor v8.16b, v8.16b, v1.16b + ld1 {v4.2d}, [x9], #16 + # XOR in Key Schedule + eor v8.16b, v8.16b, v4.16b + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v8.16b, v13.16b + eor v2.16b, v8.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + orr v4.16b, v4.16b, v0.16b + orr v1.16b, v1.16b, v2.16b + orr v4.16b, v4.16b, v1.16b + tbl v4.16b, {v4.16b}, v7.16b + ld1 {v8.2d}, [x9], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v8.16b + rev32 v4.16b, v4.16b + mov v3.16b, v11.16b + eor v4.16b, v4.16b, v10.16b + st1 {v4.16b}, [x1], #16 +L_AES_CBC_decrypt_NEON_data_done: + st1 {v3.2d}, [x5] + ldp d8, d9, [x29, #96] + ldp d10, d11, [x29, #112] + ldp d12, d13, [x29, #128] + ldp d14, d15, [x29, #144] + ldp x29, x30, [sp], #0xa0 + ret +#ifndef __APPLE__ + .size AES_CBC_decrypt_NEON,.-AES_CBC_decrypt_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AES_CBC */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC + * HAVE_AES_ECB */ +#endif /* HAVE_AES_DECRYPT */ +#ifdef HAVE_AESGCM +#ifndef __APPLE__ +.text +.globl GCM_gmult_len_NEON +.type GCM_gmult_len_NEON,@function +.align 2 +GCM_gmult_len_NEON: +#else +.section __TEXT,__text +.globl _GCM_gmult_len_NEON +.p2align 2 +_GCM_gmult_len_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] + ld1 {v18.2d}, [x0] + ld1 {v10.2d}, [x1] + movi v19.16b, #15 + eor v20.16b, v20.16b, v20.16b + rbit v18.16b, v18.16b + rbit v10.16b, v10.16b + and v12.16b, v10.16b, v19.16b + ushr v13.16b, v10.16b, #4 + eor v14.16b, v12.16b, v13.16b +L_GCM_gmult_len_NEON_start_block: + ld1 {v0.16b}, [x2], #16 + rbit v0.16b, v0.16b + eor v18.16b, v18.16b, v0.16b + # Mul 128x128 + and v15.16b, v18.16b, v19.16b + ushr v16.16b, v18.16b, #4 + eor v17.16b, v15.16b, v16.16b + dup v0.16b, v12.b[0] + dup v2.16b, v14.b[0] + dup v1.16b, v13.b[0] + pmul v8.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v8.16b + eor v5.16b, v5.16b, v4.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v8.16b, v8.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + dup v0.16b, v12.b[1] + dup v2.16b, v14.b[1] + dup v1.16b, v13.b[1] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v6.16b, v20.16b, v3.16b, #15 + ext v9.16b, v3.16b, v20.16b, #15 + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[2] + dup v2.16b, v14.b[2] + dup v1.16b, v13.b[2] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #14 + ext v6.16b, v20.16b, v3.16b, #14 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[3] + dup v2.16b, v14.b[3] + dup v1.16b, v13.b[3] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #13 + ext v6.16b, v20.16b, v3.16b, #13 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[4] + dup v2.16b, v14.b[4] + dup v1.16b, v13.b[4] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #12 + ext v6.16b, v20.16b, v3.16b, #12 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[5] + dup v2.16b, v14.b[5] + dup v1.16b, v13.b[5] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #11 + ext v6.16b, v20.16b, v3.16b, #11 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[6] + dup v2.16b, v14.b[6] + dup v1.16b, v13.b[6] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #10 + ext v6.16b, v20.16b, v3.16b, #10 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[7] + dup v2.16b, v14.b[7] + dup v1.16b, v13.b[7] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #9 + ext v6.16b, v20.16b, v3.16b, #9 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[8] + dup v2.16b, v14.b[8] + dup v1.16b, v13.b[8] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #8 + ext v6.16b, v20.16b, v3.16b, #8 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[9] + dup v2.16b, v14.b[9] + dup v1.16b, v13.b[9] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #7 + ext v6.16b, v20.16b, v3.16b, #7 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[10] + dup v2.16b, v14.b[10] + dup v1.16b, v13.b[10] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #6 + ext v6.16b, v20.16b, v3.16b, #6 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[11] + dup v2.16b, v14.b[11] + dup v1.16b, v13.b[11] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #5 + ext v6.16b, v20.16b, v3.16b, #5 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[12] + dup v2.16b, v14.b[12] + dup v1.16b, v13.b[12] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #4 + ext v6.16b, v20.16b, v3.16b, #4 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[13] + dup v2.16b, v14.b[13] + dup v1.16b, v13.b[13] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #3 + ext v6.16b, v20.16b, v3.16b, #3 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[14] + dup v2.16b, v14.b[14] + dup v1.16b, v13.b[14] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #2 + ext v6.16b, v20.16b, v3.16b, #2 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[15] + dup v2.16b, v14.b[15] + dup v1.16b, v13.b[15] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #1 + ext v6.16b, v20.16b, v3.16b, #1 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + eor v9.16b, v9.16b, v11.16b + # Reduce 254-bit number + shl v0.16b, v9.16b, #1 + shl v1.16b, v9.16b, #2 + shl v2.16b, v9.16b, #7 + ushr v3.16b, v9.16b, #7 + ushr v4.16b, v9.16b, #6 + ushr v5.16b, v9.16b, #1 + eor v0.16b, v0.16b, v9.16b + eor v1.16b, v1.16b, v2.16b + eor v0.16b, v0.16b, v1.16b + eor v8.16b, v8.16b, v0.16b + ext v0.16b, v20.16b, v3.16b, #15 + ext v1.16b, v20.16b, v4.16b, #15 + ext v2.16b, v20.16b, v5.16b, #15 + ext v4.16b, v4.16b, v20.16b, #15 + ext v5.16b, v5.16b, v20.16b, #15 + eor v0.16b, v0.16b, v1.16b + eor v8.16b, v8.16b, v2.16b + eor v8.16b, v8.16b, v0.16b + eor v3.16b, v4.16b, v5.16b + shl v0.2d, v3.2d, #1 + shl v1.2d, v3.2d, #2 + shl v2.2d, v3.2d, #7 + eor v3.16b, v3.16b, v0.16b + eor v1.16b, v1.16b, v2.16b + eor v8.16b, v8.16b, v3.16b + eor v18.16b, v8.16b, v1.16b + subs x3, x3, #16 + bne L_GCM_gmult_len_NEON_start_block + rbit v18.16b, v18.16b + st1 {v18.2d}, [x0] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size GCM_gmult_len_NEON,.-GCM_gmult_len_NEON +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_NEON +.type AES_GCM_encrypt_NEON,@function +.align 2 +AES_GCM_encrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_NEON +.p2align 2 +_AES_GCM_encrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x9, L_AES_ARM64_NEON_te + add x9, x9, :lo12:L_AES_ARM64_NEON_te +#else + adrp x9, L_AES_ARM64_NEON_te@PAGE + add x9, x9, :lo12:L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x10, L_AES_ARM64_NEON_shift_rows_shuffle + add x10, x10, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x10, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x10, x10, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x9], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x9], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x9], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x9] + ld1 {v2.2d}, [x5] + rev32 v2.16b, v2.16b + mov w6, v2.s[3] + cmp x2, #0x40 + blt L_AES_GCM_encrypt_NEON_start_2 + mov x7, v2.d[0] + mov x8, v2.d[1] +L_AES_GCM_encrypt_NEON_loop_4: + mov x12, x3 + ld1 {v4.2d}, [x12], #16 + mov v8.d[0], x7 + mov v8.d[1], x8 + # Round: 0 - XOR in key schedule + add w6, w6, #1 + mov v8.s[3], w6 + eor v0.16b, v8.16b, v4.16b + add w6, w6, #1 + mov v8.s[3], w6 + eor v1.16b, v8.16b, v4.16b + add w6, w6, #1 + mov v8.s[3], w6 + eor v2.16b, v8.16b, v4.16b + add w6, w6, #1 + mov v8.s[3], w6 + eor v3.16b, v8.16b, v4.16b + sub w11, w4, #2 +L_AES_GCM_encrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x10] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x12], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x10] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + movi v4.16b, #27 + and v8.16b, v8.16b, v4.16b + and v9.16b, v9.16b, v4.16b + and v10.16b, v10.16b, v4.16b + and v11.16b, v11.16b, v4.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + eor v6.16b, v10.16b, v2.16b + eor v7.16b, v11.16b, v3.16b + shl v12.4s, v4.4s, #8 + shl v13.4s, v5.4s, #8 + shl v14.4s, v6.4s, #8 + shl v15.4s, v7.4s, #8 + sri v12.4s, v4.4s, #24 + sri v13.4s, v5.4s, #24 + sri v14.4s, v6.4s, #24 + sri v15.4s, v7.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + shl v6.4s, v2.4s, #24 + shl v7.4s, v3.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + sri v6.4s, v2.4s, #8 + sri v7.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x12], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + # Round Done + subs w11, w11, #2 + bne L_AES_GCM_encrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x10] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x12], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x10] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x12], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [x0], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + sub x2, x2, #0x40 + cmp x2, #0x40 + bge L_AES_GCM_encrypt_NEON_loop_4 + mov v2.d[0], x7 + mov v2.d[1], x8 + mov v2.s[3], w6 +L_AES_GCM_encrypt_NEON_start_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + cmp x2, #16 + beq L_AES_GCM_encrypt_NEON_start_1 + blt L_AES_GCM_encrypt_NEON_data_done +L_AES_GCM_encrypt_NEON_loop_2: + mov x12, x3 + ld1 {v4.2d}, [x12], #16 + # Round: 0 - XOR in key schedule + add w6, w6, #1 + mov v2.s[3], w6 + eor v0.16b, v2.16b, v4.16b + add w6, w6, #1 + mov v2.s[3], w6 + eor v1.16b, v2.16b, v4.16b + sub w11, w4, #2 +L_AES_GCM_encrypt_NEON_loop_nr_2: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x10] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x12], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x10] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v10.16b, v0.16b, #1 + shl v11.16b, v1.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + shl v10.4s, v4.4s, #8 + shl v11.4s, v5.4s, #8 + sri v10.4s, v4.4s, #24 + sri v11.4s, v5.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x12], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # Round Done + subs w11, w11, #2 + bne L_AES_GCM_encrypt_NEON_loop_nr_2 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x10] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x12], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x10] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x12], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + ld1 {v4.16b, v5.16b}, [x0], #32 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + st1 {v0.16b, v1.16b}, [x1], #32 + sub x2, x2, #32 + cmp x2, #0 + beq L_AES_GCM_encrypt_NEON_data_done +L_AES_GCM_encrypt_NEON_start_1: + ld1 {v3.2d}, [x10] + mov x12, x3 + add w6, w6, #1 + ld1 {v4.2d}, [x12], #16 + mov v2.s[3], w6 + # Round: 0 - XOR in key schedule + eor v0.16b, v2.16b, v4.16b + sub w11, w4, #2 +L_AES_GCM_encrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x12], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x12], #16 + sshr v10.16b, v0.16b, #7 + shl v9.16b, v0.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v0.8h + eor v11.16b, v10.16b, v0.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v0.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v0.4s, #8 + sri v8.4s, v11.4s, #24 + eor v0.16b, v10.16b, v9.16b + eor v0.16b, v0.16b, v8.16b + subs w11, w11, #2 + bne L_AES_GCM_encrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x12], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x12], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + ld1 {v4.16b}, [x0], #16 + eor v0.16b, v0.16b, v4.16b + st1 {v0.16b}, [x1], #16 +L_AES_GCM_encrypt_NEON_data_done: + rev32 v2.16b, v2.16b + st1 {v2.2d}, [x5] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_GCM_encrypt_NEON,.-AES_GCM_encrypt_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AES_XTS +#ifndef __APPLE__ +.text +.globl AES_XTS_encrypt_NEON +.type AES_XTS_encrypt_NEON,@function +.align 2 +AES_XTS_encrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_XTS_encrypt_NEON +.p2align 2 +_AES_XTS_encrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-128]! + add x29, sp, #0 + stp x17, x19, [x29, #24] + stp x20, x21, [x29, #40] + str x22, [x29, #56] + stp d8, d9, [x29, #64] + stp d10, d11, [x29, #80] + stp d12, d13, [x29, #96] + stp d14, d15, [x29, #112] +#ifndef __APPLE__ + adrp x19, L_AES_ARM64_NEON_te + add x19, x19, :lo12:L_AES_ARM64_NEON_te +#else + adrp x19, L_AES_ARM64_NEON_te@PAGE + add x19, x19, :lo12:L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x20, L_AES_ARM64_NEON_shift_rows_shuffle + add x20, x20, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x20, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x20, x20, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x19], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x19], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x19], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x19] + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + ld1 {v3.2d}, [x20] + mov x17, #0x87 + ld1 {v2.2d}, [x3] + ld1 {v4.2d}, [x5] + rev32 v2.16b, v2.16b + add x22, x5, #16 + # Round: 0 - XOR in key schedule + eor v2.16b, v2.16b, v4.16b + sub w21, w7, #2 +L_AES_XTS_encrypt_NEON_loop_nr_tweak: + eor v8.16b, v2.16b, v12.16b + eor v9.16b, v2.16b, v13.16b + eor v10.16b, v2.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v2.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v2.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v2.16b, v2.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v2.16b, v2.16b, v9.16b + tbl v2.16b, {v2.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + sshr v10.16b, v2.16b, #7 + shl v9.16b, v2.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v2.8h + eor v11.16b, v10.16b, v2.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v2.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v2.4s, #8 + sri v8.4s, v11.4s, #24 + eor v2.16b, v10.16b, v9.16b + eor v2.16b, v2.16b, v8.16b + subs w21, w21, #2 + bne L_AES_XTS_encrypt_NEON_loop_nr_tweak + eor v8.16b, v2.16b, v12.16b + eor v9.16b, v2.16b, v13.16b + eor v10.16b, v2.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v2.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v2.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v2.16b, v2.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v2.16b, v2.16b, v9.16b + tbl v2.16b, {v2.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + # XOR in Key Schedule + eor v2.16b, v2.16b, v4.16b + rev32 v2.16b, v2.16b + mov x8, v2.d[0] + mov x9, v2.d[1] + cmp w2, #0x40 + blt L_AES_XTS_encrypt_NEON_start_2 +L_AES_XTS_encrypt_NEON_loop_4: + mov x22, x4 + ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld1 {v4.16b}, [x22], #16 + and x16, x17, x9, asr 63 + extr x11, x9, x8, #63 + eor x10, x16, x8, lsl 1 + and x16, x17, x11, asr 63 + extr x13, x11, x10, #63 + eor x12, x16, x10, lsl 1 + and x16, x17, x13, asr 63 + extr x15, x13, x12, #63 + eor x14, x16, x12, lsl 1 + mov v8.d[0], x8 + mov v8.d[1], x9 + mov v9.d[0], x10 + mov v9.d[1], x11 + mov v10.d[0], x12 + mov v10.d[1], x13 + mov v11.d[0], x14 + mov v11.d[1], x15 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + sub w21, w7, #2 +L_AES_XTS_encrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x20] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x22], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x20] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + movi v4.16b, #27 + and v8.16b, v8.16b, v4.16b + and v9.16b, v9.16b, v4.16b + and v10.16b, v10.16b, v4.16b + and v11.16b, v11.16b, v4.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + eor v6.16b, v10.16b, v2.16b + eor v7.16b, v11.16b, v3.16b + shl v12.4s, v4.4s, #8 + shl v13.4s, v5.4s, #8 + shl v14.4s, v6.4s, #8 + shl v15.4s, v7.4s, #8 + sri v12.4s, v4.4s, #24 + sri v13.4s, v5.4s, #24 + sri v14.4s, v6.4s, #24 + sri v15.4s, v7.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + shl v6.4s, v2.4s, #24 + shl v7.4s, v3.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + sri v6.4s, v2.4s, #8 + sri v7.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + # Round Done + subs w21, w21, #2 + bne L_AES_XTS_encrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x20] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x22], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x20] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + mov v8.d[0], x8 + mov v8.d[1], x9 + mov v9.d[0], x10 + mov v9.d[1], x11 + mov v10.d[0], x12 + mov v10.d[1], x13 + mov v11.d[0], x14 + mov v11.d[1], x15 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + and x16, x17, x15, asr 63 + extr x9, x15, x14, #63 + eor x8, x16, x14, lsl 1 + sub w2, w2, #0x40 + cmp w2, #0x40 + bge L_AES_XTS_encrypt_NEON_loop_4 + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 +L_AES_XTS_encrypt_NEON_start_2: + cmp w2, #32 + blt L_AES_XTS_encrypt_NEON_start_1 + mov x22, x4 + ld1 {v0.16b, v1.16b}, [x0], #32 + ld1 {v4.16b}, [x22], #16 + and x16, x17, x9, asr 63 + extr x11, x9, x8, #63 + eor x10, x16, x8, lsl 1 + and x16, x17, x11, asr 63 + extr x13, x11, x10, #63 + eor x12, x16, x10, lsl 1 + mov v2.d[0], x8 + mov v2.d[1], x9 + mov v3.d[0], x10 + mov v3.d[1], x11 + eor v0.16b, v0.16b, v2.16b + eor v1.16b, v1.16b, v3.16b + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + sub w21, w7, #2 +L_AES_XTS_encrypt_NEON_loop_nr_2: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x20] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x22], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x20] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v10.16b, v0.16b, #1 + shl v11.16b, v1.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + shl v10.4s, v4.4s, #8 + shl v11.4s, v5.4s, #8 + sri v10.4s, v4.4s, #24 + sri v11.4s, v5.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # Round Done + subs w21, w21, #2 + bne L_AES_XTS_encrypt_NEON_loop_nr_2 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x20] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x22], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x20] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + eor v0.16b, v0.16b, v2.16b + eor v1.16b, v1.16b, v3.16b + st1 {v0.16b, v1.16b}, [x1], #32 + and x16, x17, x11, asr 63 + extr x9, x11, x10, #63 + eor x8, x16, x10, lsl 1 + sub w2, w2, #32 +L_AES_XTS_encrypt_NEON_start_1: + ld1 {v3.2d}, [x20] + mov v2.d[0], x8 + mov v2.d[1], x9 + cmp w2, #16 + blt L_AES_XTS_encrypt_NEON_start_partial + mov x22, x4 + ld1 {v0.16b}, [x0], #16 + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v2.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + sub w21, w7, #2 +L_AES_XTS_encrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + sshr v10.16b, v0.16b, #7 + shl v9.16b, v0.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v0.8h + eor v11.16b, v10.16b, v0.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v0.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v0.4s, #8 + sri v8.4s, v11.4s, #24 + eor v0.16b, v10.16b, v9.16b + eor v0.16b, v0.16b, v8.16b + subs w21, w21, #2 + bne L_AES_XTS_encrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v2.16b + st1 {v0.16b}, [x1], #16 + subs w2, w2, #16 + beq L_AES_XTS_encrypt_NEON_data_done + and x16, x17, x9, asr 63 + extr x9, x9, x8, #63 + eor x8, x16, x8, lsl 1 +L_AES_XTS_encrypt_NEON_start_partial: + cbz w2, L_AES_XTS_encrypt_NEON_data_done + mov v2.d[0], x8 + mov v2.d[1], x9 + mov x22, x4 + sub x1, x1, #16 + ld1 {v0.16b}, [x1], #16 + st1 {v0.2d}, [x6] + mov w16, w2 +L_AES_XTS_encrypt_NEON_start_byte: + ldrb w10, [x6] + ldrb w11, [x0], #1 + strb w10, [x1], #1 + strb w11, [x6], #1 + subs w16, w16, #1 + bgt L_AES_XTS_encrypt_NEON_start_byte + sub x1, x1, x2 + sub x6, x6, x2 + sub x1, x1, #16 + ld1 {v0.2d}, [x6] + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v2.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + sub w21, w7, #2 +L_AES_XTS_encrypt_NEON_loop_nr_partial: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + sshr v10.16b, v0.16b, #7 + shl v9.16b, v0.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v0.8h + eor v11.16b, v10.16b, v0.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v0.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v0.4s, #8 + sri v8.4s, v11.4s, #24 + eor v0.16b, v10.16b, v9.16b + eor v0.16b, v0.16b, v8.16b + subs w21, w21, #2 + bne L_AES_XTS_encrypt_NEON_loop_nr_partial + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v2.16b + st1 {v0.16b}, [x1] +L_AES_XTS_encrypt_NEON_data_done: + ldp x17, x19, [x29, #24] + ldp x20, x21, [x29, #40] + ldr x22, [x29, #56] + ldp d8, d9, [x29, #64] + ldp d10, d11, [x29, #80] + ldp d12, d13, [x29, #96] + ldp d14, d15, [x29, #112] + ldp x29, x30, [sp], #0x80 + ret +#ifndef __APPLE__ + .size AES_XTS_encrypt_NEON,.-AES_XTS_encrypt_NEON +#endif /* __APPLE__ */ +#ifdef HAVE_AES_DECRYPT +#ifndef __APPLE__ +.text +.globl AES_XTS_decrypt_NEON +.type AES_XTS_decrypt_NEON,@function +.align 2 +AES_XTS_decrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_XTS_decrypt_NEON +.p2align 2 +_AES_XTS_decrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-144]! + add x29, sp, #0 + stp x17, x19, [x29, #16] + stp x20, x21, [x29, #32] + stp x22, x23, [x29, #48] + stp x24, x25, [x29, #64] + stp d8, d9, [x29, #80] + stp d10, d11, [x29, #96] + stp d12, d13, [x29, #112] + stp d14, d15, [x29, #128] +#ifndef __APPLE__ + adrp x20, L_AES_ARM64_NEON_te + add x20, x20, :lo12:L_AES_ARM64_NEON_te +#else + adrp x20, L_AES_ARM64_NEON_te@PAGE + add x20, x20, :lo12:L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x21, L_AES_ARM64_NEON_td + add x21, x21, :lo12:L_AES_ARM64_NEON_td +#else + adrp x21, L_AES_ARM64_NEON_td@PAGE + add x21, x21, :lo12:L_AES_ARM64_NEON_td@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x22, L_AES_ARM64_NEON_shift_rows_shuffle + add x22, x22, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x22, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x22, x22, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x23, L_AES_ARM64_NEON_shift_rows_invshuffle + add x23, x23, :lo12:L_AES_ARM64_NEON_shift_rows_invshuffle +#else + adrp x23, L_AES_ARM64_NEON_shift_rows_invshuffle@PAGE + add x23, x23, :lo12:L_AES_ARM64_NEON_shift_rows_invshuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x20], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x20], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x20], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x20] + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + ld1 {v3.2d}, [x22] + mov x17, #0x87 + ands w19, w2, #15 + cset w16, ne + lsl w16, w16, #4 + sub w2, w2, w16 + ld1 {v2.2d}, [x3] + ld1 {v4.2d}, [x5] + rev32 v2.16b, v2.16b + add x25, x5, #16 + # Round: 0 - XOR in key schedule + eor v2.16b, v2.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_tweak: + eor v8.16b, v2.16b, v12.16b + eor v9.16b, v2.16b, v13.16b + eor v10.16b, v2.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v2.2d}, [x25], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v2.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v2.16b, v2.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v2.16b, v2.16b, v9.16b + tbl v2.16b, {v2.16b}, v3.16b + ld1 {v4.2d}, [x25], #16 + sshr v10.16b, v2.16b, #7 + shl v9.16b, v2.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v2.8h + eor v11.16b, v10.16b, v2.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v2.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v2.4s, #8 + sri v8.4s, v11.4s, #24 + eor v2.16b, v10.16b, v9.16b + eor v2.16b, v2.16b, v8.16b + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_tweak + eor v8.16b, v2.16b, v12.16b + eor v9.16b, v2.16b, v13.16b + eor v10.16b, v2.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v2.2d}, [x25], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v2.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v2.16b, v2.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v2.16b, v2.16b, v9.16b + tbl v2.16b, {v2.16b}, v3.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v2.16b, v2.16b, v4.16b + rev32 v2.16b, v2.16b + mov x8, v2.d[0] + mov x9, v2.d[1] + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x21], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x21], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x21], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x21] + ld1 {v3.2d}, [x23] + cmp w2, #0x40 + blt L_AES_XTS_decrypt_NEON_start_2 +L_AES_XTS_decrypt_NEON_loop_4: + mov x25, x4 + ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld1 {v4.16b}, [x25], #16 + and x16, x17, x9, asr 63 + extr x11, x9, x8, #63 + eor x10, x16, x8, lsl 1 + and x16, x17, x11, asr 63 + extr x13, x11, x10, #63 + eor x12, x16, x10, lsl 1 + and x16, x17, x13, asr 63 + extr x15, x13, x12, #63 + eor x14, x16, x12, lsl 1 + mov v8.d[0], x8 + mov v8.d[1], x9 + mov v9.d[0], x10 + mov v9.d[1], x11 + mov v10.d[0], x12 + mov v10.d[1], x13 + mov v11.d[0], x14 + mov v11.d[1], x15 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x23] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + movi v28.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + ushr v14.16b, v6.16b, #6 + ushr v15.16b, v7.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + shl v2.16b, v6.16b, #2 + shl v3.16b, v7.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + eor v14.16b, v14.16b, v2.16b + eor v15.16b, v15.16b, v3.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + ushr v2.16b, v6.16b, #5 + ushr v3.16b, v7.16b, #5 + pmul v0.16b, v0.16b, v28.16b + pmul v1.16b, v1.16b, v28.16b + pmul v2.16b, v2.16b, v28.16b + pmul v3.16b, v3.16b, v28.16b + shl v28.16b, v4.16b, #3 + shl v29.16b, v5.16b, #3 + shl v30.16b, v6.16b, #3 + shl v31.16b, v7.16b, #3 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + eor v28.16b, v8.16b, v0.16b + eor v29.16b, v9.16b, v1.16b + eor v30.16b, v10.16b, v2.16b + eor v31.16b, v11.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v10.16b, v14.16b, v2.16b + eor v11.16b, v15.16b, v3.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v4.16b + eor v29.16b, v29.16b, v5.16b + eor v30.16b, v30.16b, v6.16b + eor v31.16b, v31.16b, v7.16b + shl v4.4s, v28.4s, #8 + shl v5.4s, v29.4s, #8 + shl v6.4s, v30.4s, #8 + shl v7.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v4.4s, v28.4s, #24 + sri v5.4s, v29.4s, #24 + sri v6.4s, v30.4s, #24 + sri v7.4s, v31.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + shl v28.4s, v0.4s, #24 + shl v29.4s, v1.4s, #24 + shl v30.4s, v2.4s, #24 + shl v31.4s, v3.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + sri v28.4s, v0.4s, #8 + sri v29.4s, v1.4s, #8 + sri v30.4s, v2.4s, #8 + sri v31.4s, v3.4s, #8 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x21] + # XOR in Key Schedule + ld1 {v0.2d}, [x25], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x23] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + movi v28.16b, #27 + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v0.16b, #6 + ushr v13.16b, v1.16b, #6 + ushr v14.16b, v2.16b, #6 + ushr v15.16b, v3.16b, #6 + shl v4.16b, v0.16b, #2 + shl v5.16b, v1.16b, #2 + shl v6.16b, v2.16b, #2 + shl v7.16b, v3.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + eor v14.16b, v14.16b, v6.16b + eor v15.16b, v15.16b, v7.16b + ushr v4.16b, v0.16b, #5 + ushr v5.16b, v1.16b, #5 + ushr v6.16b, v2.16b, #5 + ushr v7.16b, v3.16b, #5 + pmul v4.16b, v4.16b, v28.16b + pmul v5.16b, v5.16b, v28.16b + pmul v6.16b, v6.16b, v28.16b + pmul v7.16b, v7.16b, v28.16b + shl v28.16b, v0.16b, #3 + shl v29.16b, v1.16b, #3 + shl v30.16b, v2.16b, #3 + shl v31.16b, v3.16b, #3 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + eor v28.16b, v8.16b, v4.16b + eor v29.16b, v9.16b, v5.16b + eor v30.16b, v10.16b, v6.16b + eor v31.16b, v11.16b, v7.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + eor v8.16b, v12.16b, v4.16b + eor v9.16b, v13.16b, v5.16b + eor v10.16b, v14.16b, v6.16b + eor v11.16b, v15.16b, v7.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v0.16b + eor v29.16b, v29.16b, v1.16b + eor v30.16b, v30.16b, v2.16b + eor v31.16b, v31.16b, v3.16b + shl v0.4s, v28.4s, #8 + shl v1.4s, v29.4s, #8 + shl v2.4s, v30.4s, #8 + shl v3.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v0.4s, v28.4s, #24 + sri v1.4s, v29.4s, #24 + sri v2.4s, v30.4s, #24 + sri v3.4s, v31.4s, #24 + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + shl v28.4s, v4.4s, #24 + shl v29.4s, v5.4s, #24 + shl v30.4s, v6.4s, #24 + shl v31.4s, v7.4s, #24 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + sri v28.4s, v4.4s, #8 + sri v29.4s, v5.4s, #8 + sri v30.4s, v6.4s, #8 + sri v31.4s, v7.4s, #8 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x21] + # XOR in Key Schedule + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x23] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + movi v28.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + ushr v14.16b, v6.16b, #6 + ushr v15.16b, v7.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + shl v2.16b, v6.16b, #2 + shl v3.16b, v7.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + eor v14.16b, v14.16b, v2.16b + eor v15.16b, v15.16b, v3.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + ushr v2.16b, v6.16b, #5 + ushr v3.16b, v7.16b, #5 + pmul v0.16b, v0.16b, v28.16b + pmul v1.16b, v1.16b, v28.16b + pmul v2.16b, v2.16b, v28.16b + pmul v3.16b, v3.16b, v28.16b + shl v28.16b, v4.16b, #3 + shl v29.16b, v5.16b, #3 + shl v30.16b, v6.16b, #3 + shl v31.16b, v7.16b, #3 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + eor v28.16b, v8.16b, v0.16b + eor v29.16b, v9.16b, v1.16b + eor v30.16b, v10.16b, v2.16b + eor v31.16b, v11.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v10.16b, v14.16b, v2.16b + eor v11.16b, v15.16b, v3.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v4.16b + eor v29.16b, v29.16b, v5.16b + eor v30.16b, v30.16b, v6.16b + eor v31.16b, v31.16b, v7.16b + shl v4.4s, v28.4s, #8 + shl v5.4s, v29.4s, #8 + shl v6.4s, v30.4s, #8 + shl v7.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v4.4s, v28.4s, #24 + sri v5.4s, v29.4s, #24 + sri v6.4s, v30.4s, #24 + sri v7.4s, v31.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + shl v28.4s, v0.4s, #24 + shl v29.4s, v1.4s, #24 + shl v30.4s, v2.4s, #24 + shl v31.4s, v3.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + sri v28.4s, v0.4s, #8 + sri v29.4s, v1.4s, #8 + sri v30.4s, v2.4s, #8 + sri v31.4s, v3.4s, #8 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x21] + # XOR in Key Schedule + ld1 {v0.2d}, [x25], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x23] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + mov v8.d[0], x8 + mov v8.d[1], x9 + mov v9.d[0], x10 + mov v9.d[1], x11 + mov v10.d[0], x12 + mov v10.d[1], x13 + mov v11.d[0], x14 + mov v11.d[1], x15 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + and x16, x17, x15, asr 63 + extr x9, x15, x14, #63 + eor x8, x16, x14, lsl 1 + sub w2, w2, #0x40 + cmp w2, #0x40 + bge L_AES_XTS_decrypt_NEON_loop_4 + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 +L_AES_XTS_decrypt_NEON_start_2: + cmp w2, #32 + blt L_AES_XTS_decrypt_NEON_start_1 + mov x25, x4 + ld1 {v0.16b, v1.16b}, [x0], #32 + ld1 {v4.16b}, [x25], #16 + and x16, x17, x9, asr 63 + extr x11, x9, x8, #63 + eor x10, x16, x8, lsl 1 + and x16, x17, x11, asr 63 + extr x13, x11, x10, #63 + eor x12, x16, x10, lsl 1 + mov v2.d[0], x8 + mov v2.d[1], x9 + mov v3.d[0], x10 + mov v3.d[1], x11 + eor v0.16b, v0.16b, v2.16b + eor v1.16b, v1.16b, v3.16b + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x23] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + movi v10.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + pmul v0.16b, v0.16b, v10.16b + pmul v1.16b, v1.16b, v10.16b + shl v10.16b, v4.16b, #3 + shl v11.16b, v5.16b, #3 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + eor v10.16b, v8.16b, v0.16b + eor v11.16b, v9.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v5.16b + shl v4.4s, v10.4s, #8 + shl v5.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v4.4s, v10.4s, #24 + sri v5.4s, v11.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + shl v10.4s, v0.4s, #24 + shl v11.4s, v1.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + sri v10.4s, v0.4s, #8 + sri v11.4s, v1.4s, #8 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x25], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x23] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + movi v10.16b, #27 + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v0.16b, #6 + ushr v13.16b, v1.16b, #6 + shl v4.16b, v0.16b, #2 + shl v5.16b, v1.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + ushr v4.16b, v0.16b, #5 + ushr v5.16b, v1.16b, #5 + pmul v4.16b, v4.16b, v10.16b + pmul v5.16b, v5.16b, v10.16b + shl v10.16b, v0.16b, #3 + shl v11.16b, v1.16b, #3 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + eor v10.16b, v8.16b, v4.16b + eor v11.16b, v9.16b, v5.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v8.16b, v12.16b, v4.16b + eor v9.16b, v13.16b, v5.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v0.16b + eor v11.16b, v11.16b, v1.16b + shl v0.4s, v10.4s, #8 + shl v1.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v0.4s, v10.4s, #24 + sri v1.4s, v11.4s, #24 + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + shl v10.4s, v4.4s, #24 + shl v11.4s, v5.4s, #24 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + sri v10.4s, v4.4s, #8 + sri v11.4s, v5.4s, #8 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_2 + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x23] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + movi v10.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + pmul v0.16b, v0.16b, v10.16b + pmul v1.16b, v1.16b, v10.16b + shl v10.16b, v4.16b, #3 + shl v11.16b, v5.16b, #3 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + eor v10.16b, v8.16b, v0.16b + eor v11.16b, v9.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v5.16b + shl v4.4s, v10.4s, #8 + shl v5.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v4.4s, v10.4s, #24 + sri v5.4s, v11.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + shl v10.4s, v0.4s, #24 + shl v11.4s, v1.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + sri v10.4s, v0.4s, #8 + sri v11.4s, v1.4s, #8 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x25], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x23] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + eor v0.16b, v0.16b, v2.16b + eor v1.16b, v1.16b, v3.16b + st1 {v0.16b, v1.16b}, [x1], #32 + and x16, x17, x11, asr 63 + extr x9, x11, x10, #63 + eor x8, x16, x10, lsl 1 + sub w2, w2, #32 +L_AES_XTS_decrypt_NEON_start_1: + ld1 {v3.2d}, [x23] + mov v2.d[0], x8 + mov v2.d[1], x9 + cmp w2, #16 + blt L_AES_XTS_decrypt_NEON_start_partial + mov x25, x4 + ld1 {v0.16b}, [x0], #16 + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v2.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + sshr v10.16b, v0.16b, #7 + ushr v11.16b, v0.16b, #6 + ushr v8.16b, v0.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v0.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v0.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v0.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v0.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v0.16b + shl v0.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v0.4s, v9.4s, #24 + eor v0.16b, v0.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v0.16b, v0.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v0.16b, v0.16b, v9.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v2.16b + st1 {v0.16b}, [x1], #16 + sub w2, w2, #16 + cbz w19, L_AES_XTS_decrypt_NEON_data_done + and x16, x17, x9, asr 63 + extr x9, x9, x8, #63 + eor x8, x16, x8, lsl 1 +L_AES_XTS_decrypt_NEON_start_partial: + mov w2, w19 + cbz w2, L_AES_XTS_decrypt_NEON_data_done + mov v2.d[0], x8 + mov v2.d[1], x9 + and x16, x17, x9, asr 63 + extr x11, x9, x8, #63 + eor x10, x16, x8, lsl 1 + mov v1.d[0], x10 + mov v1.d[1], x11 + mov x25, x4 + ld1 {v0.16b}, [x0], #16 + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v1.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_partial_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + sshr v10.16b, v0.16b, #7 + ushr v11.16b, v0.16b, #6 + ushr v8.16b, v0.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v0.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v0.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v0.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v0.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v0.16b + shl v0.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v0.4s, v9.4s, #24 + eor v0.16b, v0.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v0.16b, v0.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v0.16b, v0.16b, v9.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_partial_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v1.16b + st1 {v0.2d}, [x6] + add x1, x1, #16 + mov w16, w2 +L_AES_XTS_decrypt_NEON_start_byte: + ldrb w10, [x6] + ldrb w11, [x0], #1 + strb w10, [x1], #1 + strb w11, [x6], #1 + subs w16, w16, #1 + bgt L_AES_XTS_decrypt_NEON_start_byte + sub x1, x1, x2 + sub x6, x6, x2 + sub x1, x1, #16 + mov x25, x4 + ld1 {v0.2d}, [x6] + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v2.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_partial_2: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + sshr v10.16b, v0.16b, #7 + ushr v11.16b, v0.16b, #6 + ushr v8.16b, v0.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v0.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v0.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v0.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v0.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v0.16b + shl v0.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v0.4s, v9.4s, #24 + eor v0.16b, v0.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v0.16b, v0.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v0.16b, v0.16b, v9.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_partial_2 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v2.16b + st1 {v0.16b}, [x1] +L_AES_XTS_decrypt_NEON_data_done: + ldp x17, x19, [x29, #16] + ldp x20, x21, [x29, #32] + ldp x22, x23, [x29, #48] + ldp x24, x25, [x29, #64] + ldp d8, d9, [x29, #80] + ldp d10, d11, [x29, #96] + ldp d12, d13, [x29, #112] + ldp d14, d15, [x29, #128] + ldp x29, x30, [sp], #0x90 + ret +#ifndef __APPLE__ + .size AES_XTS_decrypt_NEON,.-AES_XTS_decrypt_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_XTS */ +#endif /* !WOLFSSL_ARMASM_NO_NEON */ +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP +#ifdef HAVE_AES_DECRYPT +#ifndef __APPLE__ + .text + .type L_AES_ARM64_td, %object + .section .rodata + .size L_AES_ARM64_td, 1024 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_AES_ARM64_td: + .word 0x5051f4a7 + .word 0x537e4165 + .word 0xc31a17a4 + .word 0x963a275e + .word 0xcb3bab6b + .word 0xf11f9d45 + .word 0xabacfa58 + .word 0x934be303 + .word 0x552030fa + .word 0xf6ad766d + .word 0x9188cc76 + .word 0x25f5024c + .word 0xfc4fe5d7 + .word 0xd7c52acb + .word 0x80263544 + .word 0x8fb562a3 + .word 0x49deb15a + .word 0x6725ba1b + .word 0x9845ea0e + .word 0xe15dfec0 + .word 0x02c32f75 + .word 0x12814cf0 + .word 0xa38d4697 + .word 0xc66bd3f9 + .word 0xe7038f5f + .word 0x9515929c + .word 0xebbf6d7a + .word 0xda955259 + .word 0x2dd4be83 + .word 0xd3587421 + .word 0x2949e069 + .word 0x448ec9c8 + .word 0x6a75c289 + .word 0x78f48e79 + .word 0x6b99583e + .word 0xdd27b971 + .word 0xb6bee14f + .word 0x17f088ad + .word 0x66c920ac + .word 0xb47dce3a + .word 0x1863df4a + .word 0x82e51a31 + .word 0x60975133 + .word 0x4562537f + .word 0xe0b16477 + .word 0x84bb6bae + .word 0x1cfe81a0 + .word 0x94f9082b + .word 0x58704868 + .word 0x198f45fd + .word 0x8794de6c + .word 0xb7527bf8 + .word 0x23ab73d3 + .word 0xe2724b02 + .word 0x57e31f8f + .word 0x2a6655ab + .word 0x07b2eb28 + .word 0x032fb5c2 + .word 0x9a86c57b + .word 0xa5d33708 + .word 0xf2302887 + .word 0xb223bfa5 + .word 0xba02036a + .word 0x5ced1682 + .word 0x2b8acf1c + .word 0x92a779b4 + .word 0xf0f307f2 + .word 0xa14e69e2 + .word 0xcd65daf4 + .word 0xd50605be + .word 0x1fd13462 + .word 0x8ac4a6fe + .word 0x9d342e53 + .word 0xa0a2f355 + .word 0x32058ae1 + .word 0x75a4f6eb + .word 0x390b83ec + .word 0xaa4060ef + .word 0x065e719f + .word 0x51bd6e10 + .word 0xf93e218a + .word 0x3d96dd06 + .word 0xaedd3e05 + .word 0x464de6bd + .word 0xb591548d + .word 0x0571c45d + .word 0x6f0406d4 + .word 0xff605015 + .word 0x241998fb + .word 0x97d6bde9 + .word 0xcc894043 + .word 0x7767d99e + .word 0xbdb0e842 + .word 0x8807898b + .word 0x38e7195b + .word 0xdb79c8ee + .word 0x47a17c0a + .word 0xe97c420f + .word 0xc9f8841e + .word 0x00000000 + .word 0x83098086 + .word 0x48322bed + .word 0xac1e1170 + .word 0x4e6c5a72 + .word 0xfbfd0eff + .word 0x560f8538 + .word 0x1e3daed5 + .word 0x27362d39 + .word 0x640a0fd9 + .word 0x21685ca6 + .word 0xd19b5b54 + .word 0x3a24362e + .word 0xb10c0a67 + .word 0x0f9357e7 + .word 0xd2b4ee96 + .word 0x9e1b9b91 + .word 0x4f80c0c5 + .word 0xa261dc20 + .word 0x695a774b + .word 0x161c121a + .word 0x0ae293ba + .word 0xe5c0a02a + .word 0x433c22e0 + .word 0x1d121b17 + .word 0x0b0e090d + .word 0xadf28bc7 + .word 0xb92db6a8 + .word 0xc8141ea9 + .word 0x8557f119 + .word 0x4caf7507 + .word 0xbbee99dd + .word 0xfda37f60 + .word 0x9ff70126 + .word 0xbc5c72f5 + .word 0xc544663b + .word 0x345bfb7e + .word 0x768b4329 + .word 0xdccb23c6 + .word 0x68b6edfc + .word 0x63b8e4f1 + .word 0xcad731dc + .word 0x10426385 + .word 0x40139722 + .word 0x2084c611 + .word 0x7d854a24 + .word 0xf8d2bb3d + .word 0x11aef932 + .word 0x6dc729a1 + .word 0x4b1d9e2f + .word 0xf3dcb230 + .word 0xec0d8652 + .word 0xd077c1e3 + .word 0x6c2bb316 + .word 0x99a970b9 + .word 0xfa119448 + .word 0x2247e964 + .word 0xc4a8fc8c + .word 0x1aa0f03f + .word 0xd8567d2c + .word 0xef223390 + .word 0xc787494e + .word 0xc1d938d1 + .word 0xfe8ccaa2 + .word 0x3698d40b + .word 0xcfa6f581 + .word 0x28a57ade + .word 0x26dab78e + .word 0xa43fadbf + .word 0xe42c3a9d + .word 0x0d507892 + .word 0x9b6a5fcc + .word 0x62547e46 + .word 0xc2f68d13 + .word 0xe890d8b8 + .word 0x5e2e39f7 + .word 0xf582c3af + .word 0xbe9f5d80 + .word 0x7c69d093 + .word 0xa96fd52d + .word 0xb3cf2512 + .word 0x3bc8ac99 + .word 0xa710187d + .word 0x6ee89c63 + .word 0x7bdb3bbb + .word 0x09cd2678 + .word 0xf46e5918 + .word 0x01ec9ab7 + .word 0xa8834f9a + .word 0x65e6956e + .word 0x7eaaffe6 + .word 0x0821bccf + .word 0xe6ef15e8 + .word 0xd9bae79b + .word 0xce4a6f36 + .word 0xd4ea9f09 + .word 0xd629b07c + .word 0xaf31a4b2 + .word 0x312a3f23 + .word 0x30c6a594 + .word 0xc035a266 + .word 0x37744ebc + .word 0xa6fc82ca + .word 0xb0e090d0 + .word 0x1533a7d8 + .word 0x4af10498 + .word 0xf741ecda + .word 0x0e7fcd50 + .word 0x2f1791f6 + .word 0x8d764dd6 + .word 0x4d43efb0 + .word 0x54ccaa4d + .word 0xdfe49604 + .word 0xe39ed1b5 + .word 0x1b4c6a88 + .word 0xb8c12c1f + .word 0x7f466551 + .word 0x049d5eea + .word 0x5d018c35 + .word 0x73fa8774 + .word 0x2efb0b41 + .word 0x5ab3671d + .word 0x5292dbd2 + .word 0x33e91056 + .word 0x136dd647 + .word 0x8c9ad761 + .word 0x7a37a10c + .word 0x8e59f814 + .word 0x89eb133c + .word 0xeecea927 + .word 0x35b761c9 + .word 0xede11ce5 + .word 0x3c7a47b1 + .word 0x599cd2df + .word 0x3f55f273 + .word 0x791814ce + .word 0xbf73c737 + .word 0xea53f7cd + .word 0x5b5ffdaa + .word 0x14df3d6f + .word 0x867844db + .word 0x81caaff3 + .word 0x3eb968c4 + .word 0x2c382434 + .word 0x5fc2a340 + .word 0x72161dc3 + .word 0x0cbce225 + .word 0x8b283c49 + .word 0x41ff0d95 + .word 0x7139a801 + .word 0xde080cb3 + .word 0x9cd8b4e4 + .word 0x906456c1 + .word 0x617bcb84 + .word 0x70d532b6 + .word 0x74486c5c + .word 0x42d0b857 +#endif /* HAVE_AES_DECRYPT */ +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +#ifndef __APPLE__ + .text + .type L_AES_ARM64_te, %object + .section .rodata + .size L_AES_ARM64_te, 1024 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_AES_ARM64_te: + .word 0xa5c66363 + .word 0x84f87c7c + .word 0x99ee7777 + .word 0x8df67b7b + .word 0x0dfff2f2 + .word 0xbdd66b6b + .word 0xb1de6f6f + .word 0x5491c5c5 + .word 0x50603030 + .word 0x03020101 + .word 0xa9ce6767 + .word 0x7d562b2b + .word 0x19e7fefe + .word 0x62b5d7d7 + .word 0xe64dabab + .word 0x9aec7676 + .word 0x458fcaca + .word 0x9d1f8282 + .word 0x4089c9c9 + .word 0x87fa7d7d + .word 0x15effafa + .word 0xebb25959 + .word 0xc98e4747 + .word 0x0bfbf0f0 + .word 0xec41adad + .word 0x67b3d4d4 + .word 0xfd5fa2a2 + .word 0xea45afaf + .word 0xbf239c9c + .word 0xf753a4a4 + .word 0x96e47272 + .word 0x5b9bc0c0 + .word 0xc275b7b7 + .word 0x1ce1fdfd + .word 0xae3d9393 + .word 0x6a4c2626 + .word 0x5a6c3636 + .word 0x417e3f3f + .word 0x02f5f7f7 + .word 0x4f83cccc + .word 0x5c683434 + .word 0xf451a5a5 + .word 0x34d1e5e5 + .word 0x08f9f1f1 + .word 0x93e27171 + .word 0x73abd8d8 + .word 0x53623131 + .word 0x3f2a1515 + .word 0x0c080404 + .word 0x5295c7c7 + .word 0x65462323 + .word 0x5e9dc3c3 + .word 0x28301818 + .word 0xa1379696 + .word 0x0f0a0505 + .word 0xb52f9a9a + .word 0x090e0707 + .word 0x36241212 + .word 0x9b1b8080 + .word 0x3ddfe2e2 + .word 0x26cdebeb + .word 0x694e2727 + .word 0xcd7fb2b2 + .word 0x9fea7575 + .word 0x1b120909 + .word 0x9e1d8383 + .word 0x74582c2c + .word 0x2e341a1a + .word 0x2d361b1b + .word 0xb2dc6e6e + .word 0xeeb45a5a + .word 0xfb5ba0a0 + .word 0xf6a45252 + .word 0x4d763b3b + .word 0x61b7d6d6 + .word 0xce7db3b3 + .word 0x7b522929 + .word 0x3edde3e3 + .word 0x715e2f2f + .word 0x97138484 + .word 0xf5a65353 + .word 0x68b9d1d1 + .word 0x00000000 + .word 0x2cc1eded + .word 0x60402020 + .word 0x1fe3fcfc + .word 0xc879b1b1 + .word 0xedb65b5b + .word 0xbed46a6a + .word 0x468dcbcb + .word 0xd967bebe + .word 0x4b723939 + .word 0xde944a4a + .word 0xd4984c4c + .word 0xe8b05858 + .word 0x4a85cfcf + .word 0x6bbbd0d0 + .word 0x2ac5efef + .word 0xe54faaaa + .word 0x16edfbfb + .word 0xc5864343 + .word 0xd79a4d4d + .word 0x55663333 + .word 0x94118585 + .word 0xcf8a4545 + .word 0x10e9f9f9 + .word 0x06040202 + .word 0x81fe7f7f + .word 0xf0a05050 + .word 0x44783c3c + .word 0xba259f9f + .word 0xe34ba8a8 + .word 0xf3a25151 + .word 0xfe5da3a3 + .word 0xc0804040 + .word 0x8a058f8f + .word 0xad3f9292 + .word 0xbc219d9d + .word 0x48703838 + .word 0x04f1f5f5 + .word 0xdf63bcbc + .word 0xc177b6b6 + .word 0x75afdada + .word 0x63422121 + .word 0x30201010 + .word 0x1ae5ffff + .word 0x0efdf3f3 + .word 0x6dbfd2d2 + .word 0x4c81cdcd + .word 0x14180c0c + .word 0x35261313 + .word 0x2fc3ecec + .word 0xe1be5f5f + .word 0xa2359797 + .word 0xcc884444 + .word 0x392e1717 + .word 0x5793c4c4 + .word 0xf255a7a7 + .word 0x82fc7e7e + .word 0x477a3d3d + .word 0xacc86464 + .word 0xe7ba5d5d + .word 0x2b321919 + .word 0x95e67373 + .word 0xa0c06060 + .word 0x98198181 + .word 0xd19e4f4f + .word 0x7fa3dcdc + .word 0x66442222 + .word 0x7e542a2a + .word 0xab3b9090 + .word 0x830b8888 + .word 0xca8c4646 + .word 0x29c7eeee + .word 0xd36bb8b8 + .word 0x3c281414 + .word 0x79a7dede + .word 0xe2bc5e5e + .word 0x1d160b0b + .word 0x76addbdb + .word 0x3bdbe0e0 + .word 0x56643232 + .word 0x4e743a3a + .word 0x1e140a0a + .word 0xdb924949 + .word 0x0a0c0606 + .word 0x6c482424 + .word 0xe4b85c5c + .word 0x5d9fc2c2 + .word 0x6ebdd3d3 + .word 0xef43acac + .word 0xa6c46262 + .word 0xa8399191 + .word 0xa4319595 + .word 0x37d3e4e4 + .word 0x8bf27979 + .word 0x32d5e7e7 + .word 0x438bc8c8 + .word 0x596e3737 + .word 0xb7da6d6d + .word 0x8c018d8d + .word 0x64b1d5d5 + .word 0xd29c4e4e + .word 0xe049a9a9 + .word 0xb4d86c6c + .word 0xfaac5656 + .word 0x07f3f4f4 + .word 0x25cfeaea + .word 0xafca6565 + .word 0x8ef47a7a + .word 0xe947aeae + .word 0x18100808 + .word 0xd56fbaba + .word 0x88f07878 + .word 0x6f4a2525 + .word 0x725c2e2e + .word 0x24381c1c + .word 0xf157a6a6 + .word 0xc773b4b4 + .word 0x5197c6c6 + .word 0x23cbe8e8 + .word 0x7ca1dddd + .word 0x9ce87474 + .word 0x213e1f1f + .word 0xdd964b4b + .word 0xdc61bdbd + .word 0x860d8b8b + .word 0x850f8a8a + .word 0x90e07070 + .word 0x427c3e3e + .word 0xc471b5b5 + .word 0xaacc6666 + .word 0xd8904848 + .word 0x05060303 + .word 0x01f7f6f6 + .word 0x121c0e0e + .word 0xa3c26161 + .word 0x5f6a3535 + .word 0xf9ae5757 + .word 0xd069b9b9 + .word 0x91178686 + .word 0x5899c1c1 + .word 0x273a1d1d + .word 0xb9279e9e + .word 0x38d9e1e1 + .word 0x13ebf8f8 + .word 0xb32b9898 + .word 0x33221111 + .word 0xbbd26969 + .word 0x70a9d9d9 + .word 0x89078e8e + .word 0xa7339494 + .word 0xb62d9b9b + .word 0x223c1e1e + .word 0x92158787 + .word 0x20c9e9e9 + .word 0x4987cece + .word 0xffaa5555 + .word 0x78502828 + .word 0x7aa5dfdf + .word 0x8f038c8c + .word 0xf859a1a1 + .word 0x80098989 + .word 0x171a0d0d + .word 0xda65bfbf + .word 0x31d7e6e6 + .word 0xc6844242 + .word 0xb8d06868 + .word 0xc3824141 + .word 0xb0299999 + .word 0x775a2d2d + .word 0x111e0f0f + .word 0xcb7bb0b0 + .word 0xfca85454 + .word 0xd66dbbbb + .word 0x3a2c1616 +#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || + * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#ifndef __APPLE__ +.text +.globl AES_invert_key +.type AES_invert_key,@function +.align 2 +AES_invert_key: +#else +.section __TEXT,__text +.globl _AES_invert_key +.p2align 2 +_AES_invert_key: +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x2, L_AES_ARM64_te + add x2, x2, :lo12:L_AES_ARM64_te +#else + adrp x2, L_AES_ARM64_te@PAGE + add x2, x2, :lo12:L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x3, L_AES_ARM64_td + add x3, x3, :lo12:L_AES_ARM64_td +#else + adrp x3, L_AES_ARM64_td@PAGE + add x3, x3, :lo12:L_AES_ARM64_td@PAGEOFF +#endif /* __APPLE__ */ + add x12, x0, x1, lsl 4 + mov w13, w1 +L_AES_invert_key_loop: + ldp w4, w5, [x0] + ldnp w6, w7, [x0, #8] + ldp w8, w9, [x12] + ldnp w10, w11, [x12, #8] + stp w4, w5, [x12] + stnp w6, w7, [x12, #8] + stp w8, w9, [x0], #8 + stp w10, w11, [x0], #8 + subs w13, w13, #2 + sub x12, x12, #16 + bne L_AES_invert_key_loop + sub x0, x0, x1, lsl 3 + add x0, x0, #16 + sub w13, w1, #1 +L_AES_invert_key_mix_loop: + ldp w4, w5, [x0] + ldnp w6, w7, [x0, #8] + ubfx w8, w4, #0, #8 + ubfx w9, w4, #8, #8 + ubfx w10, w4, #16, #8 + ubfx w11, w4, #24, #8 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w11, w11, #2 + ldrb w8, [x2, x8, LSL 0] + ldrb w9, [x2, x9, LSL 0] + ldrb w10, [x2, x10, LSL 0] + ldrb w11, [x2, x11, LSL 0] + ldr w8, [x3, x8, LSL 2] + ldr w9, [x3, x9, LSL 2] + ldr w10, [x3, x10, LSL 2] + ldr w11, [x3, x11, LSL 2] + eor w10, w10, w8, ror 16 + eor w10, w10, w9, ror 8 + eor w10, w10, w11, ror 24 + str w10, [x0], #4 + ubfx w8, w5, #0, #8 + ubfx w9, w5, #8, #8 + ubfx w10, w5, #16, #8 + ubfx w11, w5, #24, #8 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w11, w11, #2 + ldrb w8, [x2, x8, LSL 0] + ldrb w9, [x2, x9, LSL 0] + ldrb w10, [x2, x10, LSL 0] + ldrb w11, [x2, x11, LSL 0] + ldr w8, [x3, x8, LSL 2] + ldr w9, [x3, x9, LSL 2] + ldr w10, [x3, x10, LSL 2] + ldr w11, [x3, x11, LSL 2] + eor w10, w10, w8, ror 16 + eor w10, w10, w9, ror 8 + eor w10, w10, w11, ror 24 + str w10, [x0], #4 + ubfx w8, w6, #0, #8 + ubfx w9, w6, #8, #8 + ubfx w10, w6, #16, #8 + ubfx w11, w6, #24, #8 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w11, w11, #2 + ldrb w8, [x2, x8, LSL 0] + ldrb w9, [x2, x9, LSL 0] + ldrb w10, [x2, x10, LSL 0] + ldrb w11, [x2, x11, LSL 0] + ldr w8, [x3, x8, LSL 2] + ldr w9, [x3, x9, LSL 2] + ldr w10, [x3, x10, LSL 2] + ldr w11, [x3, x11, LSL 2] + eor w10, w10, w8, ror 16 + eor w10, w10, w9, ror 8 + eor w10, w10, w11, ror 24 + str w10, [x0], #4 + ubfx w8, w7, #0, #8 + ubfx w9, w7, #8, #8 + ubfx w10, w7, #16, #8 + ubfx w11, w7, #24, #8 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w11, w11, #2 + ldrb w8, [x2, x8, LSL 0] + ldrb w9, [x2, x9, LSL 0] + ldrb w10, [x2, x10, LSL 0] + ldrb w11, [x2, x11, LSL 0] + ldr w8, [x3, x8, LSL 2] + ldr w9, [x3, x9, LSL 2] + ldr w10, [x3, x10, LSL 2] + ldr w11, [x3, x11, LSL 2] + eor w10, w10, w8, ror 16 + eor w10, w10, w9, ror 8 + eor w10, w10, w11, ror 24 + str w10, [x0], #4 + subs w13, w13, #1 + bne L_AES_invert_key_mix_loop + ret +#ifndef __APPLE__ + .size AES_invert_key,.-AES_invert_key +#endif /* __APPLE__ */ +#endif /* HAVE_AES_DECRYPT */ +#ifndef __APPLE__ + .text + .type L_AES_ARM64_rcon, %object + .section .rodata + .size L_AES_ARM64_rcon, 40 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_AES_ARM64_rcon: + .word 0x01000000 + .word 0x02000000 + .word 0x04000000 + .word 0x08000000 + .word 0x10000000 + .word 0x20000000 + .word 0x40000000 + .word 0x80000000 + .word 0x1b000000 + .word 0x36000000 +#ifndef __APPLE__ +.text +.globl AES_set_encrypt_key +.type AES_set_encrypt_key,@function +.align 2 +AES_set_encrypt_key: +#else +.section __TEXT,__text +.globl _AES_set_encrypt_key +.p2align 2 +_AES_set_encrypt_key: +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_rcon + add x5, x5, :lo12:L_AES_ARM64_rcon +#else + adrp x5, L_AES_ARM64_rcon@PAGE + add x5, x5, :lo12:L_AES_ARM64_rcon@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x12, L_AES_ARM64_te + add x12, x12, :lo12:L_AES_ARM64_te +#else + adrp x12, L_AES_ARM64_te@PAGE + add x12, x12, :lo12:L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + cmp x1, #0x80 + beq L_AES_set_encrypt_key_start_128 + cmp x1, #0xc0 + beq L_AES_set_encrypt_key_start_192 + ldr w6, [x0] + ldr w7, [x0, #4] + ldr w8, [x0, #8] + ldr w9, [x0, #12] + rev w6, w6 + rev w7, w7 + rev w8, w8 + rev w9, w9 + stp w6, w7, [x2], #8 + stp w8, w9, [x2], #8 + ldr w6, [x0, #16] + ldr w7, [x0, #20] + ldr w8, [x0, #24] + ldr w9, [x0, #28] + rev w6, w6 + rev w7, w7 + rev w8, w8 + rev w9, w9 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + sub x2, x2, #16 + mov x4, #6 +L_AES_set_encrypt_key_loop_256: + ubfx w6, w9, #0, #8 + ubfx w7, w9, #8, #8 + ubfx w8, w9, #16, #8 + ubfx w9, w9, #24, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w9, w9, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w9, [x12, x9, LSL 0] + eor w3, w9, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + eor w6, w6, w3 + ldr w3, [x5], #4 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + add x2, x2, #16 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + sub x2, x2, #16 + mov w3, w9 + ubfx w6, w3, #8, #8 + ubfx w7, w3, #16, #8 + ubfx w8, w3, #24, #8 + ubfx w3, w3, #0, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w3, w3, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w3, [x12, x3, LSL 0] + eor w3, w3, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + add x2, x2, #16 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + sub x2, x2, #16 + subs x4, x4, #1 + bne L_AES_set_encrypt_key_loop_256 + ubfx w6, w9, #0, #8 + ubfx w7, w9, #8, #8 + ubfx w8, w9, #16, #8 + ubfx w9, w9, #24, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w9, w9, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w9, [x12, x9, LSL 0] + eor w3, w9, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + eor w6, w6, w3 + ldr w3, [x5], #4 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + add x2, x2, #16 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + sub x2, x2, #16 + b L_AES_set_encrypt_key_end +L_AES_set_encrypt_key_start_192: + ldr w6, [x0] + ldr w7, [x0, #4] + ldr w8, [x0, #8] + ldr w9, [x0, #12] + ldr w10, [x0, #16] + ldr w11, [x0, #20] + rev w6, w6 + rev w7, w7 + rev w8, w8 + rev w9, w9 + rev w10, w10 + rev w11, w11 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + stnp w10, w11, [x2, #16] + mov x4, #7 +L_AES_set_encrypt_key_loop_192: + ubfx w6, w11, #0, #8 + ubfx w7, w11, #8, #8 + ubfx w8, w11, #16, #8 + ubfx w11, w11, #24, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w11, w11, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w11, [x12, x11, LSL 0] + eor w3, w11, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + ldp w10, w11, [x2], #8 + eor w6, w6, w3 + ldr w3, [x5], #4 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + eor w10, w10, w9 + eor w11, w11, w10 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + stnp w10, w11, [x2, #16] + subs x4, x4, #1 + bne L_AES_set_encrypt_key_loop_192 + ubfx w6, w11, #0, #8 + ubfx w7, w11, #8, #8 + ubfx w8, w11, #16, #8 + ubfx w11, w11, #24, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w11, w11, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w11, [x12, x11, LSL 0] + eor w3, w11, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + ldp w10, w11, [x2], #8 + eor w6, w6, w3 + ldr w3, [x5], #4 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + b L_AES_set_encrypt_key_end +L_AES_set_encrypt_key_start_128: + ldr w6, [x0] + ldr w7, [x0, #4] + ldr w8, [x0, #8] + ldr w9, [x0, #12] + rev w6, w6 + rev w7, w7 + rev w8, w8 + rev w9, w9 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + mov x4, #10 +L_AES_set_encrypt_key_loop_128: + ubfx w6, w9, #0, #8 + ubfx w7, w9, #8, #8 + ubfx w8, w9, #16, #8 + ubfx w9, w9, #24, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w9, w9, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w9, [x12, x9, LSL 0] + eor w3, w9, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + eor w6, w6, w3 + ldr w3, [x5], #4 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + subs x4, x4, #1 + bne L_AES_set_encrypt_key_loop_128 +L_AES_set_encrypt_key_end: + ret +#ifndef __APPLE__ + .size AES_set_encrypt_key,.-AES_set_encrypt_key +#endif /* __APPLE__ */ +#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_ECB) +#ifndef __APPLE__ +.text +.globl AES_ECB_encrypt +.type AES_ECB_encrypt,@function +.align 2 +AES_ECB_encrypt: +#else +.section __TEXT,__text +.globl _AES_ECB_encrypt +.p2align 2 +_AES_ECB_encrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-32]! + add x29, sp, #0 + str x17, [x29, #24] +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_te + add x5, x5, :lo12:L_AES_ARM64_te +#else + adrp x5, L_AES_ARM64_te@PAGE + add x5, x5, :lo12:L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ +L_AES_ECB_encrypt_loop_block_128: + mov x17, x3 + ldr x6, [x0] + ldr x7, [x0, #8] + rev32 x6, x6 + rev32 x7, x7 + ldp x10, x11, [x17], #16 + # Round: 0 - XOR in key schedule + eor x6, x6, x10 + eor x7, x7, x11 + sub w16, w4, #2 +L_AES_ECB_encrypt_loop_nr: + ubfx x10, x6, #48, #8 + ubfx x13, x6, #24, #8 + ubfx x14, x7, #8, #8 + ubfx x15, x7, #32, #8 + ldr x8, [x5] + ldr x8, [x5, #64] + ldr x8, [x5, #128] + ldr x8, [x5, #192] + ldr x8, [x5, #256] + ldr x8, [x5, #320] + ldr x8, [x5, #384] + ldr x8, [x5, #448] + ldr x8, [x5, #512] + ldr x8, [x5, #576] + ldr x8, [x5, #640] + ldr x8, [x5, #704] + ldr x8, [x5, #768] + ldr x8, [x5, #832] + ldr x8, [x5, #896] + ldr x8, [x5, #960] + ldr w10, [x5, x10, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x11, x7, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x6, #56, #8 + eor w10, w10, w14, ror 8 + ubfx x14, x7, #40, #8 + eor w10, w10, w15, ror 16 + ubfx x15, x6, #0, #8 + ldr w11, [x5, x11, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x12, x7, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x7, #24, #8 + eor w11, w11, w14, ror 8 + ubfx x14, x6, #8, #8 + eor w11, w11, w15, ror 16 + ubfx x15, x6, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x5, x12, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x8, x7, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x6, #16, #8 + eor w12, w12, w14, ror 8 + ubfx x14, x7, #56, #8 + eor w11, w12, w15, ror 16 + ubfx x15, x6, #40, #8 + ldr w8, [x5, x8, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w15, [x5, x15, LSL 2] + eor w14, w14, w8, ror 24 + ldp x6, x7, [x17], #16 + eor w13, w13, w14, ror 24 + eor w13, w13, w15, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x6 + eor x11, x11, x7 + ubfx x6, x10, #48, #8 + ubfx x9, x10, #24, #8 + ubfx x14, x11, #8, #8 + ubfx x15, x11, #32, #8 + ldr x12, [x5] + ldr x12, [x5, #64] + ldr x12, [x5, #128] + ldr x12, [x5, #192] + ldr x12, [x5, #256] + ldr x12, [x5, #320] + ldr x12, [x5, #384] + ldr x12, [x5, #448] + ldr x12, [x5, #512] + ldr x12, [x5, #576] + ldr x12, [x5, #640] + ldr x12, [x5, #704] + ldr x12, [x5, #768] + ldr x12, [x5, #832] + ldr x12, [x5, #896] + ldr x12, [x5, #960] + ldr w6, [x5, x6, LSL 2] + ldr w9, [x5, x9, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x7, x11, #16, #8 + eor w6, w6, w9, ror 24 + ubfx x9, x10, #56, #8 + eor w6, w6, w14, ror 8 + ubfx x14, x11, #40, #8 + eor w6, w6, w15, ror 16 + ubfx x15, x10, #0, #8 + ldr w7, [x5, x7, LSL 2] + ldr w9, [x5, x9, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x8, x11, #48, #8 + eor w7, w7, w9, ror 24 + ubfx x9, x11, #24, #8 + eor w7, w7, w14, ror 8 + ubfx x14, x10, #8, #8 + eor w7, w7, w15, ror 16 + ubfx x15, x10, #32, #8 + bfi x6, x7, #32, #32 + ldr w8, [x5, x8, LSL 2] + ldr w9, [x5, x9, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x12, x11, #0, #8 + eor w8, w8, w9, ror 24 + ubfx x9, x10, #16, #8 + eor w8, w8, w14, ror 8 + ubfx x14, x11, #56, #8 + eor w7, w8, w15, ror 16 + ubfx x15, x10, #40, #8 + ldr w12, [x5, x12, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w9, [x5, x9, LSL 2] + ldr w15, [x5, x15, LSL 2] + eor w14, w14, w12, ror 24 + ldp x10, x11, [x17], #16 + eor w9, w9, w14, ror 24 + eor w9, w9, w15, ror 8 + bfi x7, x9, #32, #32 + # XOR in Key Schedule + eor x6, x6, x10 + eor x7, x7, x11 + subs w16, w16, #2 + bne L_AES_ECB_encrypt_loop_nr + ubfx x10, x6, #48, #8 + ubfx x13, x6, #24, #8 + ubfx x14, x7, #8, #8 + ubfx x15, x7, #32, #8 + ldr x8, [x5] + ldr x8, [x5, #64] + ldr x8, [x5, #128] + ldr x8, [x5, #192] + ldr x8, [x5, #256] + ldr x8, [x5, #320] + ldr x8, [x5, #384] + ldr x8, [x5, #448] + ldr x8, [x5, #512] + ldr x8, [x5, #576] + ldr x8, [x5, #640] + ldr x8, [x5, #704] + ldr x8, [x5, #768] + ldr x8, [x5, #832] + ldr x8, [x5, #896] + ldr x8, [x5, #960] + ldr w10, [x5, x10, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x11, x7, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x6, #56, #8 + eor w10, w10, w14, ror 8 + ubfx x14, x7, #40, #8 + eor w10, w10, w15, ror 16 + ubfx x15, x6, #0, #8 + ldr w11, [x5, x11, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x12, x7, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x7, #24, #8 + eor w11, w11, w14, ror 8 + ubfx x14, x6, #8, #8 + eor w11, w11, w15, ror 16 + ubfx x15, x6, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x5, x12, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x8, x7, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x6, #16, #8 + eor w12, w12, w14, ror 8 + ubfx x14, x7, #56, #8 + eor w11, w12, w15, ror 16 + ubfx x15, x6, #40, #8 + ldr w8, [x5, x8, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w15, [x5, x15, LSL 2] + eor w14, w14, w8, ror 24 + ldp x6, x7, [x17], #16 + eor w13, w13, w14, ror 24 + eor w13, w13, w15, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x6 + eor x11, x11, x7 + ubfx x6, x11, #32, #8 + ubfx x9, x11, #8, #8 + ubfx x14, x10, #48, #8 + ubfx x15, x10, #24, #8 + lsl w6, w6, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldr x13, [x5] + ldr x13, [x5, #64] + ldr x13, [x5, #128] + ldr x13, [x5, #192] + ldr x13, [x5, #256] + ldr x13, [x5, #320] + ldr x13, [x5, #384] + ldr x13, [x5, #448] + ldr x13, [x5, #512] + ldr x13, [x5, #576] + ldr x13, [x5, #640] + ldr x13, [x5, #704] + ldr x13, [x5, #768] + ldr x13, [x5, #832] + ldr x13, [x5, #896] + ldr x13, [x5, #960] + ldrb w6, [x5, x6, LSL 0] + ldrb w9, [x5, x9, LSL 0] + ldrb w14, [x5, x14, LSL 0] + ldrb w15, [x5, x15, LSL 0] + ubfx x7, x10, #0, #8 + eor w6, w6, w9, lsl 8 + ubfx x9, x11, #40, #8 + eor w6, w6, w14, lsl 16 + ubfx x14, x11, #16, #8 + eor w6, w6, w15, lsl 24 + ubfx x15, x10, #56, #8 + lsl w7, w7, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w7, [x5, x7, LSL 0] + ldrb w9, [x5, x9, LSL 0] + ldrb w14, [x5, x14, LSL 0] + ldrb w15, [x5, x15, LSL 0] + ubfx x8, x10, #32, #8 + eor w7, w7, w9, lsl 8 + ubfx x9, x10, #8, #8 + eor w7, w7, w14, lsl 16 + ubfx x14, x11, #48, #8 + eor w7, w7, w15, lsl 24 + ubfx x15, x11, #24, #8 + bfi x6, x7, #32, #32 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w8, [x5, x8, LSL 0] + ldrb w9, [x5, x9, LSL 0] + ldrb w14, [x5, x14, LSL 0] + ldrb w15, [x5, x15, LSL 0] + ubfx x13, x11, #56, #8 + eor w8, w8, w9, lsl 8 + ubfx x9, x11, #0, #8 + eor w8, w8, w14, lsl 16 + ubfx x14, x10, #40, #8 + eor w7, w8, w15, lsl 24 + ubfx x15, x10, #16, #8 + lsl w13, w13, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w13, [x5, x13, LSL 0] + ldrb w9, [x5, x9, LSL 0] + ldrb w14, [x5, x14, LSL 0] + ldrb w15, [x5, x15, LSL 0] + eor w14, w14, w13, lsl 16 + ldp x10, x11, [x17] + eor w9, w9, w14, lsl 8 + eor w9, w9, w15, lsl 16 + bfi x7, x9, #32, #32 + # XOR in Key Schedule + eor x6, x6, x10 + eor x7, x7, x11 + rev32 x6, x6 + rev32 x7, x7 + str x6, [x1] + str x7, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_ECB_encrypt_loop_block_128 + ldr x17, [x29, #24] + ldp x29, x30, [sp], #32 + ret +#ifndef __APPLE__ + .size AES_ECB_encrypt,.-AES_ECB_encrypt +#endif /* __APPLE__ */ +#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || + * WOLFSSL_AES_COUNTER || HAVE_AES_ECB */ +#ifdef HAVE_AES_CBC +#ifndef __APPLE__ +.text +.globl AES_CBC_encrypt +.type AES_CBC_encrypt,@function +.align 2 +AES_CBC_encrypt: +#else +.section __TEXT,__text +.globl _AES_CBC_encrypt +.p2align 2 +_AES_CBC_encrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-32]! + add x29, sp, #0 + stp x17, x19, [x29, #16] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_te + add x6, x6, :lo12:L_AES_ARM64_te +#else + adrp x6, L_AES_ARM64_te@PAGE + add x6, x6, :lo12:L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + ldp x7, x8, [x5] +L_AES_CBC_encrypt_loop_block: + mov x19, x3 + ldr x11, [x0] + ldr x12, [x0, #8] + eor x7, x7, x11 + eor x8, x8, x12 + rev32 x7, x7 + rev32 x8, x8 + ldp x11, x12, [x19], #16 + # Round: 0 - XOR in key schedule + eor x7, x7, x11 + eor x8, x8, x12 + sub w17, w4, #2 +L_AES_CBC_encrypt_loop_nr: + ubfx x11, x7, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x15, x8, #8, #8 + ubfx x16, x8, #32, #8 + ldr x9, [x6] + ldr x9, [x6, #64] + ldr x9, [x6, #128] + ldr x9, [x6, #192] + ldr x9, [x6, #256] + ldr x9, [x6, #320] + ldr x9, [x6, #384] + ldr x9, [x6, #448] + ldr x9, [x6, #512] + ldr x9, [x6, #576] + ldr x9, [x6, #640] + ldr x9, [x6, #704] + ldr x9, [x6, #768] + ldr x9, [x6, #832] + ldr x9, [x6, #896] + ldr x9, [x6, #960] + ldr w11, [x6, x11, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x12, x8, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w15, ror 8 + ubfx x15, x8, #40, #8 + eor w11, w11, w16, ror 16 + ubfx x16, x7, #0, #8 + ldr w12, [x6, x12, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x13, x8, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w15, ror 8 + ubfx x15, x7, #8, #8 + eor w12, w12, w16, ror 16 + ubfx x16, x7, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x6, x13, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x9, x8, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x7, #16, #8 + eor w13, w13, w15, ror 8 + ubfx x15, x8, #56, #8 + eor w12, w13, w16, ror 16 + ubfx x16, x7, #40, #8 + ldr w9, [x6, x9, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w16, [x6, x16, LSL 2] + eor w15, w15, w9, ror 24 + ldp x7, x8, [x19], #16 + eor w14, w14, w15, ror 24 + eor w14, w14, w16, ror 8 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x11, #48, #8 + ubfx x10, x11, #24, #8 + ubfx x15, x12, #8, #8 + ubfx x16, x12, #32, #8 + ldr x13, [x6] + ldr x13, [x6, #64] + ldr x13, [x6, #128] + ldr x13, [x6, #192] + ldr x13, [x6, #256] + ldr x13, [x6, #320] + ldr x13, [x6, #384] + ldr x13, [x6, #448] + ldr x13, [x6, #512] + ldr x13, [x6, #576] + ldr x13, [x6, #640] + ldr x13, [x6, #704] + ldr x13, [x6, #768] + ldr x13, [x6, #832] + ldr x13, [x6, #896] + ldr x13, [x6, #960] + ldr w7, [x6, x7, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x8, x12, #16, #8 + eor w7, w7, w10, ror 24 + ubfx x10, x11, #56, #8 + eor w7, w7, w15, ror 8 + ubfx x15, x12, #40, #8 + eor w7, w7, w16, ror 16 + ubfx x16, x11, #0, #8 + ldr w8, [x6, x8, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x9, x12, #48, #8 + eor w8, w8, w10, ror 24 + ubfx x10, x12, #24, #8 + eor w8, w8, w15, ror 8 + ubfx x15, x11, #8, #8 + eor w8, w8, w16, ror 16 + ubfx x16, x11, #32, #8 + bfi x7, x8, #32, #32 + ldr w9, [x6, x9, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x13, x12, #0, #8 + eor w9, w9, w10, ror 24 + ubfx x10, x11, #16, #8 + eor w9, w9, w15, ror 8 + ubfx x15, x12, #56, #8 + eor w8, w9, w16, ror 16 + ubfx x16, x11, #40, #8 + ldr w13, [x6, x13, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w16, [x6, x16, LSL 2] + eor w15, w15, w13, ror 24 + ldp x11, x12, [x19], #16 + eor w10, w10, w15, ror 24 + eor w10, w10, w16, ror 8 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + subs w17, w17, #2 + bne L_AES_CBC_encrypt_loop_nr + ubfx x11, x7, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x15, x8, #8, #8 + ubfx x16, x8, #32, #8 + ldr x9, [x6] + ldr x9, [x6, #64] + ldr x9, [x6, #128] + ldr x9, [x6, #192] + ldr x9, [x6, #256] + ldr x9, [x6, #320] + ldr x9, [x6, #384] + ldr x9, [x6, #448] + ldr x9, [x6, #512] + ldr x9, [x6, #576] + ldr x9, [x6, #640] + ldr x9, [x6, #704] + ldr x9, [x6, #768] + ldr x9, [x6, #832] + ldr x9, [x6, #896] + ldr x9, [x6, #960] + ldr w11, [x6, x11, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x12, x8, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w15, ror 8 + ubfx x15, x8, #40, #8 + eor w11, w11, w16, ror 16 + ubfx x16, x7, #0, #8 + ldr w12, [x6, x12, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x13, x8, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w15, ror 8 + ubfx x15, x7, #8, #8 + eor w12, w12, w16, ror 16 + ubfx x16, x7, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x6, x13, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x9, x8, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x7, #16, #8 + eor w13, w13, w15, ror 8 + ubfx x15, x8, #56, #8 + eor w12, w13, w16, ror 16 + ubfx x16, x7, #40, #8 + ldr w9, [x6, x9, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w16, [x6, x16, LSL 2] + eor w15, w15, w9, ror 24 + ldp x7, x8, [x19], #16 + eor w14, w14, w15, ror 24 + eor w14, w14, w16, ror 8 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x12, #32, #8 + ubfx x10, x12, #8, #8 + ubfx x15, x11, #48, #8 + ubfx x16, x11, #24, #8 + lsl w7, w7, #2 + lsl w10, w10, #2 + lsl w15, w15, #2 + lsl w16, w16, #2 + ldr x14, [x6] + ldr x14, [x6, #64] + ldr x14, [x6, #128] + ldr x14, [x6, #192] + ldr x14, [x6, #256] + ldr x14, [x6, #320] + ldr x14, [x6, #384] + ldr x14, [x6, #448] + ldr x14, [x6, #512] + ldr x14, [x6, #576] + ldr x14, [x6, #640] + ldr x14, [x6, #704] + ldr x14, [x6, #768] + ldr x14, [x6, #832] + ldr x14, [x6, #896] + ldr x14, [x6, #960] + ldrb w7, [x6, x7, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x8, x11, #0, #8 + eor w7, w7, w10, lsl 8 + ubfx x10, x12, #40, #8 + eor w7, w7, w15, lsl 16 + ubfx x15, x12, #16, #8 + eor w7, w7, w16, lsl 24 + ubfx x16, x11, #56, #8 + lsl w8, w8, #2 + lsl w10, w10, #2 + lsl w15, w15, #2 + lsl w16, w16, #2 + ldrb w8, [x6, x8, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x9, x11, #32, #8 + eor w8, w8, w10, lsl 8 + ubfx x10, x11, #8, #8 + eor w8, w8, w15, lsl 16 + ubfx x15, x12, #48, #8 + eor w8, w8, w16, lsl 24 + ubfx x16, x12, #24, #8 + bfi x7, x8, #32, #32 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w15, w15, #2 + lsl w16, w16, #2 + ldrb w9, [x6, x9, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x14, x12, #56, #8 + eor w9, w9, w10, lsl 8 + ubfx x10, x12, #0, #8 + eor w9, w9, w15, lsl 16 + ubfx x15, x11, #40, #8 + eor w8, w9, w16, lsl 24 + ubfx x16, x11, #16, #8 + lsl w14, w14, #2 + lsl w10, w10, #2 + lsl w15, w15, #2 + lsl w16, w16, #2 + ldrb w14, [x6, x14, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + eor w15, w15, w14, lsl 16 + ldp x11, x12, [x19] + eor w10, w10, w15, lsl 8 + eor w10, w10, w16, lsl 16 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + rev32 x7, x7 + rev32 x8, x8 + str x7, [x1] + str x8, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_CBC_encrypt_loop_block + stp x7, x8, [x5] + ldp x17, x19, [x29, #16] + ldp x29, x30, [sp], #32 + ret +#ifndef __APPLE__ + .size AES_CBC_encrypt,.-AES_CBC_encrypt +#endif /* __APPLE__ */ +#endif /* HAVE_AES_CBC */ +#ifdef WOLFSSL_AES_COUNTER +#ifndef __APPLE__ +.text +.globl AES_CTR_encrypt +.type AES_CTR_encrypt,@function +.align 2 +AES_CTR_encrypt: +#else +.section __TEXT,__text +.globl _AES_CTR_encrypt +.p2align 2 +_AES_CTR_encrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-48]! + add x29, sp, #0 + stp x17, x19, [x29, #16] + stp x20, x21, [x29, #32] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_te + add x6, x6, :lo12:L_AES_ARM64_te +#else + adrp x6, L_AES_ARM64_te@PAGE + add x6, x6, :lo12:L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + ldp x15, x16, [x5] + rev32 x15, x15 + rev32 x16, x16 +L_AES_CTR_encrypt_loop_block_128: + mov x21, x3 + ldp x11, x12, [x21], #16 + # Round: 0 - XOR in key schedule + eor x7, x15, x11 + eor x8, x16, x12 + sub w20, w4, #2 +L_AES_CTR_encrypt_loop_nr: + ubfx x11, x7, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x17, x8, #8, #8 + ubfx x19, x8, #32, #8 + ldr x9, [x6] + ldr x9, [x6, #64] + ldr x9, [x6, #128] + ldr x9, [x6, #192] + ldr x9, [x6, #256] + ldr x9, [x6, #320] + ldr x9, [x6, #384] + ldr x9, [x6, #448] + ldr x9, [x6, #512] + ldr x9, [x6, #576] + ldr x9, [x6, #640] + ldr x9, [x6, #704] + ldr x9, [x6, #768] + ldr x9, [x6, #832] + ldr x9, [x6, #896] + ldr x9, [x6, #960] + ldr w11, [x6, x11, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x12, x8, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w17, ror 8 + ubfx x17, x8, #40, #8 + eor w11, w11, w19, ror 16 + ubfx x19, x7, #0, #8 + ldr w12, [x6, x12, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x13, x8, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w17, ror 8 + ubfx x17, x7, #8, #8 + eor w12, w12, w19, ror 16 + ubfx x19, x7, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x6, x13, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x9, x8, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x7, #16, #8 + eor w13, w13, w17, ror 8 + ubfx x17, x8, #56, #8 + eor w12, w13, w19, ror 16 + ubfx x19, x7, #40, #8 + ldr w9, [x6, x9, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w19, [x6, x19, LSL 2] + eor w17, w17, w9, ror 24 + ldp x7, x8, [x21], #16 + eor w14, w14, w17, ror 24 + eor w14, w14, w19, ror 8 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x11, #48, #8 + ubfx x10, x11, #24, #8 + ubfx x17, x12, #8, #8 + ubfx x19, x12, #32, #8 + ldr x13, [x6] + ldr x13, [x6, #64] + ldr x13, [x6, #128] + ldr x13, [x6, #192] + ldr x13, [x6, #256] + ldr x13, [x6, #320] + ldr x13, [x6, #384] + ldr x13, [x6, #448] + ldr x13, [x6, #512] + ldr x13, [x6, #576] + ldr x13, [x6, #640] + ldr x13, [x6, #704] + ldr x13, [x6, #768] + ldr x13, [x6, #832] + ldr x13, [x6, #896] + ldr x13, [x6, #960] + ldr w7, [x6, x7, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x8, x12, #16, #8 + eor w7, w7, w10, ror 24 + ubfx x10, x11, #56, #8 + eor w7, w7, w17, ror 8 + ubfx x17, x12, #40, #8 + eor w7, w7, w19, ror 16 + ubfx x19, x11, #0, #8 + ldr w8, [x6, x8, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x9, x12, #48, #8 + eor w8, w8, w10, ror 24 + ubfx x10, x12, #24, #8 + eor w8, w8, w17, ror 8 + ubfx x17, x11, #8, #8 + eor w8, w8, w19, ror 16 + ubfx x19, x11, #32, #8 + bfi x7, x8, #32, #32 + ldr w9, [x6, x9, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x13, x12, #0, #8 + eor w9, w9, w10, ror 24 + ubfx x10, x11, #16, #8 + eor w9, w9, w17, ror 8 + ubfx x17, x12, #56, #8 + eor w8, w9, w19, ror 16 + ubfx x19, x11, #40, #8 + ldr w13, [x6, x13, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w19, [x6, x19, LSL 2] + eor w17, w17, w13, ror 24 + ldp x11, x12, [x21], #16 + eor w10, w10, w17, ror 24 + eor w10, w10, w19, ror 8 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + subs w20, w20, #2 + bne L_AES_CTR_encrypt_loop_nr + ubfx x11, x7, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x17, x8, #8, #8 + ubfx x19, x8, #32, #8 + ldr x9, [x6] + ldr x9, [x6, #64] + ldr x9, [x6, #128] + ldr x9, [x6, #192] + ldr x9, [x6, #256] + ldr x9, [x6, #320] + ldr x9, [x6, #384] + ldr x9, [x6, #448] + ldr x9, [x6, #512] + ldr x9, [x6, #576] + ldr x9, [x6, #640] + ldr x9, [x6, #704] + ldr x9, [x6, #768] + ldr x9, [x6, #832] + ldr x9, [x6, #896] + ldr x9, [x6, #960] + ldr w11, [x6, x11, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x12, x8, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w17, ror 8 + ubfx x17, x8, #40, #8 + eor w11, w11, w19, ror 16 + ubfx x19, x7, #0, #8 + ldr w12, [x6, x12, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x13, x8, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w17, ror 8 + ubfx x17, x7, #8, #8 + eor w12, w12, w19, ror 16 + ubfx x19, x7, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x6, x13, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x9, x8, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x7, #16, #8 + eor w13, w13, w17, ror 8 + ubfx x17, x8, #56, #8 + eor w12, w13, w19, ror 16 + ubfx x19, x7, #40, #8 + ldr w9, [x6, x9, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w19, [x6, x19, LSL 2] + eor w17, w17, w9, ror 24 + ldp x7, x8, [x21], #16 + eor w14, w14, w17, ror 24 + eor w14, w14, w19, ror 8 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x12, #32, #8 + ubfx x10, x12, #8, #8 + ubfx x17, x11, #48, #8 + ubfx x19, x11, #24, #8 + lsl w7, w7, #2 + lsl w10, w10, #2 + lsl w17, w17, #2 + lsl w19, w19, #2 + ldr x14, [x6] + ldr x14, [x6, #64] + ldr x14, [x6, #128] + ldr x14, [x6, #192] + ldr x14, [x6, #256] + ldr x14, [x6, #320] + ldr x14, [x6, #384] + ldr x14, [x6, #448] + ldr x14, [x6, #512] + ldr x14, [x6, #576] + ldr x14, [x6, #640] + ldr x14, [x6, #704] + ldr x14, [x6, #768] + ldr x14, [x6, #832] + ldr x14, [x6, #896] + ldr x14, [x6, #960] + ldrb w7, [x6, x7, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w19, [x6, x19, LSL 0] + ubfx x8, x11, #0, #8 + eor w7, w7, w10, lsl 8 + ubfx x10, x12, #40, #8 + eor w7, w7, w17, lsl 16 + ubfx x17, x12, #16, #8 + eor w7, w7, w19, lsl 24 + ubfx x19, x11, #56, #8 + lsl w8, w8, #2 + lsl w10, w10, #2 + lsl w17, w17, #2 + lsl w19, w19, #2 + ldrb w8, [x6, x8, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w19, [x6, x19, LSL 0] + ubfx x9, x11, #32, #8 + eor w8, w8, w10, lsl 8 + ubfx x10, x11, #8, #8 + eor w8, w8, w17, lsl 16 + ubfx x17, x12, #48, #8 + eor w8, w8, w19, lsl 24 + ubfx x19, x12, #24, #8 + bfi x7, x8, #32, #32 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w17, w17, #2 + lsl w19, w19, #2 + ldrb w9, [x6, x9, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w19, [x6, x19, LSL 0] + ubfx x14, x12, #56, #8 + eor w9, w9, w10, lsl 8 + ubfx x10, x12, #0, #8 + eor w9, w9, w17, lsl 16 + ubfx x17, x11, #40, #8 + eor w8, w9, w19, lsl 24 + ubfx x19, x11, #16, #8 + lsl w14, w14, #2 + lsl w10, w10, #2 + lsl w17, w17, #2 + lsl w19, w19, #2 + ldrb w14, [x6, x14, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w19, [x6, x19, LSL 0] + eor w17, w17, w14, lsl 16 + ldp x11, x12, [x21] + eor w10, w10, w17, lsl 8 + eor w10, w10, w19, lsl 16 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + rev32 x7, x7 + rev32 x8, x8 + ldr x11, [x0] + ldr x12, [x0, #8] + eor x7, x7, x11 + eor x8, x8, x12 + str x7, [x1] + str x8, [x1, #8] + ror x16, x16, #32 + ror x15, x15, #32 + adds x16, x16, #1 + adc x15, x15, xzr + ror x16, x16, #32 + ror x15, x15, #32 + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_CTR_encrypt_loop_block_128 + rev32 x15, x15 + rev32 x16, x16 + stp x15, x16, [x5] + ldp x17, x19, [x29, #16] + ldp x20, x21, [x29, #32] + ldp x29, x30, [sp], #48 + ret +#ifndef __APPLE__ + .size AES_CTR_encrypt,.-AES_CTR_encrypt +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +#ifndef __APPLE__ + .text + .type L_AES_ARM64_td4, %object + .section .rodata + .size L_AES_ARM64_td4, 256 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_AES_ARM64_td4: + .byte 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38 + .byte 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb + .byte 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87 + .byte 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb + .byte 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d + .byte 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e + .byte 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2 + .byte 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25 + .byte 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16 + .byte 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92 + .byte 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda + .byte 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84 + .byte 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a + .byte 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06 + .byte 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02 + .byte 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b + .byte 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea + .byte 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73 + .byte 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85 + .byte 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e + .byte 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89 + .byte 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b + .byte 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20 + .byte 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4 + .byte 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31 + .byte 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f + .byte 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d + .byte 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef + .byte 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0 + .byte 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61 + .byte 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26 + .byte 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) +#ifndef __APPLE__ +.text +.globl AES_ECB_decrypt +.type AES_ECB_decrypt,@function +.align 2 +AES_ECB_decrypt: +#else +.section __TEXT,__text +.globl _AES_ECB_decrypt +.p2align 2 +_AES_ECB_decrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-32]! + add x29, sp, #0 + stp x17, x19, [x29, #16] +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_td + add x5, x5, :lo12:L_AES_ARM64_td +#else + adrp x5, L_AES_ARM64_td@PAGE + add x5, x5, :lo12:L_AES_ARM64_td@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_td4 + add x6, x6, :lo12:L_AES_ARM64_td4 +#else + adrp x6, L_AES_ARM64_td4@PAGE + add x6, x6, :lo12:L_AES_ARM64_td4@PAGEOFF +#endif /* __APPLE__ */ +L_AES_ECB_decrypt_loop_block: + mov x19, x3 + ldr x7, [x0] + ldr x8, [x0, #8] + rev32 x7, x7 + rev32 x8, x8 + ldp x11, x12, [x19], #16 + # Round: 0 - XOR in key schedule + eor x7, x7, x11 + eor x8, x8, x12 + sub w17, w4, #2 +L_AES_ECB_decrypt_loop_nr: + ubfx x11, x8, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x15, x8, #8, #8 + ubfx x16, x7, #32, #8 + ldr x9, [x5] + ldr x9, [x5, #64] + ldr x9, [x5, #128] + ldr x9, [x5, #192] + ldr x9, [x5, #256] + ldr x9, [x5, #320] + ldr x9, [x5, #384] + ldr x9, [x5, #448] + ldr x9, [x5, #512] + ldr x9, [x5, #576] + ldr x9, [x5, #640] + ldr x9, [x5, #704] + ldr x9, [x5, #768] + ldr x9, [x5, #832] + ldr x9, [x5, #896] + ldr x9, [x5, #960] + ldr w11, [x5, x11, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x12, x7, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w15, ror 8 + ubfx x15, x8, #40, #8 + eor w11, w11, w16, ror 16 + ubfx x16, x8, #0, #8 + ldr w12, [x5, x12, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x13, x7, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w15, ror 8 + ubfx x15, x7, #8, #8 + eor w12, w12, w16, ror 16 + ubfx x16, x8, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x9, x7, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x8, #16, #8 + eor w13, w13, w15, ror 8 + ubfx x15, x8, #56, #8 + eor w12, w13, w16, ror 16 + ubfx x16, x7, #40, #8 + ldr w9, [x5, x9, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w16, [x5, x16, LSL 2] + eor w15, w15, w9, ror 24 + ldp x7, x8, [x19], #16 + eor w14, w14, w16, ror 8 + eor w14, w14, w15, ror 24 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x12, #48, #8 + ubfx x10, x11, #24, #8 + ubfx x15, x12, #8, #8 + ubfx x16, x11, #32, #8 + ldr x13, [x5] + ldr x13, [x5, #64] + ldr x13, [x5, #128] + ldr x13, [x5, #192] + ldr x13, [x5, #256] + ldr x13, [x5, #320] + ldr x13, [x5, #384] + ldr x13, [x5, #448] + ldr x13, [x5, #512] + ldr x13, [x5, #576] + ldr x13, [x5, #640] + ldr x13, [x5, #704] + ldr x13, [x5, #768] + ldr x13, [x5, #832] + ldr x13, [x5, #896] + ldr x13, [x5, #960] + ldr w7, [x5, x7, LSL 2] + ldr w10, [x5, x10, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x8, x11, #16, #8 + eor w7, w7, w10, ror 24 + ubfx x10, x11, #56, #8 + eor w7, w7, w15, ror 8 + ubfx x15, x12, #40, #8 + eor w7, w7, w16, ror 16 + ubfx x16, x12, #0, #8 + ldr w8, [x5, x8, LSL 2] + ldr w10, [x5, x10, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x9, x11, #48, #8 + eor w8, w8, w10, ror 24 + ubfx x10, x12, #24, #8 + eor w8, w8, w15, ror 8 + ubfx x15, x11, #8, #8 + eor w8, w8, w16, ror 16 + ubfx x16, x12, #32, #8 + bfi x7, x8, #32, #32 + ldr w9, [x5, x9, LSL 2] + ldr w10, [x5, x10, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x13, x11, #0, #8 + eor w9, w9, w10, ror 24 + ubfx x10, x12, #16, #8 + eor w9, w9, w15, ror 8 + ubfx x15, x12, #56, #8 + eor w8, w9, w16, ror 16 + ubfx x16, x11, #40, #8 + ldr w13, [x5, x13, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w10, [x5, x10, LSL 2] + ldr w16, [x5, x16, LSL 2] + eor w15, w15, w13, ror 24 + ldp x11, x12, [x19], #16 + eor w10, w10, w16, ror 8 + eor w10, w10, w15, ror 24 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + subs w17, w17, #2 + bne L_AES_ECB_decrypt_loop_nr + ubfx x11, x8, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x15, x8, #8, #8 + ubfx x16, x7, #32, #8 + ldr x9, [x5] + ldr x9, [x5, #64] + ldr x9, [x5, #128] + ldr x9, [x5, #192] + ldr x9, [x5, #256] + ldr x9, [x5, #320] + ldr x9, [x5, #384] + ldr x9, [x5, #448] + ldr x9, [x5, #512] + ldr x9, [x5, #576] + ldr x9, [x5, #640] + ldr x9, [x5, #704] + ldr x9, [x5, #768] + ldr x9, [x5, #832] + ldr x9, [x5, #896] + ldr x9, [x5, #960] + ldr w11, [x5, x11, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x12, x7, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w15, ror 8 + ubfx x15, x8, #40, #8 + eor w11, w11, w16, ror 16 + ubfx x16, x8, #0, #8 + ldr w12, [x5, x12, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x13, x7, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w15, ror 8 + ubfx x15, x7, #8, #8 + eor w12, w12, w16, ror 16 + ubfx x16, x8, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x9, x7, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x8, #16, #8 + eor w13, w13, w15, ror 8 + ubfx x15, x8, #56, #8 + eor w12, w13, w16, ror 16 + ubfx x16, x7, #40, #8 + ldr w9, [x5, x9, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w16, [x5, x16, LSL 2] + eor w15, w15, w9, ror 24 + ldp x7, x8, [x19], #16 + eor w14, w14, w16, ror 8 + eor w14, w14, w15, ror 24 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x11, #32, #8 + ubfx x10, x12, #8, #8 + ubfx x15, x12, #48, #8 + ubfx x16, x11, #24, #8 + ldr x14, [x6] + ldr x14, [x6, #64] + ldr x14, [x6, #128] + ldr x14, [x6, #192] + ldr x14, [x6, #256] + ldr x14, [x6, #320] + ldr x14, [x6, #384] + ldr x14, [x6, #448] + ldr x14, [x6, #512] + ldr x14, [x6, #576] + ldr x14, [x6, #640] + ldr x14, [x6, #704] + ldr x14, [x6, #768] + ldr x14, [x6, #832] + ldr x14, [x6, #896] + ldr x14, [x6, #960] + ldrb w7, [x6, x7, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x8, x12, #0, #8 + eor w7, w7, w10, lsl 8 + ubfx x10, x12, #40, #8 + eor w7, w7, w15, lsl 16 + ubfx x15, x11, #16, #8 + eor w7, w7, w16, lsl 24 + ubfx x16, x11, #56, #8 + ldrb w10, [x6, x10, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w8, [x6, x8, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ubfx x9, x12, #32, #8 + eor w8, w8, w10, lsl 8 + ubfx x10, x11, #8, #8 + eor w8, w8, w15, lsl 16 + ubfx x15, x11, #48, #8 + eor w8, w8, w16, lsl 24 + ubfx x16, x12, #24, #8 + bfi x7, x8, #32, #32 + ldrb w10, [x6, x10, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w9, [x6, x9, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ubfx x14, x12, #56, #8 + eor w9, w9, w10, lsl 8 + ubfx x10, x11, #0, #8 + eor w9, w9, w15, lsl 16 + ubfx x15, x11, #40, #8 + eor w8, w9, w16, lsl 24 + ubfx x16, x12, #16, #8 + ldrb w14, [x6, x14, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w16, [x6, x16, LSL 0] + eor w15, w15, w14, lsl 16 + ldp x11, x12, [x19] + eor w10, w10, w15, lsl 8 + eor w10, w10, w16, lsl 16 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + rev32 x7, x7 + rev32 x8, x8 + str x7, [x1] + str x8, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_ECB_decrypt_loop_block + ldp x17, x19, [x29, #16] + ldp x29, x30, [sp], #32 + ret +#ifndef __APPLE__ + .size AES_ECB_decrypt,.-AES_ECB_decrypt +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ +#ifdef HAVE_AES_CBC +#ifndef __APPLE__ +.text +.globl AES_CBC_decrypt +.type AES_CBC_decrypt,@function +.align 2 +AES_CBC_decrypt: +#else +.section __TEXT,__text +.globl _AES_CBC_decrypt +.p2align 2 +_AES_CBC_decrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-48]! + add x29, sp, #0 + stp x17, x19, [x29, #24] + str x20, [x29, #40] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_td4 + add x6, x6, :lo12:L_AES_ARM64_td4 +#else + adrp x6, L_AES_ARM64_td4@PAGE + add x6, x6, :lo12:L_AES_ARM64_td4@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x7, L_AES_ARM64_td + add x7, x7, :lo12:L_AES_ARM64_td +#else + adrp x7, L_AES_ARM64_td@PAGE + add x7, x7, :lo12:L_AES_ARM64_td@PAGEOFF +#endif /* __APPLE__ */ +L_AES_CBC_decrypt_loop_block: + mov x20, x3 + ldr x8, [x0] + ldr x9, [x0, #8] + stnp x8, x9, [x5, #16] + rev32 x8, x8 + rev32 x9, x9 + ldp x12, x13, [x20], #16 + # Round: 0 - XOR in key schedule + eor x8, x8, x12 + eor x9, x9, x13 + sub w19, w4, #2 +L_AES_CBC_decrypt_loop_nr_even: + ubfx x12, x9, #48, #8 + ubfx x15, x8, #24, #8 + ubfx x16, x9, #8, #8 + ubfx x17, x8, #32, #8 + ldr x10, [x7] + ldr x10, [x7, #64] + ldr x10, [x7, #128] + ldr x10, [x7, #192] + ldr x10, [x7, #256] + ldr x10, [x7, #320] + ldr x10, [x7, #384] + ldr x10, [x7, #448] + ldr x10, [x7, #512] + ldr x10, [x7, #576] + ldr x10, [x7, #640] + ldr x10, [x7, #704] + ldr x10, [x7, #768] + ldr x10, [x7, #832] + ldr x10, [x7, #896] + ldr x10, [x7, #960] + ldr w12, [x7, x12, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x13, x8, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x8, #56, #8 + eor w12, w12, w16, ror 8 + ubfx x16, x9, #40, #8 + eor w12, w12, w17, ror 16 + ubfx x17, x9, #0, #8 + ldr w13, [x7, x13, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x8, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x9, #24, #8 + eor w13, w13, w16, ror 8 + ubfx x16, x8, #8, #8 + eor w13, w13, w17, ror 16 + ubfx x17, x9, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x7, x14, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x8, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x9, #16, #8 + eor w14, w14, w16, ror 8 + ubfx x16, x9, #56, #8 + eor w13, w14, w17, ror 16 + ubfx x17, x8, #40, #8 + ldr w10, [x7, x10, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w10, ror 24 + ldp x8, x9, [x20], #16 + eor w15, w15, w17, ror 8 + eor w15, w15, w16, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x8 + eor x13, x13, x9 + ubfx x8, x13, #48, #8 + ubfx x11, x12, #24, #8 + ubfx x16, x13, #8, #8 + ubfx x17, x12, #32, #8 + ldr x14, [x7] + ldr x14, [x7, #64] + ldr x14, [x7, #128] + ldr x14, [x7, #192] + ldr x14, [x7, #256] + ldr x14, [x7, #320] + ldr x14, [x7, #384] + ldr x14, [x7, #448] + ldr x14, [x7, #512] + ldr x14, [x7, #576] + ldr x14, [x7, #640] + ldr x14, [x7, #704] + ldr x14, [x7, #768] + ldr x14, [x7, #832] + ldr x14, [x7, #896] + ldr x14, [x7, #960] + ldr w8, [x7, x8, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x9, x12, #16, #8 + eor w8, w8, w11, ror 24 + ubfx x11, x12, #56, #8 + eor w8, w8, w16, ror 8 + ubfx x16, x13, #40, #8 + eor w8, w8, w17, ror 16 + ubfx x17, x13, #0, #8 + ldr w9, [x7, x9, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x12, #48, #8 + eor w9, w9, w11, ror 24 + ubfx x11, x13, #24, #8 + eor w9, w9, w16, ror 8 + ubfx x16, x12, #8, #8 + eor w9, w9, w17, ror 16 + ubfx x17, x13, #32, #8 + bfi x8, x9, #32, #32 + ldr w10, [x7, x10, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x12, #0, #8 + eor w10, w10, w11, ror 24 + ubfx x11, x13, #16, #8 + eor w10, w10, w16, ror 8 + ubfx x16, x13, #56, #8 + eor w9, w10, w17, ror 16 + ubfx x17, x12, #40, #8 + ldr w14, [x7, x14, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w14, ror 24 + ldp x12, x13, [x20], #16 + eor w11, w11, w17, ror 8 + eor w11, w11, w16, ror 24 + bfi x9, x11, #32, #32 + # XOR in Key Schedule + eor x8, x8, x12 + eor x9, x9, x13 + subs w19, w19, #2 + bne L_AES_CBC_decrypt_loop_nr_even + ubfx x12, x9, #48, #8 + ubfx x15, x8, #24, #8 + ubfx x16, x9, #8, #8 + ubfx x17, x8, #32, #8 + ldr x10, [x7] + ldr x10, [x7, #64] + ldr x10, [x7, #128] + ldr x10, [x7, #192] + ldr x10, [x7, #256] + ldr x10, [x7, #320] + ldr x10, [x7, #384] + ldr x10, [x7, #448] + ldr x10, [x7, #512] + ldr x10, [x7, #576] + ldr x10, [x7, #640] + ldr x10, [x7, #704] + ldr x10, [x7, #768] + ldr x10, [x7, #832] + ldr x10, [x7, #896] + ldr x10, [x7, #960] + ldr w12, [x7, x12, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x13, x8, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x8, #56, #8 + eor w12, w12, w16, ror 8 + ubfx x16, x9, #40, #8 + eor w12, w12, w17, ror 16 + ubfx x17, x9, #0, #8 + ldr w13, [x7, x13, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x8, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x9, #24, #8 + eor w13, w13, w16, ror 8 + ubfx x16, x8, #8, #8 + eor w13, w13, w17, ror 16 + ubfx x17, x9, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x7, x14, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x8, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x9, #16, #8 + eor w14, w14, w16, ror 8 + ubfx x16, x9, #56, #8 + eor w13, w14, w17, ror 16 + ubfx x17, x8, #40, #8 + ldr w10, [x7, x10, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w10, ror 24 + ldp x8, x9, [x20], #16 + eor w15, w15, w17, ror 8 + eor w15, w15, w16, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x8 + eor x13, x13, x9 + ubfx x8, x12, #32, #8 + ubfx x11, x13, #8, #8 + ubfx x16, x13, #48, #8 + ubfx x17, x12, #24, #8 + ldr x15, [x6] + ldr x15, [x6, #64] + ldr x15, [x6, #128] + ldr x15, [x6, #192] + ldr x15, [x6, #256] + ldr x15, [x6, #320] + ldr x15, [x6, #384] + ldr x15, [x6, #448] + ldr x15, [x6, #512] + ldr x15, [x6, #576] + ldr x15, [x6, #640] + ldr x15, [x6, #704] + ldr x15, [x6, #768] + ldr x15, [x6, #832] + ldr x15, [x6, #896] + ldr x15, [x6, #960] + ldrb w8, [x6, x8, LSL 0] + ldrb w11, [x6, x11, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ubfx x9, x13, #0, #8 + eor w8, w8, w11, lsl 8 + ubfx x11, x13, #40, #8 + eor w8, w8, w16, lsl 16 + ubfx x16, x12, #16, #8 + eor w8, w8, w17, lsl 24 + ubfx x17, x12, #56, #8 + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w9, [x6, x9, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x10, x13, #32, #8 + eor w9, w9, w11, lsl 8 + ubfx x11, x12, #8, #8 + eor w9, w9, w16, lsl 16 + ubfx x16, x12, #48, #8 + eor w9, w9, w17, lsl 24 + ubfx x17, x13, #24, #8 + bfi x8, x9, #32, #32 + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x15, x13, #56, #8 + eor w10, w10, w11, lsl 8 + ubfx x11, x12, #0, #8 + eor w10, w10, w16, lsl 16 + ubfx x16, x12, #40, #8 + eor w9, w10, w17, lsl 24 + ubfx x17, x13, #16, #8 + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + eor w16, w16, w15, lsl 16 + ldp x12, x13, [x20] + eor w11, w11, w16, lsl 8 + eor w11, w11, w17, lsl 16 + bfi x9, x11, #32, #32 + # XOR in Key Schedule + eor x8, x8, x12 + eor x9, x9, x13 + rev32 x8, x8 + rev32 x9, x9 + ldp x12, x13, [x5] + eor x8, x8, x12 + eor x9, x9, x13 + str x8, [x1] + str x9, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + beq L_AES_CBC_decrypt_end_dec_odd + mov x20, x3 + ldr x8, [x0] + ldr x9, [x0, #8] + stp x8, x9, [x5] + rev32 x8, x8 + rev32 x9, x9 + ldp x12, x13, [x20], #16 + # Round: 0 - XOR in key schedule + eor x8, x8, x12 + eor x9, x9, x13 + sub w19, w4, #2 +L_AES_CBC_decrypt_loop_nr_odd: + ubfx x12, x9, #48, #8 + ubfx x15, x8, #24, #8 + ubfx x16, x9, #8, #8 + ubfx x17, x8, #32, #8 + ldr x10, [x7] + ldr x10, [x7, #64] + ldr x10, [x7, #128] + ldr x10, [x7, #192] + ldr x10, [x7, #256] + ldr x10, [x7, #320] + ldr x10, [x7, #384] + ldr x10, [x7, #448] + ldr x10, [x7, #512] + ldr x10, [x7, #576] + ldr x10, [x7, #640] + ldr x10, [x7, #704] + ldr x10, [x7, #768] + ldr x10, [x7, #832] + ldr x10, [x7, #896] + ldr x10, [x7, #960] + ldr w12, [x7, x12, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x13, x8, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x8, #56, #8 + eor w12, w12, w16, ror 8 + ubfx x16, x9, #40, #8 + eor w12, w12, w17, ror 16 + ubfx x17, x9, #0, #8 + ldr w13, [x7, x13, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x8, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x9, #24, #8 + eor w13, w13, w16, ror 8 + ubfx x16, x8, #8, #8 + eor w13, w13, w17, ror 16 + ubfx x17, x9, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x7, x14, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x8, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x9, #16, #8 + eor w14, w14, w16, ror 8 + ubfx x16, x9, #56, #8 + eor w13, w14, w17, ror 16 + ubfx x17, x8, #40, #8 + ldr w10, [x7, x10, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w10, ror 24 + ldp x8, x9, [x20], #16 + eor w15, w15, w17, ror 8 + eor w15, w15, w16, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x8 + eor x13, x13, x9 + ubfx x8, x13, #48, #8 + ubfx x11, x12, #24, #8 + ubfx x16, x13, #8, #8 + ubfx x17, x12, #32, #8 + ldr x14, [x7] + ldr x14, [x7, #64] + ldr x14, [x7, #128] + ldr x14, [x7, #192] + ldr x14, [x7, #256] + ldr x14, [x7, #320] + ldr x14, [x7, #384] + ldr x14, [x7, #448] + ldr x14, [x7, #512] + ldr x14, [x7, #576] + ldr x14, [x7, #640] + ldr x14, [x7, #704] + ldr x14, [x7, #768] + ldr x14, [x7, #832] + ldr x14, [x7, #896] + ldr x14, [x7, #960] + ldr w8, [x7, x8, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x9, x12, #16, #8 + eor w8, w8, w11, ror 24 + ubfx x11, x12, #56, #8 + eor w8, w8, w16, ror 8 + ubfx x16, x13, #40, #8 + eor w8, w8, w17, ror 16 + ubfx x17, x13, #0, #8 + ldr w9, [x7, x9, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x12, #48, #8 + eor w9, w9, w11, ror 24 + ubfx x11, x13, #24, #8 + eor w9, w9, w16, ror 8 + ubfx x16, x12, #8, #8 + eor w9, w9, w17, ror 16 + ubfx x17, x13, #32, #8 + bfi x8, x9, #32, #32 + ldr w10, [x7, x10, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x12, #0, #8 + eor w10, w10, w11, ror 24 + ubfx x11, x13, #16, #8 + eor w10, w10, w16, ror 8 + ubfx x16, x13, #56, #8 + eor w9, w10, w17, ror 16 + ubfx x17, x12, #40, #8 + ldr w14, [x7, x14, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w14, ror 24 + ldp x12, x13, [x20], #16 + eor w11, w11, w17, ror 8 + eor w11, w11, w16, ror 24 + bfi x9, x11, #32, #32 + # XOR in Key Schedule + eor x8, x8, x12 + eor x9, x9, x13 + subs w19, w19, #2 + bne L_AES_CBC_decrypt_loop_nr_odd + ubfx x12, x9, #48, #8 + ubfx x15, x8, #24, #8 + ubfx x16, x9, #8, #8 + ubfx x17, x8, #32, #8 + ldr x10, [x7] + ldr x10, [x7, #64] + ldr x10, [x7, #128] + ldr x10, [x7, #192] + ldr x10, [x7, #256] + ldr x10, [x7, #320] + ldr x10, [x7, #384] + ldr x10, [x7, #448] + ldr x10, [x7, #512] + ldr x10, [x7, #576] + ldr x10, [x7, #640] + ldr x10, [x7, #704] + ldr x10, [x7, #768] + ldr x10, [x7, #832] + ldr x10, [x7, #896] + ldr x10, [x7, #960] + ldr w12, [x7, x12, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x13, x8, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x8, #56, #8 + eor w12, w12, w16, ror 8 + ubfx x16, x9, #40, #8 + eor w12, w12, w17, ror 16 + ubfx x17, x9, #0, #8 + ldr w13, [x7, x13, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x8, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x9, #24, #8 + eor w13, w13, w16, ror 8 + ubfx x16, x8, #8, #8 + eor w13, w13, w17, ror 16 + ubfx x17, x9, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x7, x14, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x8, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x9, #16, #8 + eor w14, w14, w16, ror 8 + ubfx x16, x9, #56, #8 + eor w13, w14, w17, ror 16 + ubfx x17, x8, #40, #8 + ldr w10, [x7, x10, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w10, ror 24 + ldp x8, x9, [x20], #16 + eor w15, w15, w17, ror 8 + eor w15, w15, w16, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x8 + eor x13, x13, x9 + ubfx x8, x12, #32, #8 + ubfx x11, x13, #8, #8 + ubfx x16, x13, #48, #8 + ubfx x17, x12, #24, #8 + ldr x15, [x6] + ldr x15, [x6, #64] + ldr x15, [x6, #128] + ldr x15, [x6, #192] + ldr x15, [x6, #256] + ldr x15, [x6, #320] + ldr x15, [x6, #384] + ldr x15, [x6, #448] + ldr x15, [x6, #512] + ldr x15, [x6, #576] + ldr x15, [x6, #640] + ldr x15, [x6, #704] + ldr x15, [x6, #768] + ldr x15, [x6, #832] + ldr x15, [x6, #896] + ldr x15, [x6, #960] + ldrb w8, [x6, x8, LSL 0] + ldrb w11, [x6, x11, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ubfx x9, x13, #0, #8 + eor w8, w8, w11, lsl 8 + ubfx x11, x13, #40, #8 + eor w8, w8, w16, lsl 16 + ubfx x16, x12, #16, #8 + eor w8, w8, w17, lsl 24 + ubfx x17, x12, #56, #8 + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w9, [x6, x9, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x10, x13, #32, #8 + eor w9, w9, w11, lsl 8 + ubfx x11, x12, #8, #8 + eor w9, w9, w16, lsl 16 + ubfx x16, x12, #48, #8 + eor w9, w9, w17, lsl 24 + ubfx x17, x13, #24, #8 + bfi x8, x9, #32, #32 + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x15, x13, #56, #8 + eor w10, w10, w11, lsl 8 + ubfx x11, x12, #0, #8 + eor w10, w10, w16, lsl 16 + ubfx x16, x12, #40, #8 + eor w9, w10, w17, lsl 24 + ubfx x17, x13, #16, #8 + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + eor w16, w16, w15, lsl 16 + ldp x12, x13, [x20] + eor w11, w11, w16, lsl 8 + eor w11, w11, w17, lsl 16 + bfi x9, x11, #32, #32 + # XOR in Key Schedule + eor x8, x8, x12 + eor x9, x9, x13 + rev32 x8, x8 + rev32 x9, x9 + ldnp x12, x13, [x5, #16] + eor x8, x8, x12 + eor x9, x9, x13 + str x8, [x1] + str x9, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_CBC_decrypt_loop_block + b L_AES_CBC_decrypt_end_dec +L_AES_CBC_decrypt_end_dec_odd: + ldnp x12, x13, [x5, #16] + stp x12, x13, [x5] +L_AES_CBC_decrypt_end_dec: + ldp x17, x19, [x29, #24] + ldr x20, [x29, #40] + ldp x29, x30, [sp], #48 + ret +#ifndef __APPLE__ + .size AES_CBC_decrypt,.-AES_CBC_decrypt +#endif /* __APPLE__ */ +#endif /* HAVE_AES_CBC */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC + * HAVE_AES_ECB */ +#endif /* HAVE_AES_DECRYPT */ +#ifdef HAVE_AESGCM +#ifndef __APPLE__ + .text + .type L_GCM_gmult_len_r, %object + .section .rodata + .size L_GCM_gmult_len_r, 128 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_GCM_gmult_len_r: + .word 0x00000000 + .word 0x1c200000 + .word 0x38400000 + .word 0x24600000 + .word 0x70800000 + .word 0x6ca00000 + .word 0x48c00000 + .word 0x54e00000 + .word 0xe1000000 + .word 0xfd200000 + .word 0xd9400000 + .word 0xc5600000 + .word 0x91800000 + .word 0x8da00000 + .word 0xa9c00000 + .word 0xb5e00000 + .word 0x00000000 + .word 0x01c20000 + .word 0x03840000 + .word 0x02460000 + .word 0x07080000 + .word 0x06ca0000 + .word 0x048c0000 + .word 0x054e0000 + .word 0x0e100000 + .word 0x0fd20000 + .word 0x0d940000 + .word 0x0c560000 + .word 0x09180000 + .word 0x08da0000 + .word 0x0a9c0000 + .word 0x0b5e0000 +#ifndef __APPLE__ +.text +.globl GCM_gmult_len +.type GCM_gmult_len,@function +.align 2 +GCM_gmult_len: +#else +.section __TEXT,__text +.globl _GCM_gmult_len +.p2align 2 +_GCM_gmult_len: +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x10, L_GCM_gmult_len_r + add x10, x10, :lo12:L_GCM_gmult_len_r +#else + adrp x10, L_GCM_gmult_len_r@PAGE + add x10, x10, :lo12:L_GCM_gmult_len_r@PAGEOFF +#endif /* __APPLE__ */ +L_GCM_gmult_len_start_block: + ldp x4, x5, [x0] + ldp x6, x7, [x2] + eor x4, x4, x6 + eor x5, x5, x7 + ubfx x12, x5, #56, #4 + add x12, x1, x12, lsl 4 + ldp x8, x9, [x12] + ubfx x12, x5, #60, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #48, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #52, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #40, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #44, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #32, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #36, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #24, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #28, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #16, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #20, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #8, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #12, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #0, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #4, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #56, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #60, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #48, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #52, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #40, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #44, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #32, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #36, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #24, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #28, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #16, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #20, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #8, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #12, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfiz x12, x4, #4, #4 + add x12, x12, x1 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x11, x9, #0, #4 + ubfx x12, x4, #4, #4 + lsr x9, x9, #4 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 60 + ldp x6, x7, [x12] + lsr x8, x8, #4 + eor x8, x8, x6 + ldr w6, [x10, x11, LSL 2] + eor x9, x9, x7 + eor x8, x8, x6, lsl 32 + rev x8, x8 + rev x9, x9 + stp x8, x9, [x0] + subs x3, x3, #16 + add x2, x2, #16 + bne L_GCM_gmult_len_start_block + ret +#ifndef __APPLE__ + .size GCM_gmult_len,.-GCM_gmult_len +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt +.type AES_GCM_encrypt,@function +.align 2 +AES_GCM_encrypt: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt +.p2align 2 +_AES_GCM_encrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-48]! + add x29, sp, #0 + stp x17, x19, [x29, #16] + stp x20, x21, [x29, #32] +#ifndef __APPLE__ + adrp x19, L_AES_ARM64_te + add x19, x19, :lo12:L_AES_ARM64_te +#else + adrp x19, L_AES_ARM64_te@PAGE + add x19, x19, :lo12:L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + ldp x16, x17, [x5] + rev32 x16, x16 + rev32 x17, x17 +L_AES_GCM_encrypt_loop_block: + mov x21, x3 + lsr x9, x17, #32 + ldp x10, x11, [x21], #16 + add w9, w9, #1 + bfi x17, x9, #32, #32 + # Round: 0 - XOR in key schedule + eor x6, x16, x10 + eor x7, x17, x11 + sub w20, w4, #2 +L_AES_GCM_encrypt_loop_nr: + ubfx x10, x6, #48, #8 + ubfx x13, x6, #24, #8 + ubfx x14, x7, #8, #8 + ubfx x15, x7, #32, #8 + ldr x8, [x19] + ldr x8, [x19, #64] + ldr x8, [x19, #128] + ldr x8, [x19, #192] + ldr x8, [x19, #256] + ldr x8, [x19, #320] + ldr x8, [x19, #384] + ldr x8, [x19, #448] + ldr x8, [x19, #512] + ldr x8, [x19, #576] + ldr x8, [x19, #640] + ldr x8, [x19, #704] + ldr x8, [x19, #768] + ldr x8, [x19, #832] + ldr x8, [x19, #896] + ldr x8, [x19, #960] + ldr w10, [x19, x10, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x11, x7, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x6, #56, #8 + eor w10, w10, w14, ror 8 + ubfx x14, x7, #40, #8 + eor w10, w10, w15, ror 16 + ubfx x15, x6, #0, #8 + ldr w11, [x19, x11, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x12, x7, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x7, #24, #8 + eor w11, w11, w14, ror 8 + ubfx x14, x6, #8, #8 + eor w11, w11, w15, ror 16 + ubfx x15, x6, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x19, x12, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x8, x7, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x6, #16, #8 + eor w12, w12, w14, ror 8 + ubfx x14, x7, #56, #8 + eor w11, w12, w15, ror 16 + ubfx x15, x6, #40, #8 + ldr w8, [x19, x8, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w15, [x19, x15, LSL 2] + eor w14, w14, w8, ror 24 + ldp x6, x7, [x21], #16 + eor w13, w13, w14, ror 24 + eor w13, w13, w15, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x6 + eor x11, x11, x7 + ubfx x6, x10, #48, #8 + ubfx x9, x10, #24, #8 + ubfx x14, x11, #8, #8 + ubfx x15, x11, #32, #8 + ldr x12, [x19] + ldr x12, [x19, #64] + ldr x12, [x19, #128] + ldr x12, [x19, #192] + ldr x12, [x19, #256] + ldr x12, [x19, #320] + ldr x12, [x19, #384] + ldr x12, [x19, #448] + ldr x12, [x19, #512] + ldr x12, [x19, #576] + ldr x12, [x19, #640] + ldr x12, [x19, #704] + ldr x12, [x19, #768] + ldr x12, [x19, #832] + ldr x12, [x19, #896] + ldr x12, [x19, #960] + ldr w6, [x19, x6, LSL 2] + ldr w9, [x19, x9, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x7, x11, #16, #8 + eor w6, w6, w9, ror 24 + ubfx x9, x10, #56, #8 + eor w6, w6, w14, ror 8 + ubfx x14, x11, #40, #8 + eor w6, w6, w15, ror 16 + ubfx x15, x10, #0, #8 + ldr w7, [x19, x7, LSL 2] + ldr w9, [x19, x9, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x8, x11, #48, #8 + eor w7, w7, w9, ror 24 + ubfx x9, x11, #24, #8 + eor w7, w7, w14, ror 8 + ubfx x14, x10, #8, #8 + eor w7, w7, w15, ror 16 + ubfx x15, x10, #32, #8 + bfi x6, x7, #32, #32 + ldr w8, [x19, x8, LSL 2] + ldr w9, [x19, x9, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x12, x11, #0, #8 + eor w8, w8, w9, ror 24 + ubfx x9, x10, #16, #8 + eor w8, w8, w14, ror 8 + ubfx x14, x11, #56, #8 + eor w7, w8, w15, ror 16 + ubfx x15, x10, #40, #8 + ldr w12, [x19, x12, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w9, [x19, x9, LSL 2] + ldr w15, [x19, x15, LSL 2] + eor w14, w14, w12, ror 24 + ldp x10, x11, [x21], #16 + eor w9, w9, w14, ror 24 + eor w9, w9, w15, ror 8 + bfi x7, x9, #32, #32 + # XOR in Key Schedule + eor x6, x6, x10 + eor x7, x7, x11 + subs w20, w20, #2 + bne L_AES_GCM_encrypt_loop_nr + ubfx x10, x6, #48, #8 + ubfx x13, x6, #24, #8 + ubfx x14, x7, #8, #8 + ubfx x15, x7, #32, #8 + ldr x8, [x19] + ldr x8, [x19, #64] + ldr x8, [x19, #128] + ldr x8, [x19, #192] + ldr x8, [x19, #256] + ldr x8, [x19, #320] + ldr x8, [x19, #384] + ldr x8, [x19, #448] + ldr x8, [x19, #512] + ldr x8, [x19, #576] + ldr x8, [x19, #640] + ldr x8, [x19, #704] + ldr x8, [x19, #768] + ldr x8, [x19, #832] + ldr x8, [x19, #896] + ldr x8, [x19, #960] + ldr w10, [x19, x10, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x11, x7, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x6, #56, #8 + eor w10, w10, w14, ror 8 + ubfx x14, x7, #40, #8 + eor w10, w10, w15, ror 16 + ubfx x15, x6, #0, #8 + ldr w11, [x19, x11, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x12, x7, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x7, #24, #8 + eor w11, w11, w14, ror 8 + ubfx x14, x6, #8, #8 + eor w11, w11, w15, ror 16 + ubfx x15, x6, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x19, x12, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x8, x7, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x6, #16, #8 + eor w12, w12, w14, ror 8 + ubfx x14, x7, #56, #8 + eor w11, w12, w15, ror 16 + ubfx x15, x6, #40, #8 + ldr w8, [x19, x8, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w15, [x19, x15, LSL 2] + eor w14, w14, w8, ror 24 + ldp x6, x7, [x21], #16 + eor w13, w13, w14, ror 24 + eor w13, w13, w15, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x6 + eor x11, x11, x7 + ubfx x6, x11, #32, #8 + ubfx x9, x11, #8, #8 + ubfx x14, x10, #48, #8 + ubfx x15, x10, #24, #8 + lsl w6, w6, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldr x13, [x19] + ldr x13, [x19, #64] + ldr x13, [x19, #128] + ldr x13, [x19, #192] + ldr x13, [x19, #256] + ldr x13, [x19, #320] + ldr x13, [x19, #384] + ldr x13, [x19, #448] + ldr x13, [x19, #512] + ldr x13, [x19, #576] + ldr x13, [x19, #640] + ldr x13, [x19, #704] + ldr x13, [x19, #768] + ldr x13, [x19, #832] + ldr x13, [x19, #896] + ldr x13, [x19, #960] + ldrb w6, [x19, x6, LSL 0] + ldrb w9, [x19, x9, LSL 0] + ldrb w14, [x19, x14, LSL 0] + ldrb w15, [x19, x15, LSL 0] + ubfx x7, x10, #0, #8 + eor w6, w6, w9, lsl 8 + ubfx x9, x11, #40, #8 + eor w6, w6, w14, lsl 16 + ubfx x14, x11, #16, #8 + eor w6, w6, w15, lsl 24 + ubfx x15, x10, #56, #8 + lsl w7, w7, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w7, [x19, x7, LSL 0] + ldrb w9, [x19, x9, LSL 0] + ldrb w14, [x19, x14, LSL 0] + ldrb w15, [x19, x15, LSL 0] + ubfx x8, x10, #32, #8 + eor w7, w7, w9, lsl 8 + ubfx x9, x10, #8, #8 + eor w7, w7, w14, lsl 16 + ubfx x14, x11, #48, #8 + eor w7, w7, w15, lsl 24 + ubfx x15, x11, #24, #8 + bfi x6, x7, #32, #32 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w8, [x19, x8, LSL 0] + ldrb w9, [x19, x9, LSL 0] + ldrb w14, [x19, x14, LSL 0] + ldrb w15, [x19, x15, LSL 0] + ubfx x13, x11, #56, #8 + eor w8, w8, w9, lsl 8 + ubfx x9, x11, #0, #8 + eor w8, w8, w14, lsl 16 + ubfx x14, x10, #40, #8 + eor w7, w8, w15, lsl 24 + ubfx x15, x10, #16, #8 + lsl w13, w13, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w13, [x19, x13, LSL 0] + ldrb w9, [x19, x9, LSL 0] + ldrb w14, [x19, x14, LSL 0] + ldrb w15, [x19, x15, LSL 0] + eor w14, w14, w13, lsl 16 + ldp x10, x11, [x21] + eor w9, w9, w14, lsl 8 + eor w9, w9, w15, lsl 16 + bfi x7, x9, #32, #32 + # XOR in Key Schedule + eor x6, x6, x10 + eor x7, x7, x11 + rev32 x6, x6 + rev32 x7, x7 + ldr x10, [x0] + ldr x11, [x0, #8] + eor x6, x6, x10 + eor x7, x7, x11 + str x6, [x1] + str x7, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_GCM_encrypt_loop_block + rev32 x16, x16 + rev32 x17, x17 + stp x16, x17, [x5] + ldp x17, x19, [x29, #16] + ldp x20, x21, [x29, #32] + ldp x29, x30, [sp], #48 + ret +#ifndef __APPLE__ + .size AES_GCM_encrypt,.-AES_GCM_encrypt +#endif /* __APPLE__ */ +#endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AES_XTS +#ifndef __APPLE__ +.text +.globl AES_XTS_encrypt +.type AES_XTS_encrypt,@function +.align 2 +AES_XTS_encrypt: +#else +.section __TEXT,__text +.globl _AES_XTS_encrypt +.p2align 2 +_AES_XTS_encrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-96]! + add x29, sp, #0 + stp x17, x19, [x29, #24] + stp x20, x21, [x29, #40] + stp x22, x23, [x29, #56] + stp x24, x25, [x29, #72] + str x26, [x29, #88] +#ifndef __APPLE__ + adrp x8, L_AES_ARM64_te + add x8, x8, :lo12:L_AES_ARM64_te +#else + adrp x8, L_AES_ARM64_te@PAGE + add x8, x8, :lo12:L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + mov x9, #0x87 + mov x26, x5 + ldp x21, x22, [x3] + ldp x14, x15, [x26], #16 + rev32 x21, x21 + rev32 x22, x22 + # Round: 0 - XOR in key schedule + eor x21, x21, x14 + eor x22, x22, x15 + sub w25, w7, #2 +L_AES_XTS_encrypt_loop_nr_tweak: + ubfx x14, x21, #48, #8 + ubfx x17, x21, #24, #8 + ubfx x19, x22, #8, #8 + ubfx x20, x22, #32, #8 + ldr x23, [x8] + ldr x23, [x8, #64] + ldr x23, [x8, #128] + ldr x23, [x8, #192] + ldr x23, [x8, #256] + ldr x23, [x8, #320] + ldr x23, [x8, #384] + ldr x23, [x8, #448] + ldr x23, [x8, #512] + ldr x23, [x8, #576] + ldr x23, [x8, #640] + ldr x23, [x8, #704] + ldr x23, [x8, #768] + ldr x23, [x8, #832] + ldr x23, [x8, #896] + ldr x23, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x22, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x21, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x22, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x21, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x22, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x22, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x21, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x21, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x23, x22, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x21, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x22, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x21, #40, #8 + ldr w23, [x8, x23, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w23, ror 24 + ldp x21, x22, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x21 + eor x15, x15, x22 + ubfx x21, x14, #48, #8 + ubfx x24, x14, #24, #8 + ubfx x19, x15, #8, #8 + ubfx x20, x15, #32, #8 + ldr x16, [x8] + ldr x16, [x8, #64] + ldr x16, [x8, #128] + ldr x16, [x8, #192] + ldr x16, [x8, #256] + ldr x16, [x8, #320] + ldr x16, [x8, #384] + ldr x16, [x8, #448] + ldr x16, [x8, #512] + ldr x16, [x8, #576] + ldr x16, [x8, #640] + ldr x16, [x8, #704] + ldr x16, [x8, #768] + ldr x16, [x8, #832] + ldr x16, [x8, #896] + ldr x16, [x8, #960] + ldr w21, [x8, x21, LSL 2] + ldr w24, [x8, x24, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x22, x15, #16, #8 + eor w21, w21, w24, ror 24 + ubfx x24, x14, #56, #8 + eor w21, w21, w19, ror 8 + ubfx x19, x15, #40, #8 + eor w21, w21, w20, ror 16 + ubfx x20, x14, #0, #8 + ldr w22, [x8, x22, LSL 2] + ldr w24, [x8, x24, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x23, x15, #48, #8 + eor w22, w22, w24, ror 24 + ubfx x24, x15, #24, #8 + eor w22, w22, w19, ror 8 + ubfx x19, x14, #8, #8 + eor w22, w22, w20, ror 16 + ubfx x20, x14, #32, #8 + bfi x21, x22, #32, #32 + ldr w23, [x8, x23, LSL 2] + ldr w24, [x8, x24, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x15, #0, #8 + eor w23, w23, w24, ror 24 + ubfx x24, x14, #16, #8 + eor w23, w23, w19, ror 8 + ubfx x19, x15, #56, #8 + eor w22, w23, w20, ror 16 + ubfx x20, x14, #40, #8 + ldr w16, [x8, x16, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w24, [x8, x24, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w16, ror 24 + ldp x14, x15, [x26], #16 + eor w24, w24, w19, ror 24 + eor w24, w24, w20, ror 8 + bfi x22, x24, #32, #32 + # XOR in Key Schedule + eor x21, x21, x14 + eor x22, x22, x15 + subs w25, w25, #2 + bne L_AES_XTS_encrypt_loop_nr_tweak + ubfx x14, x21, #48, #8 + ubfx x17, x21, #24, #8 + ubfx x19, x22, #8, #8 + ubfx x20, x22, #32, #8 + ldr x23, [x8] + ldr x23, [x8, #64] + ldr x23, [x8, #128] + ldr x23, [x8, #192] + ldr x23, [x8, #256] + ldr x23, [x8, #320] + ldr x23, [x8, #384] + ldr x23, [x8, #448] + ldr x23, [x8, #512] + ldr x23, [x8, #576] + ldr x23, [x8, #640] + ldr x23, [x8, #704] + ldr x23, [x8, #768] + ldr x23, [x8, #832] + ldr x23, [x8, #896] + ldr x23, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x22, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x21, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x22, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x21, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x22, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x22, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x21, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x21, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x23, x22, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x21, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x22, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x21, #40, #8 + ldr w23, [x8, x23, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w23, ror 24 + ldp x21, x22, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x21 + eor x15, x15, x22 + ubfx x21, x15, #32, #8 + ubfx x24, x15, #8, #8 + ubfx x19, x14, #48, #8 + ubfx x20, x14, #24, #8 + lsl w21, w21, #2 + lsl w24, w24, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldr x17, [x8] + ldr x17, [x8, #64] + ldr x17, [x8, #128] + ldr x17, [x8, #192] + ldr x17, [x8, #256] + ldr x17, [x8, #320] + ldr x17, [x8, #384] + ldr x17, [x8, #448] + ldr x17, [x8, #512] + ldr x17, [x8, #576] + ldr x17, [x8, #640] + ldr x17, [x8, #704] + ldr x17, [x8, #768] + ldr x17, [x8, #832] + ldr x17, [x8, #896] + ldr x17, [x8, #960] + ldrb w21, [x8, x21, LSL 0] + ldrb w24, [x8, x24, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x22, x14, #0, #8 + eor w21, w21, w24, lsl 8 + ubfx x24, x15, #40, #8 + eor w21, w21, w19, lsl 16 + ubfx x19, x15, #16, #8 + eor w21, w21, w20, lsl 24 + ubfx x20, x14, #56, #8 + lsl w22, w22, #2 + lsl w24, w24, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w22, [x8, x22, LSL 0] + ldrb w24, [x8, x24, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x23, x14, #32, #8 + eor w22, w22, w24, lsl 8 + ubfx x24, x14, #8, #8 + eor w22, w22, w19, lsl 16 + ubfx x19, x15, #48, #8 + eor w22, w22, w20, lsl 24 + ubfx x20, x15, #24, #8 + bfi x21, x22, #32, #32 + lsl w23, w23, #2 + lsl w24, w24, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w23, [x8, x23, LSL 0] + ldrb w24, [x8, x24, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x17, x15, #56, #8 + eor w23, w23, w24, lsl 8 + ubfx x24, x15, #0, #8 + eor w23, w23, w19, lsl 16 + ubfx x19, x14, #40, #8 + eor w22, w23, w20, lsl 24 + ubfx x20, x14, #16, #8 + lsl w17, w17, #2 + lsl w24, w24, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w17, [x8, x17, LSL 0] + ldrb w24, [x8, x24, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + eor w19, w19, w17, lsl 16 + ldp x14, x15, [x26] + eor w24, w24, w19, lsl 8 + eor w24, w24, w20, lsl 16 + bfi x22, x24, #32, #32 + # XOR in Key Schedule + eor x21, x21, x14 + eor x22, x22, x15 + rev32 x21, x21 + rev32 x22, x22 +L_AES_XTS_encrypt_loop_block: + mov x26, x4 + ldp x10, x11, [x0] + ldp x14, x15, [x26], #16 + eor x10, x10, x21 + eor x11, x11, x22 + rev32 x10, x10 + rev32 x11, x11 + # Round: 0 - XOR in key schedule + eor x10, x10, x14 + eor x11, x11, x15 + sub w25, w7, #2 +L_AES_XTS_encrypt_loop_nr: + ubfx x14, x10, #48, #8 + ubfx x17, x10, #24, #8 + ubfx x19, x11, #8, #8 + ubfx x20, x11, #32, #8 + ldr x12, [x8] + ldr x12, [x8, #64] + ldr x12, [x8, #128] + ldr x12, [x8, #192] + ldr x12, [x8, #256] + ldr x12, [x8, #320] + ldr x12, [x8, #384] + ldr x12, [x8, #448] + ldr x12, [x8, #512] + ldr x12, [x8, #576] + ldr x12, [x8, #640] + ldr x12, [x8, #704] + ldr x12, [x8, #768] + ldr x12, [x8, #832] + ldr x12, [x8, #896] + ldr x12, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x11, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x10, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x11, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x10, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x11, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x11, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x10, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x10, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x11, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x10, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x11, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x10, #40, #8 + ldr w12, [x8, x12, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w12, ror 24 + ldp x10, x11, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x10 + eor x15, x15, x11 + ubfx x10, x14, #48, #8 + ubfx x13, x14, #24, #8 + ubfx x19, x15, #8, #8 + ubfx x20, x15, #32, #8 + ldr x16, [x8] + ldr x16, [x8, #64] + ldr x16, [x8, #128] + ldr x16, [x8, #192] + ldr x16, [x8, #256] + ldr x16, [x8, #320] + ldr x16, [x8, #384] + ldr x16, [x8, #448] + ldr x16, [x8, #512] + ldr x16, [x8, #576] + ldr x16, [x8, #640] + ldr x16, [x8, #704] + ldr x16, [x8, #768] + ldr x16, [x8, #832] + ldr x16, [x8, #896] + ldr x16, [x8, #960] + ldr w10, [x8, x10, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x11, x15, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x14, #56, #8 + eor w10, w10, w19, ror 8 + ubfx x19, x15, #40, #8 + eor w10, w10, w20, ror 16 + ubfx x20, x14, #0, #8 + ldr w11, [x8, x11, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x15, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x15, #24, #8 + eor w11, w11, w19, ror 8 + ubfx x19, x14, #8, #8 + eor w11, w11, w20, ror 16 + ubfx x20, x14, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x8, x12, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x15, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x14, #16, #8 + eor w12, w12, w19, ror 8 + ubfx x19, x15, #56, #8 + eor w11, w12, w20, ror 16 + ubfx x20, x14, #40, #8 + ldr w16, [x8, x16, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w16, ror 24 + ldp x14, x15, [x26], #16 + eor w13, w13, w19, ror 24 + eor w13, w13, w20, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x14 + eor x11, x11, x15 + subs w25, w25, #2 + bne L_AES_XTS_encrypt_loop_nr + ubfx x14, x10, #48, #8 + ubfx x17, x10, #24, #8 + ubfx x19, x11, #8, #8 + ubfx x20, x11, #32, #8 + ldr x12, [x8] + ldr x12, [x8, #64] + ldr x12, [x8, #128] + ldr x12, [x8, #192] + ldr x12, [x8, #256] + ldr x12, [x8, #320] + ldr x12, [x8, #384] + ldr x12, [x8, #448] + ldr x12, [x8, #512] + ldr x12, [x8, #576] + ldr x12, [x8, #640] + ldr x12, [x8, #704] + ldr x12, [x8, #768] + ldr x12, [x8, #832] + ldr x12, [x8, #896] + ldr x12, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x11, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x10, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x11, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x10, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x11, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x11, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x10, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x10, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x11, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x10, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x11, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x10, #40, #8 + ldr w12, [x8, x12, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w12, ror 24 + ldp x10, x11, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x10 + eor x15, x15, x11 + ubfx x10, x15, #32, #8 + ubfx x13, x15, #8, #8 + ubfx x19, x14, #48, #8 + ubfx x20, x14, #24, #8 + lsl w10, w10, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldr x17, [x8] + ldr x17, [x8, #64] + ldr x17, [x8, #128] + ldr x17, [x8, #192] + ldr x17, [x8, #256] + ldr x17, [x8, #320] + ldr x17, [x8, #384] + ldr x17, [x8, #448] + ldr x17, [x8, #512] + ldr x17, [x8, #576] + ldr x17, [x8, #640] + ldr x17, [x8, #704] + ldr x17, [x8, #768] + ldr x17, [x8, #832] + ldr x17, [x8, #896] + ldr x17, [x8, #960] + ldrb w10, [x8, x10, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x11, x14, #0, #8 + eor w10, w10, w13, lsl 8 + ubfx x13, x15, #40, #8 + eor w10, w10, w19, lsl 16 + ubfx x19, x15, #16, #8 + eor w10, w10, w20, lsl 24 + ubfx x20, x14, #56, #8 + lsl w11, w11, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w11, [x8, x11, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x12, x14, #32, #8 + eor w11, w11, w13, lsl 8 + ubfx x13, x14, #8, #8 + eor w11, w11, w19, lsl 16 + ubfx x19, x15, #48, #8 + eor w11, w11, w20, lsl 24 + ubfx x20, x15, #24, #8 + bfi x10, x11, #32, #32 + lsl w12, w12, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w12, [x8, x12, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x17, x15, #56, #8 + eor w12, w12, w13, lsl 8 + ubfx x13, x15, #0, #8 + eor w12, w12, w19, lsl 16 + ubfx x19, x14, #40, #8 + eor w11, w12, w20, lsl 24 + ubfx x20, x14, #16, #8 + lsl w17, w17, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w17, [x8, x17, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + eor w19, w19, w17, lsl 16 + ldp x14, x15, [x26] + eor w13, w13, w19, lsl 8 + eor w13, w13, w20, lsl 16 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x14 + eor x11, x11, x15 + rev32 x10, x10 + rev32 x11, x11 + eor x10, x10, x21 + eor x11, x11, x22 + stp x10, x11, [x1] + and x19, x9, x22, asr 63 + extr x22, x22, x21, #63 + eor x21, x19, x21, lsl 1 + sub w2, w2, #16 + add x0, x0, #16 + add x1, x1, #16 + cmp w2, #16 + bge L_AES_XTS_encrypt_loop_block + cbz w2, L_AES_XTS_encrypt_done_data + mov x26, x4 + sub x1, x1, #16 + ldp x10, x11, [x1], #16 + stp x10, x11, [x6] + mov w14, w2 +L_AES_XTS_encrypt_start_byte: + ldrb w19, [x6] + ldrb w20, [x0], #1 + strb w19, [x1], #1 + strb w20, [x6], #1 + subs w14, w14, #1 + bgt L_AES_XTS_encrypt_start_byte + sub x1, x1, x2 + sub x6, x6, x2 + sub x1, x1, #16 + ldp x10, x11, [x6] + ldp x14, x15, [x26], #16 + eor x10, x10, x21 + eor x11, x11, x22 + rev32 x10, x10 + rev32 x11, x11 + # Round: 0 - XOR in key schedule + eor x10, x10, x14 + eor x11, x11, x15 + sub w25, w7, #2 +L_AES_XTS_encrypt_loop_nr_partial: + ubfx x14, x10, #48, #8 + ubfx x17, x10, #24, #8 + ubfx x19, x11, #8, #8 + ubfx x20, x11, #32, #8 + ldr x12, [x8] + ldr x12, [x8, #64] + ldr x12, [x8, #128] + ldr x12, [x8, #192] + ldr x12, [x8, #256] + ldr x12, [x8, #320] + ldr x12, [x8, #384] + ldr x12, [x8, #448] + ldr x12, [x8, #512] + ldr x12, [x8, #576] + ldr x12, [x8, #640] + ldr x12, [x8, #704] + ldr x12, [x8, #768] + ldr x12, [x8, #832] + ldr x12, [x8, #896] + ldr x12, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x11, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x10, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x11, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x10, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x11, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x11, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x10, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x10, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x11, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x10, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x11, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x10, #40, #8 + ldr w12, [x8, x12, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w12, ror 24 + ldp x10, x11, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x10 + eor x15, x15, x11 + ubfx x10, x14, #48, #8 + ubfx x13, x14, #24, #8 + ubfx x19, x15, #8, #8 + ubfx x20, x15, #32, #8 + ldr x16, [x8] + ldr x16, [x8, #64] + ldr x16, [x8, #128] + ldr x16, [x8, #192] + ldr x16, [x8, #256] + ldr x16, [x8, #320] + ldr x16, [x8, #384] + ldr x16, [x8, #448] + ldr x16, [x8, #512] + ldr x16, [x8, #576] + ldr x16, [x8, #640] + ldr x16, [x8, #704] + ldr x16, [x8, #768] + ldr x16, [x8, #832] + ldr x16, [x8, #896] + ldr x16, [x8, #960] + ldr w10, [x8, x10, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x11, x15, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x14, #56, #8 + eor w10, w10, w19, ror 8 + ubfx x19, x15, #40, #8 + eor w10, w10, w20, ror 16 + ubfx x20, x14, #0, #8 + ldr w11, [x8, x11, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x15, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x15, #24, #8 + eor w11, w11, w19, ror 8 + ubfx x19, x14, #8, #8 + eor w11, w11, w20, ror 16 + ubfx x20, x14, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x8, x12, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x15, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x14, #16, #8 + eor w12, w12, w19, ror 8 + ubfx x19, x15, #56, #8 + eor w11, w12, w20, ror 16 + ubfx x20, x14, #40, #8 + ldr w16, [x8, x16, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w16, ror 24 + ldp x14, x15, [x26], #16 + eor w13, w13, w19, ror 24 + eor w13, w13, w20, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x14 + eor x11, x11, x15 + subs w25, w25, #2 + bne L_AES_XTS_encrypt_loop_nr_partial + ubfx x14, x10, #48, #8 + ubfx x17, x10, #24, #8 + ubfx x19, x11, #8, #8 + ubfx x20, x11, #32, #8 + ldr x12, [x8] + ldr x12, [x8, #64] + ldr x12, [x8, #128] + ldr x12, [x8, #192] + ldr x12, [x8, #256] + ldr x12, [x8, #320] + ldr x12, [x8, #384] + ldr x12, [x8, #448] + ldr x12, [x8, #512] + ldr x12, [x8, #576] + ldr x12, [x8, #640] + ldr x12, [x8, #704] + ldr x12, [x8, #768] + ldr x12, [x8, #832] + ldr x12, [x8, #896] + ldr x12, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x11, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x10, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x11, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x10, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x11, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x11, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x10, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x10, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x11, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x10, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x11, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x10, #40, #8 + ldr w12, [x8, x12, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w12, ror 24 + ldp x10, x11, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x10 + eor x15, x15, x11 + ubfx x10, x15, #32, #8 + ubfx x13, x15, #8, #8 + ubfx x19, x14, #48, #8 + ubfx x20, x14, #24, #8 + lsl w10, w10, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldr x17, [x8] + ldr x17, [x8, #64] + ldr x17, [x8, #128] + ldr x17, [x8, #192] + ldr x17, [x8, #256] + ldr x17, [x8, #320] + ldr x17, [x8, #384] + ldr x17, [x8, #448] + ldr x17, [x8, #512] + ldr x17, [x8, #576] + ldr x17, [x8, #640] + ldr x17, [x8, #704] + ldr x17, [x8, #768] + ldr x17, [x8, #832] + ldr x17, [x8, #896] + ldr x17, [x8, #960] + ldrb w10, [x8, x10, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x11, x14, #0, #8 + eor w10, w10, w13, lsl 8 + ubfx x13, x15, #40, #8 + eor w10, w10, w19, lsl 16 + ubfx x19, x15, #16, #8 + eor w10, w10, w20, lsl 24 + ubfx x20, x14, #56, #8 + lsl w11, w11, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w11, [x8, x11, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x12, x14, #32, #8 + eor w11, w11, w13, lsl 8 + ubfx x13, x14, #8, #8 + eor w11, w11, w19, lsl 16 + ubfx x19, x15, #48, #8 + eor w11, w11, w20, lsl 24 + ubfx x20, x15, #24, #8 + bfi x10, x11, #32, #32 + lsl w12, w12, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w12, [x8, x12, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x17, x15, #56, #8 + eor w12, w12, w13, lsl 8 + ubfx x13, x15, #0, #8 + eor w12, w12, w19, lsl 16 + ubfx x19, x14, #40, #8 + eor w11, w12, w20, lsl 24 + ubfx x20, x14, #16, #8 + lsl w17, w17, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w17, [x8, x17, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + eor w19, w19, w17, lsl 16 + ldp x14, x15, [x26] + eor w13, w13, w19, lsl 8 + eor w13, w13, w20, lsl 16 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x14 + eor x11, x11, x15 + rev32 x10, x10 + rev32 x11, x11 + eor x10, x10, x21 + eor x11, x11, x22 + stp x10, x11, [x1] +L_AES_XTS_encrypt_done_data: + ldp x17, x19, [x29, #24] + ldp x20, x21, [x29, #40] + ldp x22, x23, [x29, #56] + ldp x24, x25, [x29, #72] + ldr x26, [x29, #88] + ldp x29, x30, [sp], #0x60 + ret +#ifndef __APPLE__ + .size AES_XTS_encrypt,.-AES_XTS_encrypt +#endif /* __APPLE__ */ +#ifdef HAVE_AES_DECRYPT +#ifndef __APPLE__ +.text +.globl AES_XTS_decrypt +.type AES_XTS_decrypt,@function +.align 2 +AES_XTS_decrypt: +#else +.section __TEXT,__text +.globl _AES_XTS_decrypt +.p2align 2 +_AES_XTS_decrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-112]! + add x29, sp, #0 + stp x17, x19, [x29, #24] + stp x20, x21, [x29, #40] + stp x22, x23, [x29, #56] + stp x24, x25, [x29, #72] + stp x26, x27, [x29, #88] + str x28, [x29, #104] +#ifndef __APPLE__ + adrp x8, L_AES_ARM64_td + add x8, x8, :lo12:L_AES_ARM64_td +#else + adrp x8, L_AES_ARM64_td@PAGE + add x8, x8, :lo12:L_AES_ARM64_td@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x9, L_AES_ARM64_td4 + add x9, x9, :lo12:L_AES_ARM64_td4 +#else + adrp x9, L_AES_ARM64_td4@PAGE + add x9, x9, :lo12:L_AES_ARM64_td4@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x10, L_AES_ARM64_te + add x10, x10, :lo12:L_AES_ARM64_te +#else + adrp x10, L_AES_ARM64_te@PAGE + add x10, x10, :lo12:L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + ands w11, w2, #15 + cset w11, ne + lsl w11, w11, #4 + sub w2, w2, w11 + mov x11, #0x87 + mov x28, x5 + ldp x23, x24, [x3] + ldp x16, x17, [x28], #16 + rev32 x23, x23 + rev32 x24, x24 + # Round: 0 - XOR in key schedule + eor x23, x23, x16 + eor x24, x24, x17 + sub w27, w7, #2 +L_AES_XTS_decrypt_loop_nr_tweak: + ubfx x16, x23, #48, #8 + ubfx x20, x23, #24, #8 + ubfx x21, x24, #8, #8 + ubfx x22, x24, #32, #8 + ldr x25, [x10] + ldr x25, [x10, #64] + ldr x25, [x10, #128] + ldr x25, [x10, #192] + ldr x25, [x10, #256] + ldr x25, [x10, #320] + ldr x25, [x10, #384] + ldr x25, [x10, #448] + ldr x25, [x10, #512] + ldr x25, [x10, #576] + ldr x25, [x10, #640] + ldr x25, [x10, #704] + ldr x25, [x10, #768] + ldr x25, [x10, #832] + ldr x25, [x10, #896] + ldr x25, [x10, #960] + ldr w16, [x10, x16, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x17, x24, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x23, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x24, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x23, #0, #8 + ldr w17, [x10, x17, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x19, x24, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x24, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x23, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x23, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x10, x19, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x25, x24, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x23, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x24, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x23, #40, #8 + ldr w25, [x10, x25, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w22, [x10, x22, LSL 2] + eor w21, w21, w25, ror 24 + ldp x23, x24, [x28], #16 + eor w20, w20, w21, ror 24 + eor w20, w20, w22, ror 8 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x23 + eor x17, x17, x24 + ubfx x23, x16, #48, #8 + ubfx x26, x16, #24, #8 + ubfx x21, x17, #8, #8 + ubfx x22, x17, #32, #8 + ldr x19, [x10] + ldr x19, [x10, #64] + ldr x19, [x10, #128] + ldr x19, [x10, #192] + ldr x19, [x10, #256] + ldr x19, [x10, #320] + ldr x19, [x10, #384] + ldr x19, [x10, #448] + ldr x19, [x10, #512] + ldr x19, [x10, #576] + ldr x19, [x10, #640] + ldr x19, [x10, #704] + ldr x19, [x10, #768] + ldr x19, [x10, #832] + ldr x19, [x10, #896] + ldr x19, [x10, #960] + ldr w23, [x10, x23, LSL 2] + ldr w26, [x10, x26, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x24, x17, #16, #8 + eor w23, w23, w26, ror 24 + ubfx x26, x16, #56, #8 + eor w23, w23, w21, ror 8 + ubfx x21, x17, #40, #8 + eor w23, w23, w22, ror 16 + ubfx x22, x16, #0, #8 + ldr w24, [x10, x24, LSL 2] + ldr w26, [x10, x26, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x25, x17, #48, #8 + eor w24, w24, w26, ror 24 + ubfx x26, x17, #24, #8 + eor w24, w24, w21, ror 8 + ubfx x21, x16, #8, #8 + eor w24, w24, w22, ror 16 + ubfx x22, x16, #32, #8 + bfi x23, x24, #32, #32 + ldr w25, [x10, x25, LSL 2] + ldr w26, [x10, x26, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x19, x17, #0, #8 + eor w25, w25, w26, ror 24 + ubfx x26, x16, #16, #8 + eor w25, w25, w21, ror 8 + ubfx x21, x17, #56, #8 + eor w24, w25, w22, ror 16 + ubfx x22, x16, #40, #8 + ldr w19, [x10, x19, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w26, [x10, x26, LSL 2] + ldr w22, [x10, x22, LSL 2] + eor w21, w21, w19, ror 24 + ldp x16, x17, [x28], #16 + eor w26, w26, w21, ror 24 + eor w26, w26, w22, ror 8 + bfi x24, x26, #32, #32 + # XOR in Key Schedule + eor x23, x23, x16 + eor x24, x24, x17 + subs w27, w27, #2 + bne L_AES_XTS_decrypt_loop_nr_tweak + ubfx x16, x23, #48, #8 + ubfx x20, x23, #24, #8 + ubfx x21, x24, #8, #8 + ubfx x22, x24, #32, #8 + ldr x25, [x10] + ldr x25, [x10, #64] + ldr x25, [x10, #128] + ldr x25, [x10, #192] + ldr x25, [x10, #256] + ldr x25, [x10, #320] + ldr x25, [x10, #384] + ldr x25, [x10, #448] + ldr x25, [x10, #512] + ldr x25, [x10, #576] + ldr x25, [x10, #640] + ldr x25, [x10, #704] + ldr x25, [x10, #768] + ldr x25, [x10, #832] + ldr x25, [x10, #896] + ldr x25, [x10, #960] + ldr w16, [x10, x16, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x17, x24, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x23, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x24, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x23, #0, #8 + ldr w17, [x10, x17, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x19, x24, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x24, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x23, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x23, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x10, x19, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x25, x24, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x23, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x24, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x23, #40, #8 + ldr w25, [x10, x25, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w22, [x10, x22, LSL 2] + eor w21, w21, w25, ror 24 + ldp x23, x24, [x28], #16 + eor w20, w20, w21, ror 24 + eor w20, w20, w22, ror 8 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x23 + eor x17, x17, x24 + ubfx x23, x17, #32, #8 + ubfx x26, x17, #8, #8 + ubfx x21, x16, #48, #8 + ubfx x22, x16, #24, #8 + lsl w23, w23, #2 + lsl w26, w26, #2 + lsl w21, w21, #2 + lsl w22, w22, #2 + ldr x20, [x10] + ldr x20, [x10, #64] + ldr x20, [x10, #128] + ldr x20, [x10, #192] + ldr x20, [x10, #256] + ldr x20, [x10, #320] + ldr x20, [x10, #384] + ldr x20, [x10, #448] + ldr x20, [x10, #512] + ldr x20, [x10, #576] + ldr x20, [x10, #640] + ldr x20, [x10, #704] + ldr x20, [x10, #768] + ldr x20, [x10, #832] + ldr x20, [x10, #896] + ldr x20, [x10, #960] + ldrb w23, [x10, x23, LSL 0] + ldrb w26, [x10, x26, LSL 0] + ldrb w21, [x10, x21, LSL 0] + ldrb w22, [x10, x22, LSL 0] + ubfx x24, x16, #0, #8 + eor w23, w23, w26, lsl 8 + ubfx x26, x17, #40, #8 + eor w23, w23, w21, lsl 16 + ubfx x21, x17, #16, #8 + eor w23, w23, w22, lsl 24 + ubfx x22, x16, #56, #8 + lsl w24, w24, #2 + lsl w26, w26, #2 + lsl w21, w21, #2 + lsl w22, w22, #2 + ldrb w24, [x10, x24, LSL 0] + ldrb w26, [x10, x26, LSL 0] + ldrb w21, [x10, x21, LSL 0] + ldrb w22, [x10, x22, LSL 0] + ubfx x25, x16, #32, #8 + eor w24, w24, w26, lsl 8 + ubfx x26, x16, #8, #8 + eor w24, w24, w21, lsl 16 + ubfx x21, x17, #48, #8 + eor w24, w24, w22, lsl 24 + ubfx x22, x17, #24, #8 + bfi x23, x24, #32, #32 + lsl w25, w25, #2 + lsl w26, w26, #2 + lsl w21, w21, #2 + lsl w22, w22, #2 + ldrb w25, [x10, x25, LSL 0] + ldrb w26, [x10, x26, LSL 0] + ldrb w21, [x10, x21, LSL 0] + ldrb w22, [x10, x22, LSL 0] + ubfx x20, x17, #56, #8 + eor w25, w25, w26, lsl 8 + ubfx x26, x17, #0, #8 + eor w25, w25, w21, lsl 16 + ubfx x21, x16, #40, #8 + eor w24, w25, w22, lsl 24 + ubfx x22, x16, #16, #8 + lsl w20, w20, #2 + lsl w26, w26, #2 + lsl w21, w21, #2 + lsl w22, w22, #2 + ldrb w20, [x10, x20, LSL 0] + ldrb w26, [x10, x26, LSL 0] + ldrb w21, [x10, x21, LSL 0] + ldrb w22, [x10, x22, LSL 0] + eor w21, w21, w20, lsl 16 + ldp x16, x17, [x28] + eor w26, w26, w21, lsl 8 + eor w26, w26, w22, lsl 16 + bfi x24, x26, #32, #32 + # XOR in Key Schedule + eor x23, x23, x16 + eor x24, x24, x17 + rev32 x23, x23 + rev32 x24, x24 + cmp w2, #16 + blt L_AES_XTS_decrypt_start_partail +L_AES_XTS_decrypt_loop_block: + mov x28, x4 + ldp x12, x13, [x0] + ldp x16, x17, [x28], #16 + eor x12, x12, x23 + eor x13, x13, x24 + rev32 x12, x12 + rev32 x13, x13 + # Round: 0 - XOR in key schedule + eor x12, x12, x16 + eor x13, x13, x17 + sub w27, w7, #2 +L_AES_XTS_decrypt_loop_nr: + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x17, #48, #8 + ubfx x15, x16, #24, #8 + ubfx x21, x17, #8, #8 + ubfx x22, x16, #32, #8 + ldr x19, [x8] + ldr x19, [x8, #64] + ldr x19, [x8, #128] + ldr x19, [x8, #192] + ldr x19, [x8, #256] + ldr x19, [x8, #320] + ldr x19, [x8, #384] + ldr x19, [x8, #448] + ldr x19, [x8, #512] + ldr x19, [x8, #576] + ldr x19, [x8, #640] + ldr x19, [x8, #704] + ldr x19, [x8, #768] + ldr x19, [x8, #832] + ldr x19, [x8, #896] + ldr x19, [x8, #960] + ldr w12, [x8, x12, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x13, x16, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x16, #56, #8 + eor w12, w12, w21, ror 8 + ubfx x21, x17, #40, #8 + eor w12, w12, w22, ror 16 + ubfx x22, x17, #0, #8 + ldr w13, [x8, x13, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x16, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x17, #24, #8 + eor w13, w13, w21, ror 8 + ubfx x21, x16, #8, #8 + eor w13, w13, w22, ror 16 + ubfx x22, x17, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x8, x14, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x16, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x17, #16, #8 + eor w14, w14, w21, ror 8 + ubfx x21, x17, #56, #8 + eor w13, w14, w22, ror 16 + ubfx x22, x16, #40, #8 + ldr w19, [x8, x19, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w19, ror 24 + ldp x16, x17, [x28], #16 + eor w15, w15, w22, ror 8 + eor w15, w15, w21, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + subs w27, w27, #2 + bne L_AES_XTS_decrypt_loop_nr + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x16, #32, #8 + ubfx x15, x17, #8, #8 + ubfx x21, x17, #48, #8 + ubfx x22, x16, #24, #8 + ldr x20, [x9] + ldr x20, [x9, #64] + ldr x20, [x9, #128] + ldr x20, [x9, #192] + ldr x20, [x9, #256] + ldr x20, [x9, #320] + ldr x20, [x9, #384] + ldr x20, [x9, #448] + ldr x20, [x9, #512] + ldr x20, [x9, #576] + ldr x20, [x9, #640] + ldr x20, [x9, #704] + ldr x20, [x9, #768] + ldr x20, [x9, #832] + ldr x20, [x9, #896] + ldr x20, [x9, #960] + ldrb w12, [x9, x12, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ubfx x13, x17, #0, #8 + eor w12, w12, w15, lsl 8 + ubfx x15, x17, #40, #8 + eor w12, w12, w21, lsl 16 + ubfx x21, x16, #16, #8 + eor w12, w12, w22, lsl 24 + ubfx x22, x16, #56, #8 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w13, [x9, x13, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x14, x17, #32, #8 + eor w13, w13, w15, lsl 8 + ubfx x15, x16, #8, #8 + eor w13, w13, w21, lsl 16 + ubfx x21, x16, #48, #8 + eor w13, w13, w22, lsl 24 + ubfx x22, x17, #24, #8 + bfi x12, x13, #32, #32 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w14, [x9, x14, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x20, x17, #56, #8 + eor w14, w14, w15, lsl 8 + ubfx x15, x16, #0, #8 + eor w14, w14, w21, lsl 16 + ubfx x21, x16, #40, #8 + eor w13, w14, w22, lsl 24 + ubfx x22, x17, #16, #8 + ldrb w20, [x9, x20, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + eor w21, w21, w20, lsl 16 + ldp x16, x17, [x28] + eor w15, w15, w21, lsl 8 + eor w15, w15, w22, lsl 16 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + rev32 x12, x12 + rev32 x13, x13 + eor x12, x12, x23 + eor x13, x13, x24 + stp x12, x13, [x1] + and x21, x11, x24, asr 63 + extr x24, x24, x23, #63 + eor x23, x21, x23, lsl 1 + sub w2, w2, #16 + add x0, x0, #16 + add x1, x1, #16 + cmp w2, #16 + bge L_AES_XTS_decrypt_loop_block + cbz w2, L_AES_XTS_decrypt_done_data +L_AES_XTS_decrypt_start_partail: + and x21, x11, x24, asr 63 + extr x26, x24, x23, #63 + eor x25, x21, x23, lsl 1 + mov x28, x4 + ldp x12, x13, [x0], #16 + ldp x16, x17, [x28], #16 + eor x12, x12, x25 + eor x13, x13, x26 + rev32 x12, x12 + rev32 x13, x13 + # Round: 0 - XOR in key schedule + eor x12, x12, x16 + eor x13, x13, x17 + sub w27, w7, #2 +L_AES_XTS_decrypt_loop_nr_partial_1: + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x17, #48, #8 + ubfx x15, x16, #24, #8 + ubfx x21, x17, #8, #8 + ubfx x22, x16, #32, #8 + ldr x19, [x8] + ldr x19, [x8, #64] + ldr x19, [x8, #128] + ldr x19, [x8, #192] + ldr x19, [x8, #256] + ldr x19, [x8, #320] + ldr x19, [x8, #384] + ldr x19, [x8, #448] + ldr x19, [x8, #512] + ldr x19, [x8, #576] + ldr x19, [x8, #640] + ldr x19, [x8, #704] + ldr x19, [x8, #768] + ldr x19, [x8, #832] + ldr x19, [x8, #896] + ldr x19, [x8, #960] + ldr w12, [x8, x12, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x13, x16, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x16, #56, #8 + eor w12, w12, w21, ror 8 + ubfx x21, x17, #40, #8 + eor w12, w12, w22, ror 16 + ubfx x22, x17, #0, #8 + ldr w13, [x8, x13, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x16, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x17, #24, #8 + eor w13, w13, w21, ror 8 + ubfx x21, x16, #8, #8 + eor w13, w13, w22, ror 16 + ubfx x22, x17, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x8, x14, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x16, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x17, #16, #8 + eor w14, w14, w21, ror 8 + ubfx x21, x17, #56, #8 + eor w13, w14, w22, ror 16 + ubfx x22, x16, #40, #8 + ldr w19, [x8, x19, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w19, ror 24 + ldp x16, x17, [x28], #16 + eor w15, w15, w22, ror 8 + eor w15, w15, w21, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + subs w27, w27, #2 + bne L_AES_XTS_decrypt_loop_nr_partial_1 + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x16, #32, #8 + ubfx x15, x17, #8, #8 + ubfx x21, x17, #48, #8 + ubfx x22, x16, #24, #8 + ldr x20, [x9] + ldr x20, [x9, #64] + ldr x20, [x9, #128] + ldr x20, [x9, #192] + ldr x20, [x9, #256] + ldr x20, [x9, #320] + ldr x20, [x9, #384] + ldr x20, [x9, #448] + ldr x20, [x9, #512] + ldr x20, [x9, #576] + ldr x20, [x9, #640] + ldr x20, [x9, #704] + ldr x20, [x9, #768] + ldr x20, [x9, #832] + ldr x20, [x9, #896] + ldr x20, [x9, #960] + ldrb w12, [x9, x12, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ubfx x13, x17, #0, #8 + eor w12, w12, w15, lsl 8 + ubfx x15, x17, #40, #8 + eor w12, w12, w21, lsl 16 + ubfx x21, x16, #16, #8 + eor w12, w12, w22, lsl 24 + ubfx x22, x16, #56, #8 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w13, [x9, x13, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x14, x17, #32, #8 + eor w13, w13, w15, lsl 8 + ubfx x15, x16, #8, #8 + eor w13, w13, w21, lsl 16 + ubfx x21, x16, #48, #8 + eor w13, w13, w22, lsl 24 + ubfx x22, x17, #24, #8 + bfi x12, x13, #32, #32 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w14, [x9, x14, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x20, x17, #56, #8 + eor w14, w14, w15, lsl 8 + ubfx x15, x16, #0, #8 + eor w14, w14, w21, lsl 16 + ubfx x21, x16, #40, #8 + eor w13, w14, w22, lsl 24 + ubfx x22, x17, #16, #8 + ldrb w20, [x9, x20, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + eor w21, w21, w20, lsl 16 + ldp x16, x17, [x28] + eor w15, w15, w21, lsl 8 + eor w15, w15, w22, lsl 16 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + rev32 x12, x12 + rev32 x13, x13 + eor x12, x12, x25 + eor x13, x13, x26 + stp x12, x13, [x6] + add x1, x1, #16 + mov w16, w2 +L_AES_XTS_decrypt_start_byte: + ldrb w21, [x6] + ldrb w22, [x0], #1 + strb w21, [x1], #1 + strb w22, [x6], #1 + subs w16, w16, #1 + bgt L_AES_XTS_decrypt_start_byte + sub x1, x1, x2 + sub x6, x6, x2 + sub x1, x1, #16 + mov x28, x4 + ldp x12, x13, [x6] + ldp x16, x17, [x28], #16 + eor x12, x12, x23 + eor x13, x13, x24 + rev32 x12, x12 + rev32 x13, x13 + # Round: 0 - XOR in key schedule + eor x12, x12, x16 + eor x13, x13, x17 + sub w27, w7, #2 +L_AES_XTS_decrypt_loop_nr_partial_2: + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x17, #48, #8 + ubfx x15, x16, #24, #8 + ubfx x21, x17, #8, #8 + ubfx x22, x16, #32, #8 + ldr x19, [x8] + ldr x19, [x8, #64] + ldr x19, [x8, #128] + ldr x19, [x8, #192] + ldr x19, [x8, #256] + ldr x19, [x8, #320] + ldr x19, [x8, #384] + ldr x19, [x8, #448] + ldr x19, [x8, #512] + ldr x19, [x8, #576] + ldr x19, [x8, #640] + ldr x19, [x8, #704] + ldr x19, [x8, #768] + ldr x19, [x8, #832] + ldr x19, [x8, #896] + ldr x19, [x8, #960] + ldr w12, [x8, x12, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x13, x16, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x16, #56, #8 + eor w12, w12, w21, ror 8 + ubfx x21, x17, #40, #8 + eor w12, w12, w22, ror 16 + ubfx x22, x17, #0, #8 + ldr w13, [x8, x13, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x16, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x17, #24, #8 + eor w13, w13, w21, ror 8 + ubfx x21, x16, #8, #8 + eor w13, w13, w22, ror 16 + ubfx x22, x17, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x8, x14, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x16, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x17, #16, #8 + eor w14, w14, w21, ror 8 + ubfx x21, x17, #56, #8 + eor w13, w14, w22, ror 16 + ubfx x22, x16, #40, #8 + ldr w19, [x8, x19, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w19, ror 24 + ldp x16, x17, [x28], #16 + eor w15, w15, w22, ror 8 + eor w15, w15, w21, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + subs w27, w27, #2 + bne L_AES_XTS_decrypt_loop_nr_partial_2 + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x16, #32, #8 + ubfx x15, x17, #8, #8 + ubfx x21, x17, #48, #8 + ubfx x22, x16, #24, #8 + ldr x20, [x9] + ldr x20, [x9, #64] + ldr x20, [x9, #128] + ldr x20, [x9, #192] + ldr x20, [x9, #256] + ldr x20, [x9, #320] + ldr x20, [x9, #384] + ldr x20, [x9, #448] + ldr x20, [x9, #512] + ldr x20, [x9, #576] + ldr x20, [x9, #640] + ldr x20, [x9, #704] + ldr x20, [x9, #768] + ldr x20, [x9, #832] + ldr x20, [x9, #896] + ldr x20, [x9, #960] + ldrb w12, [x9, x12, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ubfx x13, x17, #0, #8 + eor w12, w12, w15, lsl 8 + ubfx x15, x17, #40, #8 + eor w12, w12, w21, lsl 16 + ubfx x21, x16, #16, #8 + eor w12, w12, w22, lsl 24 + ubfx x22, x16, #56, #8 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w13, [x9, x13, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x14, x17, #32, #8 + eor w13, w13, w15, lsl 8 + ubfx x15, x16, #8, #8 + eor w13, w13, w21, lsl 16 + ubfx x21, x16, #48, #8 + eor w13, w13, w22, lsl 24 + ubfx x22, x17, #24, #8 + bfi x12, x13, #32, #32 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w14, [x9, x14, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x20, x17, #56, #8 + eor w14, w14, w15, lsl 8 + ubfx x15, x16, #0, #8 + eor w14, w14, w21, lsl 16 + ubfx x21, x16, #40, #8 + eor w13, w14, w22, lsl 24 + ubfx x22, x17, #16, #8 + ldrb w20, [x9, x20, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + eor w21, w21, w20, lsl 16 + ldp x16, x17, [x28] + eor w15, w15, w21, lsl 8 + eor w15, w15, w22, lsl 16 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + rev32 x12, x12 + rev32 x13, x13 + eor x12, x12, x23 + eor x13, x13, x24 + stp x12, x13, [x1] +L_AES_XTS_decrypt_done_data: + ldp x17, x19, [x29, #24] + ldp x20, x21, [x29, #40] + ldp x22, x23, [x29, #56] + ldp x24, x25, [x29, #72] + ldp x26, x27, [x29, #88] + ldr x28, [x29, #104] + ldp x29, x30, [sp], #0x70 + ret +#ifndef __APPLE__ + .size AES_XTS_decrypt,.-AES_XTS_decrypt +#endif /* __APPLE__ */ +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_XTS */ +#endif /* !WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP */ #endif /* !defined(NO_AES) && defined(WOLFSSL_ARMASM) */ #endif /* __aarch64__ */ #endif /* WOLFSSL_ARMASM */ diff --git a/wolfcrypt/src/port/arm/armv8-aes-asm_c.c b/wolfcrypt/src/port/arm/armv8-aes-asm_c.c index e76ad8e1a..c8d1a9633 100644 --- a/wolfcrypt/src/port/arm/armv8-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/armv8-aes-asm_c.c @@ -43562,6 +43562,13287 @@ void AES_XTS_decrypt_AARCH64(const byte* in, byte* out, word32 sz, #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_XTS */ #endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#ifndef WOLFSSL_ARMASM_NO_NEON +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +static const word8 L_AES_ARM64_NEON_te[] = { + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, + 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, + 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, + 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, + 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, + 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, + 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, + 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, + 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, + 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, + 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, + 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, + 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, + 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, + 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, + 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, + 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16, +}; + +static const word8 L_AES_ARM64_NEON_shift_rows_shuffle[] = { + 0x0c, 0x09, 0x06, 0x03, 0x00, 0x0d, 0x0a, 0x07, + 0x04, 0x01, 0x0e, 0x0b, 0x08, 0x05, 0x02, 0x0f, +}; + +#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || + * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +void AES_invert_key_NEON(unsigned char* ks, word32 rounds); +void AES_invert_key_NEON(unsigned char* ks, word32 rounds) +{ + __asm__ __volatile__ ( + "add x3, %x[ks], %x[rounds], lsl 4\n\t" + "mov x2, %x[ks]\n\t" + "mov w4, %w[rounds]\n\t" + "\n" + "L_AES_invert_key_NEON_loop_%=: \n\t" + "ld1 {v0.2d}, [x2]\n\t" + "ld1 {v1.2d}, [x3]\n\t" + "st1 {v0.2d}, [x3]\n\t" + "st1 {v1.2d}, [x2], #16\n\t" + "subs w4, w4, #2\n\t" + "sub x3, x3, #16\n\t" + "b.ne L_AES_invert_key_NEON_loop_%=\n\t" + "movi v2.16b, #27\n\t" + "add x2, %x[ks], #16\n\t" + "sub w4, %w[rounds], #1\n\t" + "\n" + "L_AES_invert_key_NEON_mix_loop_%=: \n\t" + "ld1 {v0.2d}, [x2]\n\t" + "sshr v5.16b, v0.16b, #7\n\t" + "ushr v6.16b, v0.16b, #6\n\t" + "ushr v3.16b, v0.16b, #5\n\t" + "and v5.16b, v5.16b, v2.16b\n\t" + "pmul v6.16b, v6.16b, v2.16b\n\t" + "pmul v3.16b, v3.16b, v2.16b\n\t" + "shl v4.16b, v0.16b, #1\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "shl v4.16b, v0.16b, #3\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "shl v4.16b, v0.16b, #2\n\t" + "eor v6.16b, v6.16b, v4.16b\n\t" + "eor v4.16b, v5.16b, v3.16b\n\t" + "eor v3.16b, v3.16b, v0.16b\n\t" + "eor v5.16b, v6.16b, v3.16b\n\t" + "eor v6.16b, v6.16b, v4.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "shl v0.4s, v4.4s, #8\n\t" + "rev32 v5.8h, v5.8h\n\t" + "sri v0.4s, v4.4s, #24\n\t" + "eor v0.16b, v0.16b, v6.16b\n\t" + "shl v4.4s, v3.4s, #24\n\t" + "eor v0.16b, v0.16b, v5.16b\n\t" + "sri v4.4s, v3.4s, #8\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "st1 {v0.2d}, [x2], #16\n\t" + "subs w4, w4, #1\n\t" + "b.ne L_AES_invert_key_NEON_mix_loop_%=\n\t" + : [ks] "+r" (ks), [rounds] "+r" (rounds) + : + : "memory", "cc", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", + "v6" + ); +} + +#endif /* HAVE_AES_DECRYPT */ +static const word32 L_AES_ARM64_NEON_rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1b000000, 0x36000000, +}; + +void AES_set_encrypt_key_NEON(const unsigned char* key, word32 len, + unsigned char* ks); +void AES_set_encrypt_key_NEON(const unsigned char* key, word32 len, + unsigned char* ks) +{ + const word32* rcon = L_AES_ARM64_NEON_rcon; + const word8* te = L_AES_ARM64_NEON_te; + __asm__ __volatile__ ( + "ld1 {v6.16b, v7.16b, v8.16b, v9.16b}, [%[te]], #0x40\n\t" + "ld1 {v10.16b, v11.16b, v12.16b, v13.16b}, [%[te]], #0x40\n\t" + "ld1 {v14.16b, v15.16b, v16.16b, v17.16b}, [%[te]], #0x40\n\t" + "ld1 {v18.16b, v19.16b, v20.16b, v21.16b}, [%[te]]\n\t" + "movi v2.16b, #0x40\n\t" + "movi v3.16b, #0x80\n\t" + "movi v4.16b, #0xc0\n\t" + "movi v5.16b, #27\n\t" + "eor v26.16b, v26.16b, v26.16b\n\t" + "cmp %w[len], #0x80\n\t" + "b.eq L_AES_set_encrypt_key_NEON_start_128_%=\n\t" + "cmp %w[len], #0xc0\n\t" + "b.eq L_AES_set_encrypt_key_NEON_start_192_%=\n\t" + "ld1 {v0.16b}, [%x[key]], #16\n\t" + "ld1 {v1.16b}, [%x[key]]\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "st1 {v1.2d}, [%x[ks]], #16\n\t" + "mov x3, #6\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_loop_256_%=: \n\t" + "eor v22.16b, v1.16b, v2.16b\n\t" + "eor v23.16b, v1.16b, v3.16b\n\t" + "eor v24.16b, v1.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "shl v22.4s, v25.4s, #8\n\t" + "sri v22.4s, v25.4s, #24\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ld1r {v25.4s}, [%[rcon]], #4\n\t" + "dup v22.4s, v0.s[0]\n\t" + "dup v23.2s, v0.s[1]\n\t" + "dup v24.2s, v0.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v0.16b, v0.16b, v23.16b\n\t" + "eor v0.16b, v0.16b, v24.16b\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "eor v22.16b, v0.16b, v2.16b\n\t" + "eor v23.16b, v0.16b, v3.16b\n\t" + "eor v24.16b, v0.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v0.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "eor v1.16b, v1.16b, v25.16b\n\t" + "dup v22.4s, v1.s[0]\n\t" + "dup v23.2s, v1.s[1]\n\t" + "dup v24.2s, v1.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v1.16b, v1.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v1.16b, v1.16b, v23.16b\n\t" + "eor v1.16b, v1.16b, v24.16b\n\t" + "st1 {v1.2d}, [%x[ks]], #16\n\t" + "subs x3, x3, #1\n\t" + "b.ne L_AES_set_encrypt_key_NEON_loop_256_%=\n\t" + "eor v22.16b, v1.16b, v2.16b\n\t" + "eor v23.16b, v1.16b, v3.16b\n\t" + "eor v24.16b, v1.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "shl v22.4s, v25.4s, #8\n\t" + "sri v22.4s, v25.4s, #24\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ld1r {v25.4s}, [%[rcon]], #4\n\t" + "dup v22.4s, v0.s[0]\n\t" + "dup v23.2s, v0.s[1]\n\t" + "dup v24.2s, v0.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v0.16b, v0.16b, v23.16b\n\t" + "eor v0.16b, v0.16b, v24.16b\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "b L_AES_set_encrypt_key_NEON_end_%=\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_start_192_%=: \n\t" + "ld1 {v0.16b}, [%x[key]], #16\n\t" + "ld1 {v1.8b}, [%x[key]]\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.8b, v1.8b\n\t" + "st1 {v0.16b}, [%x[ks]], #16\n\t" + "st1 {v1.8b}, [%x[ks]], #8\n\t" + "ext v1.16b, v1.16b, v1.16b, #8\n\t" + "mov x3, #7\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_loop_192_%=: \n\t" + "eor v22.16b, v1.16b, v2.16b\n\t" + "eor v23.16b, v1.16b, v3.16b\n\t" + "eor v24.16b, v1.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "shl v22.4s, v25.4s, #8\n\t" + "sri v22.4s, v25.4s, #24\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ld1r {v25.4s}, [%[rcon]], #4\n\t" + "dup v22.4s, v0.s[0]\n\t" + "dup v23.2s, v0.s[1]\n\t" + "dup v24.2s, v0.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v0.16b, v0.16b, v23.16b\n\t" + "eor v0.16b, v0.16b, v24.16b\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "mov v23.16b, v26.16b\n\t" + "mov v23.s[2], v0.s[3]\n\t" + "eor v1.16b, v1.16b, v23.16b\n\t" + "mov v23.16b, v26.16b\n\t" + "mov v23.s[3], v1.s[2]\n\t" + "eor v1.16b, v1.16b, v23.16b\n\t" + "st1 {v1.d}[1], [%x[ks]], #8\n\t" + "subs x3, x3, #1\n\t" + "b.ne L_AES_set_encrypt_key_NEON_loop_192_%=\n\t" + "eor v22.16b, v1.16b, v2.16b\n\t" + "eor v23.16b, v1.16b, v3.16b\n\t" + "eor v24.16b, v1.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "shl v22.4s, v25.4s, #8\n\t" + "sri v22.4s, v25.4s, #24\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ld1r {v25.4s}, [%[rcon]], #4\n\t" + "dup v22.4s, v0.s[0]\n\t" + "dup v23.2s, v0.s[1]\n\t" + "dup v24.2s, v0.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v0.16b, v0.16b, v23.16b\n\t" + "eor v0.16b, v0.16b, v24.16b\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "b L_AES_set_encrypt_key_NEON_end_%=\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_start_128_%=: \n\t" + "ld1 {v0.16b}, [%x[key]]\n\t" + "rev32 v0.16b, v0.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "mov x3, #10\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_loop_128_%=: \n\t" + "eor v22.16b, v0.16b, v2.16b\n\t" + "eor v23.16b, v0.16b, v3.16b\n\t" + "eor v24.16b, v0.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v0.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "shl v22.4s, v25.4s, #8\n\t" + "sri v22.4s, v25.4s, #24\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ld1r {v25.4s}, [%[rcon]], #4\n\t" + "dup v22.4s, v0.s[0]\n\t" + "dup v23.2s, v0.s[1]\n\t" + "dup v24.2s, v0.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v0.16b, v0.16b, v23.16b\n\t" + "eor v0.16b, v0.16b, v24.16b\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "subs x3, x3, #1\n\t" + "b.ne L_AES_set_encrypt_key_NEON_loop_128_%=\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_end_%=: \n\t" + : [len] "+r" (len), [ks] "+r" (ks) + : [key] "r" (key), [rcon] "r" (rcon), [te] "r" (te) + : "memory", "cc", "x3", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", + "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", + "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26" + ); +} + +#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_ECB) +void AES_ECB_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +void AES_ECB_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + __asm__ __volatile__ ( + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[te]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[te]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[te]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[te]]\n\t" + "cmp %x[len], #0x40\n\t" + "b.lt L_AES_ECB_encrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_loop_4_%=: \n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[in]], #0x40\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "movi v4.16b, #27\n\t" + "and v8.16b, v8.16b, v4.16b\n\t" + "and v9.16b, v9.16b, v4.16b\n\t" + "and v10.16b, v10.16b, v4.16b\n\t" + "and v11.16b, v11.16b, v4.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "eor v6.16b, v10.16b, v2.16b\n\t" + "eor v7.16b, v11.16b, v3.16b\n\t" + "shl v12.4s, v4.4s, #8\n\t" + "shl v13.4s, v5.4s, #8\n\t" + "shl v14.4s, v6.4s, #8\n\t" + "shl v15.4s, v7.4s, #8\n\t" + "sri v12.4s, v4.4s, #24\n\t" + "sri v13.4s, v5.4s, #24\n\t" + "sri v14.4s, v6.4s, #24\n\t" + "sri v15.4s, v7.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "shl v6.4s, v2.4s, #24\n\t" + "shl v7.4s, v3.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "sri v6.4s, v2.4s, #8\n\t" + "sri v7.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + /* Round Done */ + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_encrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "sub %x[len], %x[len], #0x40\n\t" + "cmp %x[len], #0x40\n\t" + "b.ge L_AES_ECB_encrypt_NEON_loop_4_%=\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_start_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "cmp %x[len], #16\n\t" + "b.eq L_AES_ECB_encrypt_NEON_start_1_%=\n\t" + "b.lt L_AES_ECB_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_loop_2_%=: \n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b, v1.16b}, [%x[in]], #32\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_loop_nr_2_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v10.16b, v0.16b, #1\n\t" + "shl v11.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "shl v10.4s, v4.4s, #8\n\t" + "shl v11.4s, v5.4s, #8\n\t" + "sri v10.4s, v4.4s, #24\n\t" + "sri v11.4s, v5.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* Round Done */ + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_encrypt_NEON_loop_nr_2_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "sub %x[len], %x[len], #32\n\t" + "cmp %x[len], #0\n\t" + "b.eq L_AES_ECB_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_start_1_%=: \n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b}, [%x[in]], #16\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x8], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v0.8h\n\t" + "eor v11.16b, v10.16b, v0.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v0.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v0.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v0.16b, v10.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_encrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x8], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_data_done_%=: \n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te), [shuffle] "r" (shuffle) + : "memory", "cc", "x7", "x8", "v0", "v1", "v2", "v3", "v4", "v5", "v6", + "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", + "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", + "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || + * WOLFSSL_AES_COUNTER || HAVE_AES_ECB */ +#ifdef HAVE_AES_CBC +void AES_CBC_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +void AES_CBC_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + __asm__ __volatile__ ( + "ld1 {v10.16b, v11.16b, v12.16b, v13.16b}, [%[te]], #0x40\n\t" + "ld1 {v14.16b, v15.16b, v16.16b, v17.16b}, [%[te]], #0x40\n\t" + "ld1 {v18.16b, v19.16b, v20.16b, v21.16b}, [%[te]], #0x40\n\t" + "ld1 {v22.16b, v23.16b, v24.16b, v25.16b}, [%[te]]\n\t" + "movi v6.16b, #0x40\n\t" + "movi v7.16b, #0x80\n\t" + "movi v8.16b, #0xc0\n\t" + "movi v9.16b, #27\n\t" + "ld1 {v0.2d}, [%x[iv]]\n\t" + "ld1 {v26.2d}, [%[shuffle]]\n\t" + "\n" + "L_AES_CBC_encrypt_NEON_loop_block_%=: \n\t" + "add x9, %x[ks], #16\n\t" + "ld1 {v1.16b}, [%x[in]], #16\n\t" + "ld1 {v2.16b}, [%x[ks]]\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v2.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_encrypt_NEON_loop_nr_%=: \n\t" + "eor v2.16b, v0.16b, v6.16b\n\t" + "eor v3.16b, v0.16b, v7.16b\n\t" + "eor v4.16b, v0.16b, v8.16b\n\t" + "tbl v1.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v0.16b\n\t" + "tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b\n\t" + "tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b\n\t" + "tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v3.16b, v3.16b, v4.16b\n\t" + "orr v1.16b, v1.16b, v3.16b\n\t" + "tbl v1.16b, {v1.16b}, v26.16b\n\t" + "ld1 {v0.2d}, [x9], #16\n\t" + "sshr v4.16b, v1.16b, #7\n\t" + "shl v3.16b, v1.16b, #1\n\t" + "and v4.16b, v4.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v3.16b\n\t" + "rev32 v2.8h, v1.8h\n\t" + "eor v5.16b, v4.16b, v1.16b\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "shl v3.4s, v1.4s, #24\n\t" + "shl v2.4s, v5.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "sri v3.4s, v1.4s, #8\n\t" + "sri v2.4s, v5.4s, #24\n\t" + "eor v1.16b, v4.16b, v3.16b\n\t" + "eor v1.16b, v1.16b, v2.16b\n\t" + "eor v2.16b, v1.16b, v6.16b\n\t" + "eor v3.16b, v1.16b, v7.16b\n\t" + "eor v4.16b, v1.16b, v8.16b\n\t" + "tbl v0.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v1.16b\n\t" + "tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b\n\t" + "tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b\n\t" + "tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b\n\t" + "orr v0.16b, v0.16b, v2.16b\n\t" + "orr v3.16b, v3.16b, v4.16b\n\t" + "orr v0.16b, v0.16b, v3.16b\n\t" + "tbl v0.16b, {v0.16b}, v26.16b\n\t" + "ld1 {v1.2d}, [x9], #16\n\t" + "sshr v4.16b, v0.16b, #7\n\t" + "shl v3.16b, v0.16b, #1\n\t" + "and v4.16b, v4.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v3.16b\n\t" + "rev32 v2.8h, v0.8h\n\t" + "eor v5.16b, v4.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "shl v3.4s, v0.4s, #24\n\t" + "shl v2.4s, v5.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v1.16b\n\t" + "sri v3.4s, v0.4s, #8\n\t" + "sri v2.4s, v5.4s, #24\n\t" + "eor v0.16b, v4.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "subs w8, w8, #2\n\t" + "b.ne L_AES_CBC_encrypt_NEON_loop_nr_%=\n\t" + "eor v2.16b, v0.16b, v6.16b\n\t" + "eor v3.16b, v0.16b, v7.16b\n\t" + "eor v4.16b, v0.16b, v8.16b\n\t" + "tbl v1.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v0.16b\n\t" + "tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b\n\t" + "tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b\n\t" + "tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v3.16b, v3.16b, v4.16b\n\t" + "orr v1.16b, v1.16b, v3.16b\n\t" + "tbl v1.16b, {v1.16b}, v26.16b\n\t" + "ld1 {v0.2d}, [x9], #16\n\t" + "sshr v4.16b, v1.16b, #7\n\t" + "shl v3.16b, v1.16b, #1\n\t" + "and v4.16b, v4.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v3.16b\n\t" + "rev32 v2.8h, v1.8h\n\t" + "eor v5.16b, v4.16b, v1.16b\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "shl v3.4s, v1.4s, #24\n\t" + "shl v2.4s, v5.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "sri v3.4s, v1.4s, #8\n\t" + "sri v2.4s, v5.4s, #24\n\t" + "eor v1.16b, v4.16b, v3.16b\n\t" + "eor v1.16b, v1.16b, v2.16b\n\t" + "eor v2.16b, v1.16b, v6.16b\n\t" + "eor v3.16b, v1.16b, v7.16b\n\t" + "eor v4.16b, v1.16b, v8.16b\n\t" + "tbl v0.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v1.16b\n\t" + "tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b\n\t" + "tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b\n\t" + "tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b\n\t" + "orr v0.16b, v0.16b, v2.16b\n\t" + "orr v3.16b, v3.16b, v4.16b\n\t" + "orr v0.16b, v0.16b, v3.16b\n\t" + "tbl v0.16b, {v0.16b}, v26.16b\n\t" + "ld1 {v1.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v1.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "subs %x[len], %x[len], #16\n\t" + "b.ne L_AES_CBC_encrypt_NEON_loop_block_%=\n\t" + "st1 {v0.2d}, [%x[iv]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [iv] "+r" (iv) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te), [shuffle] "r" (shuffle) + : "memory", "cc", "x8", "x9", "v0", "v1", "v2", "v3", "v4", "v5", "v6", + "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", + "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", + "v26" + ); +} + +#endif /* HAVE_AES_CBC */ +#ifdef WOLFSSL_AES_COUNTER +void AES_CTR_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +void AES_CTR_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + __asm__ __volatile__ ( + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[te]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[te]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[te]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[te]]\n\t" + "ld1 {v2.2d}, [%x[ctr]]\n\t" + "rev64 v8.16b, v2.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "mov x10, v8.d[1]\n\t" + "mov x11, v8.d[0]\n\t" + "cmp %x[len], #0x40\n\t" + "b.lt L_AES_CTR_encrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_loop_4_%=: \n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + "mov v8.d[1], x10\n\t" + "mov v8.d[0], x11\n\t" + "rev64 v8.16b, v8.16b\n\t" + "rev32 v8.16b, v8.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v8.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v8.d[1], x10\n\t" + "mov v8.d[0], x11\n\t" + "rev64 v8.16b, v8.16b\n\t" + "rev32 v8.16b, v8.16b\n\t" + "eor v1.16b, v8.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v8.d[1], x10\n\t" + "mov v8.d[0], x11\n\t" + "rev64 v8.16b, v8.16b\n\t" + "rev32 v8.16b, v8.16b\n\t" + "eor v2.16b, v8.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v8.d[1], x10\n\t" + "mov v8.d[0], x11\n\t" + "rev64 v8.16b, v8.16b\n\t" + "rev32 v8.16b, v8.16b\n\t" + "eor v3.16b, v8.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v8.d[1], x10\n\t" + "mov v8.d[0], x11\n\t" + "rev64 v8.16b, v8.16b\n\t" + "rev32 v8.16b, v8.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "movi v4.16b, #27\n\t" + "and v8.16b, v8.16b, v4.16b\n\t" + "and v9.16b, v9.16b, v4.16b\n\t" + "and v10.16b, v10.16b, v4.16b\n\t" + "and v11.16b, v11.16b, v4.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "eor v6.16b, v10.16b, v2.16b\n\t" + "eor v7.16b, v11.16b, v3.16b\n\t" + "shl v12.4s, v4.4s, #8\n\t" + "shl v13.4s, v5.4s, #8\n\t" + "shl v14.4s, v6.4s, #8\n\t" + "shl v15.4s, v7.4s, #8\n\t" + "sri v12.4s, v4.4s, #24\n\t" + "sri v13.4s, v5.4s, #24\n\t" + "sri v14.4s, v6.4s, #24\n\t" + "sri v15.4s, v7.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "shl v6.4s, v2.4s, #24\n\t" + "shl v7.4s, v3.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "sri v6.4s, v2.4s, #8\n\t" + "sri v7.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + /* Round Done */ + "subs w8, w8, #2\n\t" + "b.ne L_AES_CTR_encrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[in]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "sub %x[len], %x[len], #0x40\n\t" + "cmp %x[len], #0x40\n\t" + "b.ge L_AES_CTR_encrypt_NEON_loop_4_%=\n\t" + "mov v2.d[1], x10\n\t" + "mov v2.d[0], x11\n\t" + "rev64 v2.16b, v2.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_start_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "cmp %x[len], #16\n\t" + "b.eq L_AES_CTR_encrypt_NEON_start_1_%=\n\t" + "b.lt L_AES_CTR_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_loop_2_%=: \n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v2.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v2.d[1], x10\n\t" + "mov v2.d[0], x11\n\t" + "rev64 v2.16b, v2.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "eor v1.16b, v2.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v2.d[1], x10\n\t" + "mov v2.d[0], x11\n\t" + "rev64 v2.16b, v2.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_loop_nr_2_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v10.16b, v0.16b, #1\n\t" + "shl v11.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "shl v10.4s, v4.4s, #8\n\t" + "shl v11.4s, v5.4s, #8\n\t" + "sri v10.4s, v4.4s, #24\n\t" + "sri v11.4s, v5.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* Round Done */ + "subs w8, w8, #2\n\t" + "b.ne L_AES_CTR_encrypt_NEON_loop_nr_2_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "ld1 {v4.16b, v5.16b}, [%x[in]], #32\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "sub %x[len], %x[len], #32\n\t" + "cmp %x[len], #0\n\t" + "b.eq L_AES_CTR_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_start_1_%=: \n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v2.16b, v4.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x9], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v0.8h\n\t" + "eor v11.16b, v10.16b, v0.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v0.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v0.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v0.16b, v10.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "subs w8, w8, #2\n\t" + "b.ne L_AES_CTR_encrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x9], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "ld1 {v4.16b}, [%x[in]], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v2.d[1], x10\n\t" + "mov v2.d[0], x11\n\t" + "rev64 v2.16b, v2.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_data_done_%=: \n\t" + "rev32 v2.16b, v2.16b\n\t" + "st1 {v2.2d}, [%x[ctr]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [ctr] "+r" (ctr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te), [shuffle] "r" (shuffle) + : "memory", "cc", "x8", "x9", "x10", "x11", "v0", "v1", "v2", "v3", + "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", + "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", + "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +static const word8 L_AES_ARM64_NEON_td[] = { + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, + 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, + 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, + 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, + 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, + 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, + 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, + 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, + 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, + 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, + 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, + 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, + 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, + 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, + 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, + 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d, +}; + +static const word8 L_AES_ARM64_NEON_shift_rows_invshuffle[] = { + 0x04, 0x09, 0x0e, 0x03, 0x08, 0x0d, 0x02, 0x07, + 0x0c, 0x01, 0x06, 0x0b, 0x00, 0x05, 0x0a, 0x0f, +}; + +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) +void AES_ECB_decrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +void AES_ECB_decrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr) +{ + const word8* td = L_AES_ARM64_NEON_td; + const word8* invshuffle = L_AES_ARM64_NEON_shift_rows_invshuffle; + __asm__ __volatile__ ( + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[td]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[td]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[td]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + "cmp %x[len], #0x40\n\t" + "b.lt L_AES_ECB_decrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_loop_4_%=: \n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[in]], #0x40\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "ushr v14.16b, v6.16b, #6\n\t" + "ushr v15.16b, v7.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "shl v2.16b, v6.16b, #2\n\t" + "shl v3.16b, v7.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "eor v14.16b, v14.16b, v2.16b\n\t" + "eor v15.16b, v15.16b, v3.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "ushr v2.16b, v6.16b, #5\n\t" + "ushr v3.16b, v7.16b, #5\n\t" + "pmul v0.16b, v0.16b, v28.16b\n\t" + "pmul v1.16b, v1.16b, v28.16b\n\t" + "pmul v2.16b, v2.16b, v28.16b\n\t" + "pmul v3.16b, v3.16b, v28.16b\n\t" + "shl v28.16b, v4.16b, #3\n\t" + "shl v29.16b, v5.16b, #3\n\t" + "shl v30.16b, v6.16b, #3\n\t" + "shl v31.16b, v7.16b, #3\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v0.16b\n\t" + "eor v29.16b, v9.16b, v1.16b\n\t" + "eor v30.16b, v10.16b, v2.16b\n\t" + "eor v31.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v10.16b, v14.16b, v2.16b\n\t" + "eor v11.16b, v15.16b, v3.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v4.16b\n\t" + "eor v29.16b, v29.16b, v5.16b\n\t" + "eor v30.16b, v30.16b, v6.16b\n\t" + "eor v31.16b, v31.16b, v7.16b\n\t" + "shl v4.4s, v28.4s, #8\n\t" + "shl v5.4s, v29.4s, #8\n\t" + "shl v6.4s, v30.4s, #8\n\t" + "shl v7.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v4.4s, v28.4s, #24\n\t" + "sri v5.4s, v29.4s, #24\n\t" + "sri v6.4s, v30.4s, #24\n\t" + "sri v7.4s, v31.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + "shl v28.4s, v0.4s, #24\n\t" + "shl v29.4s, v1.4s, #24\n\t" + "shl v30.4s, v2.4s, #24\n\t" + "shl v31.4s, v3.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "sri v28.4s, v0.4s, #8\n\t" + "sri v29.4s, v1.4s, #8\n\t" + "sri v30.4s, v2.4s, #8\n\t" + "sri v31.4s, v3.4s, #8\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v0.16b, #6\n\t" + "ushr v13.16b, v1.16b, #6\n\t" + "ushr v14.16b, v2.16b, #6\n\t" + "ushr v15.16b, v3.16b, #6\n\t" + "shl v4.16b, v0.16b, #2\n\t" + "shl v5.16b, v1.16b, #2\n\t" + "shl v6.16b, v2.16b, #2\n\t" + "shl v7.16b, v3.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "eor v14.16b, v14.16b, v6.16b\n\t" + "eor v15.16b, v15.16b, v7.16b\n\t" + "ushr v4.16b, v0.16b, #5\n\t" + "ushr v5.16b, v1.16b, #5\n\t" + "ushr v6.16b, v2.16b, #5\n\t" + "ushr v7.16b, v3.16b, #5\n\t" + "pmul v4.16b, v4.16b, v28.16b\n\t" + "pmul v5.16b, v5.16b, v28.16b\n\t" + "pmul v6.16b, v6.16b, v28.16b\n\t" + "pmul v7.16b, v7.16b, v28.16b\n\t" + "shl v28.16b, v0.16b, #3\n\t" + "shl v29.16b, v1.16b, #3\n\t" + "shl v30.16b, v2.16b, #3\n\t" + "shl v31.16b, v3.16b, #3\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v4.16b\n\t" + "eor v29.16b, v9.16b, v5.16b\n\t" + "eor v30.16b, v10.16b, v6.16b\n\t" + "eor v31.16b, v11.16b, v7.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + "eor v8.16b, v12.16b, v4.16b\n\t" + "eor v9.16b, v13.16b, v5.16b\n\t" + "eor v10.16b, v14.16b, v6.16b\n\t" + "eor v11.16b, v15.16b, v7.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v0.16b\n\t" + "eor v29.16b, v29.16b, v1.16b\n\t" + "eor v30.16b, v30.16b, v2.16b\n\t" + "eor v31.16b, v31.16b, v3.16b\n\t" + "shl v0.4s, v28.4s, #8\n\t" + "shl v1.4s, v29.4s, #8\n\t" + "shl v2.4s, v30.4s, #8\n\t" + "shl v3.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v0.4s, v28.4s, #24\n\t" + "sri v1.4s, v29.4s, #24\n\t" + "sri v2.4s, v30.4s, #24\n\t" + "sri v3.4s, v31.4s, #24\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + "shl v28.4s, v4.4s, #24\n\t" + "shl v29.4s, v5.4s, #24\n\t" + "shl v30.4s, v6.4s, #24\n\t" + "shl v31.4s, v7.4s, #24\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "sri v28.4s, v4.4s, #8\n\t" + "sri v29.4s, v5.4s, #8\n\t" + "sri v30.4s, v6.4s, #8\n\t" + "sri v31.4s, v7.4s, #8\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_decrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "ushr v14.16b, v6.16b, #6\n\t" + "ushr v15.16b, v7.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "shl v2.16b, v6.16b, #2\n\t" + "shl v3.16b, v7.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "eor v14.16b, v14.16b, v2.16b\n\t" + "eor v15.16b, v15.16b, v3.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "ushr v2.16b, v6.16b, #5\n\t" + "ushr v3.16b, v7.16b, #5\n\t" + "pmul v0.16b, v0.16b, v28.16b\n\t" + "pmul v1.16b, v1.16b, v28.16b\n\t" + "pmul v2.16b, v2.16b, v28.16b\n\t" + "pmul v3.16b, v3.16b, v28.16b\n\t" + "shl v28.16b, v4.16b, #3\n\t" + "shl v29.16b, v5.16b, #3\n\t" + "shl v30.16b, v6.16b, #3\n\t" + "shl v31.16b, v7.16b, #3\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v0.16b\n\t" + "eor v29.16b, v9.16b, v1.16b\n\t" + "eor v30.16b, v10.16b, v2.16b\n\t" + "eor v31.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v10.16b, v14.16b, v2.16b\n\t" + "eor v11.16b, v15.16b, v3.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v4.16b\n\t" + "eor v29.16b, v29.16b, v5.16b\n\t" + "eor v30.16b, v30.16b, v6.16b\n\t" + "eor v31.16b, v31.16b, v7.16b\n\t" + "shl v4.4s, v28.4s, #8\n\t" + "shl v5.4s, v29.4s, #8\n\t" + "shl v6.4s, v30.4s, #8\n\t" + "shl v7.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v4.4s, v28.4s, #24\n\t" + "sri v5.4s, v29.4s, #24\n\t" + "sri v6.4s, v30.4s, #24\n\t" + "sri v7.4s, v31.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + "shl v28.4s, v0.4s, #24\n\t" + "shl v29.4s, v1.4s, #24\n\t" + "shl v30.4s, v2.4s, #24\n\t" + "shl v31.4s, v3.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "sri v28.4s, v0.4s, #8\n\t" + "sri v29.4s, v1.4s, #8\n\t" + "sri v30.4s, v2.4s, #8\n\t" + "sri v31.4s, v3.4s, #8\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "sub %x[len], %x[len], #0x40\n\t" + "cmp %x[len], #0x40\n\t" + "b.ge L_AES_ECB_decrypt_NEON_loop_4_%=\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_start_2_%=: \n\t" + "cmp %x[len], #16\n\t" + "b.eq L_AES_ECB_decrypt_NEON_start_1_%=\n\t" + "b.lt L_AES_ECB_decrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_loop_2_%=: \n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b, v1.16b}, [%x[in]], #32\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_loop_nr_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "pmul v0.16b, v0.16b, v10.16b\n\t" + "pmul v1.16b, v1.16b, v10.16b\n\t" + "shl v10.16b, v4.16b, #3\n\t" + "shl v11.16b, v5.16b, #3\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v0.16b\n\t" + "eor v11.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v5.16b\n\t" + "shl v4.4s, v10.4s, #8\n\t" + "shl v5.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v4.4s, v10.4s, #24\n\t" + "sri v5.4s, v11.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "shl v10.4s, v0.4s, #24\n\t" + "shl v11.4s, v1.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "sri v10.4s, v0.4s, #8\n\t" + "sri v11.4s, v1.4s, #8\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v0.16b, #6\n\t" + "ushr v13.16b, v1.16b, #6\n\t" + "shl v4.16b, v0.16b, #2\n\t" + "shl v5.16b, v1.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "ushr v4.16b, v0.16b, #5\n\t" + "ushr v5.16b, v1.16b, #5\n\t" + "pmul v4.16b, v4.16b, v10.16b\n\t" + "pmul v5.16b, v5.16b, v10.16b\n\t" + "shl v10.16b, v0.16b, #3\n\t" + "shl v11.16b, v1.16b, #3\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v4.16b\n\t" + "eor v11.16b, v9.16b, v5.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v8.16b, v12.16b, v4.16b\n\t" + "eor v9.16b, v13.16b, v5.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v0.16b\n\t" + "eor v11.16b, v11.16b, v1.16b\n\t" + "shl v0.4s, v10.4s, #8\n\t" + "shl v1.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v0.4s, v10.4s, #24\n\t" + "sri v1.4s, v11.4s, #24\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "shl v10.4s, v4.4s, #24\n\t" + "shl v11.4s, v5.4s, #24\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "sri v10.4s, v4.4s, #8\n\t" + "sri v11.4s, v5.4s, #8\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_decrypt_NEON_loop_nr_2_%=\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "pmul v0.16b, v0.16b, v10.16b\n\t" + "pmul v1.16b, v1.16b, v10.16b\n\t" + "shl v10.16b, v4.16b, #3\n\t" + "shl v11.16b, v5.16b, #3\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v0.16b\n\t" + "eor v11.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v5.16b\n\t" + "shl v4.4s, v10.4s, #8\n\t" + "shl v5.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v4.4s, v10.4s, #24\n\t" + "sri v5.4s, v11.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "shl v10.4s, v0.4s, #24\n\t" + "shl v11.4s, v1.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "sri v10.4s, v0.4s, #8\n\t" + "sri v11.4s, v1.4s, #8\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "sub %x[len], %x[len], #32\n\t" + "cmp %x[len], #0\n\t" + "b.eq L_AES_ECB_decrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_start_1_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "ld1 {v3.2d}, [%[invshuffle]]\n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b}, [%x[in]], #16\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x8], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "ushr v11.16b, v0.16b, #6\n\t" + "ushr v8.16b, v0.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v0.16b\n\t" + "shl v0.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v0.4s, v9.4s, #24\n\t" + "eor v0.16b, v0.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v0.16b, v0.16b, v9.16b\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_decrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x8], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_data_done_%=: \n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr) + : [in] "r" (in), [ks] "r" (ks), [td] "r" (td), + [invshuffle] "r" (invshuffle) + : "memory", "cc", "x7", "x8", "v0", "v1", "v2", "v3", "v4", "v5", "v6", + "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", + "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", + "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ +#ifdef HAVE_AES_CBC +void AES_CBC_decrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +void AES_CBC_decrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv) +{ + const word8* td = L_AES_ARM64_NEON_td; + const word8* invshuffle = L_AES_ARM64_NEON_shift_rows_invshuffle; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-96]!\n\t" + "add x29, sp, #0\n\t" + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[td]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[td]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[td]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + "ld1 {v3.2d}, [%x[iv]]\n\t" + "add x10, x29, #16\n\t" + "cmp %x[len], #0x40\n\t" + "b.lt L_AES_CBC_decrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_loop_4_%=: \n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[in]], #0x40\n\t" + "st1 {v3.2d, v4.2d, v5.2d, v6.2d}, [x10]\n\t" + "str q7, [x10, #64]\n\t" + "ld1 {v8.2d}, [x9], #16\n\t" + "rev32 v4.16b, v4.16b\n\t" + "rev32 v5.16b, v5.16b\n\t" + "rev32 v6.16b, v6.16b\n\t" + "rev32 v7.16b, v7.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + "eor v6.16b, v6.16b, v8.16b\n\t" + "eor v7.16b, v7.16b, v8.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v10.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v11.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v5.16b, v12.16b\n\t" + "eor v2.16b, v6.16b, v12.16b\n\t" + "eor v3.16b, v7.16b, v12.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b\n\t" + "tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v4.16b, v13.16b\n\t" + "eor v1.16b, v5.16b, v13.16b\n\t" + "eor v2.16b, v6.16b, v13.16b\n\t" + "eor v3.16b, v7.16b, v13.16b\n\t" + "tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v4.16b, v14.16b\n\t" + "eor v1.16b, v5.16b, v14.16b\n\t" + "eor v2.16b, v6.16b, v14.16b\n\t" + "eor v3.16b, v7.16b, v14.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v8.16b, {v8.16b}, v4.16b\n\t" + "tbl v9.16b, {v9.16b}, v4.16b\n\t" + "tbl v10.16b, {v10.16b}, v4.16b\n\t" + "tbl v11.16b, {v11.16b}, v4.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v0.16b, v8.16b, #7\n\t" + "sshr v1.16b, v9.16b, #7\n\t" + "sshr v2.16b, v10.16b, #7\n\t" + "sshr v3.16b, v11.16b, #7\n\t" + "shl v12.16b, v8.16b, #1\n\t" + "shl v13.16b, v9.16b, #1\n\t" + "shl v14.16b, v10.16b, #1\n\t" + "shl v15.16b, v11.16b, #1\n\t" + "and v0.16b, v0.16b, v28.16b\n\t" + "and v1.16b, v1.16b, v28.16b\n\t" + "and v2.16b, v2.16b, v28.16b\n\t" + "and v3.16b, v3.16b, v28.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + "ushr v12.16b, v8.16b, #6\n\t" + "ushr v13.16b, v9.16b, #6\n\t" + "ushr v14.16b, v10.16b, #6\n\t" + "ushr v15.16b, v11.16b, #6\n\t" + "shl v4.16b, v8.16b, #2\n\t" + "shl v5.16b, v9.16b, #2\n\t" + "shl v6.16b, v10.16b, #2\n\t" + "shl v7.16b, v11.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "eor v14.16b, v14.16b, v6.16b\n\t" + "eor v15.16b, v15.16b, v7.16b\n\t" + "ushr v4.16b, v8.16b, #5\n\t" + "ushr v5.16b, v9.16b, #5\n\t" + "ushr v6.16b, v10.16b, #5\n\t" + "ushr v7.16b, v11.16b, #5\n\t" + "pmul v4.16b, v4.16b, v28.16b\n\t" + "pmul v5.16b, v5.16b, v28.16b\n\t" + "pmul v6.16b, v6.16b, v28.16b\n\t" + "pmul v7.16b, v7.16b, v28.16b\n\t" + "shl v28.16b, v8.16b, #3\n\t" + "shl v29.16b, v9.16b, #3\n\t" + "shl v30.16b, v10.16b, #3\n\t" + "shl v31.16b, v11.16b, #3\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "eor v28.16b, v0.16b, v4.16b\n\t" + "eor v29.16b, v1.16b, v5.16b\n\t" + "eor v30.16b, v2.16b, v6.16b\n\t" + "eor v31.16b, v3.16b, v7.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v0.16b, v12.16b, v4.16b\n\t" + "eor v1.16b, v13.16b, v5.16b\n\t" + "eor v2.16b, v14.16b, v6.16b\n\t" + "eor v3.16b, v15.16b, v7.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v8.16b\n\t" + "eor v29.16b, v29.16b, v9.16b\n\t" + "eor v30.16b, v30.16b, v10.16b\n\t" + "eor v31.16b, v31.16b, v11.16b\n\t" + "shl v8.4s, v28.4s, #8\n\t" + "shl v9.4s, v29.4s, #8\n\t" + "shl v10.4s, v30.4s, #8\n\t" + "shl v11.4s, v31.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "sri v8.4s, v28.4s, #24\n\t" + "sri v9.4s, v29.4s, #24\n\t" + "sri v10.4s, v30.4s, #24\n\t" + "sri v11.4s, v31.4s, #24\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "shl v28.4s, v4.4s, #24\n\t" + "shl v29.4s, v5.4s, #24\n\t" + "shl v30.4s, v6.4s, #24\n\t" + "shl v31.4s, v7.4s, #24\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v9.16b, v9.16b, v1.16b\n\t" + "eor v10.16b, v10.16b, v2.16b\n\t" + "eor v11.16b, v11.16b, v3.16b\n\t" + "sri v28.4s, v4.4s, #8\n\t" + "sri v29.4s, v5.4s, #8\n\t" + "sri v30.4s, v6.4s, #8\n\t" + "sri v31.4s, v7.4s, #8\n\t" + "eor v8.16b, v8.16b, v28.16b\n\t" + "eor v9.16b, v9.16b, v29.16b\n\t" + "eor v10.16b, v10.16b, v30.16b\n\t" + "eor v11.16b, v11.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v4.16b\n\t" + /* Round Done */ + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v10.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v11.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v9.16b, v12.16b\n\t" + "eor v2.16b, v10.16b, v12.16b\n\t" + "eor v3.16b, v11.16b, v12.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b\n\t" + "tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "eor v0.16b, v8.16b, v13.16b\n\t" + "eor v1.16b, v9.16b, v13.16b\n\t" + "eor v2.16b, v10.16b, v13.16b\n\t" + "eor v3.16b, v11.16b, v13.16b\n\t" + "tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "eor v0.16b, v8.16b, v14.16b\n\t" + "eor v1.16b, v9.16b, v14.16b\n\t" + "eor v2.16b, v10.16b, v14.16b\n\t" + "eor v3.16b, v11.16b, v14.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "ld1 {v8.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v8.16b\n\t" + "tbl v5.16b, {v5.16b}, v8.16b\n\t" + "tbl v6.16b, {v6.16b}, v8.16b\n\t" + "tbl v7.16b, {v7.16b}, v8.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v0.16b, v4.16b, #7\n\t" + "sshr v1.16b, v5.16b, #7\n\t" + "sshr v2.16b, v6.16b, #7\n\t" + "sshr v3.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "and v0.16b, v0.16b, v28.16b\n\t" + "and v1.16b, v1.16b, v28.16b\n\t" + "and v2.16b, v2.16b, v28.16b\n\t" + "and v3.16b, v3.16b, v28.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "ushr v14.16b, v6.16b, #6\n\t" + "ushr v15.16b, v7.16b, #6\n\t" + "shl v8.16b, v4.16b, #2\n\t" + "shl v9.16b, v5.16b, #2\n\t" + "shl v10.16b, v6.16b, #2\n\t" + "shl v11.16b, v7.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v8.16b\n\t" + "eor v13.16b, v13.16b, v9.16b\n\t" + "eor v14.16b, v14.16b, v10.16b\n\t" + "eor v15.16b, v15.16b, v11.16b\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "ushr v9.16b, v5.16b, #5\n\t" + "ushr v10.16b, v6.16b, #5\n\t" + "ushr v11.16b, v7.16b, #5\n\t" + "pmul v8.16b, v8.16b, v28.16b\n\t" + "pmul v9.16b, v9.16b, v28.16b\n\t" + "pmul v10.16b, v10.16b, v28.16b\n\t" + "pmul v11.16b, v11.16b, v28.16b\n\t" + "shl v28.16b, v4.16b, #3\n\t" + "shl v29.16b, v5.16b, #3\n\t" + "shl v30.16b, v6.16b, #3\n\t" + "shl v31.16b, v7.16b, #3\n\t" + "eor v8.16b, v8.16b, v28.16b\n\t" + "eor v9.16b, v9.16b, v29.16b\n\t" + "eor v10.16b, v10.16b, v30.16b\n\t" + "eor v11.16b, v11.16b, v31.16b\n\t" + "eor v28.16b, v0.16b, v8.16b\n\t" + "eor v29.16b, v1.16b, v9.16b\n\t" + "eor v30.16b, v2.16b, v10.16b\n\t" + "eor v31.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v5.16b\n\t" + "eor v10.16b, v10.16b, v6.16b\n\t" + "eor v11.16b, v11.16b, v7.16b\n\t" + "eor v0.16b, v12.16b, v8.16b\n\t" + "eor v1.16b, v13.16b, v9.16b\n\t" + "eor v2.16b, v14.16b, v10.16b\n\t" + "eor v3.16b, v15.16b, v11.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v4.16b\n\t" + "eor v29.16b, v29.16b, v5.16b\n\t" + "eor v30.16b, v30.16b, v6.16b\n\t" + "eor v31.16b, v31.16b, v7.16b\n\t" + "shl v4.4s, v28.4s, #8\n\t" + "shl v5.4s, v29.4s, #8\n\t" + "shl v6.4s, v30.4s, #8\n\t" + "shl v7.4s, v31.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "sri v4.4s, v28.4s, #24\n\t" + "sri v5.4s, v29.4s, #24\n\t" + "sri v6.4s, v30.4s, #24\n\t" + "sri v7.4s, v31.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + "shl v28.4s, v8.4s, #24\n\t" + "shl v29.4s, v9.4s, #24\n\t" + "shl v30.4s, v10.4s, #24\n\t" + "shl v31.4s, v11.4s, #24\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + "sri v28.4s, v8.4s, #8\n\t" + "sri v29.4s, v9.4s, #8\n\t" + "sri v30.4s, v10.4s, #8\n\t" + "sri v31.4s, v11.4s, #8\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v8.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + "eor v6.16b, v6.16b, v8.16b\n\t" + "eor v7.16b, v7.16b, v8.16b\n\t" + /* Round Done */ + "subs w8, w8, #2\n\t" + "b.ne L_AES_CBC_decrypt_NEON_loop_nr_4_%=\n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v10.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v11.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v5.16b, v12.16b\n\t" + "eor v2.16b, v6.16b, v12.16b\n\t" + "eor v3.16b, v7.16b, v12.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b\n\t" + "tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v4.16b, v13.16b\n\t" + "eor v1.16b, v5.16b, v13.16b\n\t" + "eor v2.16b, v6.16b, v13.16b\n\t" + "eor v3.16b, v7.16b, v13.16b\n\t" + "tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v4.16b, v14.16b\n\t" + "eor v1.16b, v5.16b, v14.16b\n\t" + "eor v2.16b, v6.16b, v14.16b\n\t" + "eor v3.16b, v7.16b, v14.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v8.16b, {v8.16b}, v4.16b\n\t" + "tbl v9.16b, {v9.16b}, v4.16b\n\t" + "tbl v10.16b, {v10.16b}, v4.16b\n\t" + "tbl v11.16b, {v11.16b}, v4.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v0.16b, v8.16b, #7\n\t" + "sshr v1.16b, v9.16b, #7\n\t" + "sshr v2.16b, v10.16b, #7\n\t" + "sshr v3.16b, v11.16b, #7\n\t" + "shl v12.16b, v8.16b, #1\n\t" + "shl v13.16b, v9.16b, #1\n\t" + "shl v14.16b, v10.16b, #1\n\t" + "shl v15.16b, v11.16b, #1\n\t" + "and v0.16b, v0.16b, v28.16b\n\t" + "and v1.16b, v1.16b, v28.16b\n\t" + "and v2.16b, v2.16b, v28.16b\n\t" + "and v3.16b, v3.16b, v28.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + "ushr v12.16b, v8.16b, #6\n\t" + "ushr v13.16b, v9.16b, #6\n\t" + "ushr v14.16b, v10.16b, #6\n\t" + "ushr v15.16b, v11.16b, #6\n\t" + "shl v4.16b, v8.16b, #2\n\t" + "shl v5.16b, v9.16b, #2\n\t" + "shl v6.16b, v10.16b, #2\n\t" + "shl v7.16b, v11.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "eor v14.16b, v14.16b, v6.16b\n\t" + "eor v15.16b, v15.16b, v7.16b\n\t" + "ushr v4.16b, v8.16b, #5\n\t" + "ushr v5.16b, v9.16b, #5\n\t" + "ushr v6.16b, v10.16b, #5\n\t" + "ushr v7.16b, v11.16b, #5\n\t" + "pmul v4.16b, v4.16b, v28.16b\n\t" + "pmul v5.16b, v5.16b, v28.16b\n\t" + "pmul v6.16b, v6.16b, v28.16b\n\t" + "pmul v7.16b, v7.16b, v28.16b\n\t" + "shl v28.16b, v8.16b, #3\n\t" + "shl v29.16b, v9.16b, #3\n\t" + "shl v30.16b, v10.16b, #3\n\t" + "shl v31.16b, v11.16b, #3\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "eor v28.16b, v0.16b, v4.16b\n\t" + "eor v29.16b, v1.16b, v5.16b\n\t" + "eor v30.16b, v2.16b, v6.16b\n\t" + "eor v31.16b, v3.16b, v7.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v0.16b, v12.16b, v4.16b\n\t" + "eor v1.16b, v13.16b, v5.16b\n\t" + "eor v2.16b, v14.16b, v6.16b\n\t" + "eor v3.16b, v15.16b, v7.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v8.16b\n\t" + "eor v29.16b, v29.16b, v9.16b\n\t" + "eor v30.16b, v30.16b, v10.16b\n\t" + "eor v31.16b, v31.16b, v11.16b\n\t" + "shl v8.4s, v28.4s, #8\n\t" + "shl v9.4s, v29.4s, #8\n\t" + "shl v10.4s, v30.4s, #8\n\t" + "shl v11.4s, v31.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "sri v8.4s, v28.4s, #24\n\t" + "sri v9.4s, v29.4s, #24\n\t" + "sri v10.4s, v30.4s, #24\n\t" + "sri v11.4s, v31.4s, #24\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "shl v28.4s, v4.4s, #24\n\t" + "shl v29.4s, v5.4s, #24\n\t" + "shl v30.4s, v6.4s, #24\n\t" + "shl v31.4s, v7.4s, #24\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v9.16b, v9.16b, v1.16b\n\t" + "eor v10.16b, v10.16b, v2.16b\n\t" + "eor v11.16b, v11.16b, v3.16b\n\t" + "sri v28.4s, v4.4s, #8\n\t" + "sri v29.4s, v5.4s, #8\n\t" + "sri v30.4s, v6.4s, #8\n\t" + "sri v31.4s, v7.4s, #8\n\t" + "eor v8.16b, v8.16b, v28.16b\n\t" + "eor v9.16b, v9.16b, v29.16b\n\t" + "eor v10.16b, v10.16b, v30.16b\n\t" + "eor v11.16b, v11.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v4.16b\n\t" + /* Round Done */ + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v10.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v11.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v9.16b, v12.16b\n\t" + "eor v2.16b, v10.16b, v12.16b\n\t" + "eor v3.16b, v11.16b, v12.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b\n\t" + "tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "eor v0.16b, v8.16b, v13.16b\n\t" + "eor v1.16b, v9.16b, v13.16b\n\t" + "eor v2.16b, v10.16b, v13.16b\n\t" + "eor v3.16b, v11.16b, v13.16b\n\t" + "tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "eor v0.16b, v8.16b, v14.16b\n\t" + "eor v1.16b, v9.16b, v14.16b\n\t" + "eor v2.16b, v10.16b, v14.16b\n\t" + "eor v3.16b, v11.16b, v14.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "ld1 {v8.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v8.16b\n\t" + "tbl v5.16b, {v5.16b}, v8.16b\n\t" + "tbl v6.16b, {v6.16b}, v8.16b\n\t" + "tbl v7.16b, {v7.16b}, v8.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v8.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + "eor v6.16b, v6.16b, v8.16b\n\t" + "eor v7.16b, v7.16b, v8.16b\n\t" + /* Round Done */ + "rev32 v4.16b, v4.16b\n\t" + "rev32 v5.16b, v5.16b\n\t" + "rev32 v6.16b, v6.16b\n\t" + "rev32 v7.16b, v7.16b\n\t" + "ld1 {v8.2d, v9.2d, v10.2d, v11.2d}, [x10]\n\t" + "ldr q3, [x10, #64]\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "st1 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[out]], #0x40\n\t" + "sub %x[len], %x[len], #0x40\n\t" + "cmp %x[len], #0x40\n\t" + "b.ge L_AES_CBC_decrypt_NEON_loop_4_%=\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_start_2_%=: \n\t" + "cmp %x[len], #16\n\t" + "b.eq L_AES_CBC_decrypt_NEON_start_1_%=\n\t" + "b.lt L_AES_CBC_decrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_loop_2_%=: \n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.16b, v5.16b}, [%x[in]], #32\n\t" + "st1 {v3.2d, v4.2d, v5.2d}, [x10]\n\t" + "ld1 {v8.2d}, [x9], #16\n\t" + "rev32 v4.16b, v4.16b\n\t" + "rev32 v5.16b, v5.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_loop_nr_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v5.16b, v12.16b\n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "eor v2.16b, v4.16b, v13.16b\n\t" + "eor v3.16b, v5.16b, v13.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v4.16b, v14.16b\n\t" + "eor v1.16b, v5.16b, v14.16b\n\t" + "orr v8.16b, v8.16b, v2.16b\n\t" + "orr v9.16b, v9.16b, v3.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v8.16b, {v8.16b}, v4.16b\n\t" + "tbl v9.16b, {v9.16b}, v4.16b\n\t" + "movi v2.16b, #27\n\t" + "sshr v0.16b, v8.16b, #7\n\t" + "sshr v1.16b, v9.16b, #7\n\t" + "shl v12.16b, v8.16b, #1\n\t" + "shl v13.16b, v9.16b, #1\n\t" + "and v0.16b, v0.16b, v2.16b\n\t" + "and v1.16b, v1.16b, v2.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "ushr v12.16b, v8.16b, #6\n\t" + "ushr v13.16b, v9.16b, #6\n\t" + "shl v4.16b, v8.16b, #2\n\t" + "shl v5.16b, v9.16b, #2\n\t" + "pmul v12.16b, v12.16b, v2.16b\n\t" + "pmul v13.16b, v13.16b, v2.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "ushr v4.16b, v8.16b, #5\n\t" + "ushr v5.16b, v9.16b, #5\n\t" + "pmul v4.16b, v4.16b, v2.16b\n\t" + "pmul v5.16b, v5.16b, v2.16b\n\t" + "shl v2.16b, v8.16b, #3\n\t" + "shl v3.16b, v9.16b, #3\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v2.16b, v0.16b, v4.16b\n\t" + "eor v3.16b, v1.16b, v5.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v0.16b, v12.16b, v4.16b\n\t" + "eor v1.16b, v13.16b, v5.16b\n\t" + "eor v12.16b, v12.16b, v2.16b\n\t" + "eor v13.16b, v13.16b, v3.16b\n\t" + "eor v2.16b, v2.16b, v8.16b\n\t" + "eor v3.16b, v3.16b, v9.16b\n\t" + "shl v8.4s, v2.4s, #8\n\t" + "shl v9.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "sri v8.4s, v2.4s, #24\n\t" + "sri v9.4s, v3.4s, #24\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "shl v2.4s, v4.4s, #24\n\t" + "shl v3.4s, v5.4s, #24\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v9.16b, v9.16b, v1.16b\n\t" + "sri v2.4s, v4.4s, #8\n\t" + "sri v3.4s, v5.4s, #8\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "eor v9.16b, v9.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v9.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "eor v2.16b, v8.16b, v13.16b\n\t" + "eor v3.16b, v9.16b, v13.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "eor v0.16b, v8.16b, v14.16b\n\t" + "eor v1.16b, v9.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v2.16b\n\t" + "orr v5.16b, v5.16b, v3.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "ld1 {v8.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v8.16b\n\t" + "tbl v5.16b, {v5.16b}, v8.16b\n\t" + "movi v2.16b, #27\n\t" + "sshr v0.16b, v4.16b, #7\n\t" + "sshr v1.16b, v5.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "and v0.16b, v0.16b, v2.16b\n\t" + "and v1.16b, v1.16b, v2.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "shl v8.16b, v4.16b, #2\n\t" + "shl v9.16b, v5.16b, #2\n\t" + "pmul v12.16b, v12.16b, v2.16b\n\t" + "pmul v13.16b, v13.16b, v2.16b\n\t" + "eor v12.16b, v12.16b, v8.16b\n\t" + "eor v13.16b, v13.16b, v9.16b\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "ushr v9.16b, v5.16b, #5\n\t" + "pmul v8.16b, v8.16b, v2.16b\n\t" + "pmul v9.16b, v9.16b, v2.16b\n\t" + "shl v2.16b, v4.16b, #3\n\t" + "shl v3.16b, v5.16b, #3\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "eor v9.16b, v9.16b, v3.16b\n\t" + "eor v2.16b, v0.16b, v8.16b\n\t" + "eor v3.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v5.16b\n\t" + "eor v0.16b, v12.16b, v8.16b\n\t" + "eor v1.16b, v13.16b, v9.16b\n\t" + "eor v12.16b, v12.16b, v2.16b\n\t" + "eor v13.16b, v13.16b, v3.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v5.16b\n\t" + "shl v4.4s, v2.4s, #8\n\t" + "shl v5.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "sri v4.4s, v2.4s, #24\n\t" + "sri v5.4s, v3.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "shl v2.4s, v8.4s, #24\n\t" + "shl v3.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "sri v2.4s, v8.4s, #8\n\t" + "sri v3.4s, v9.4s, #8\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v8.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + /* Round Done */ + "subs w8, w8, #2\n\t" + "b.ne L_AES_CBC_decrypt_NEON_loop_nr_2_%=\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v5.16b, v12.16b\n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "eor v2.16b, v4.16b, v13.16b\n\t" + "eor v3.16b, v5.16b, v13.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v4.16b, v14.16b\n\t" + "eor v1.16b, v5.16b, v14.16b\n\t" + "orr v8.16b, v8.16b, v2.16b\n\t" + "orr v9.16b, v9.16b, v3.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v8.16b, {v8.16b}, v4.16b\n\t" + "tbl v9.16b, {v9.16b}, v4.16b\n\t" + "movi v2.16b, #27\n\t" + "sshr v0.16b, v8.16b, #7\n\t" + "sshr v1.16b, v9.16b, #7\n\t" + "shl v12.16b, v8.16b, #1\n\t" + "shl v13.16b, v9.16b, #1\n\t" + "and v0.16b, v0.16b, v2.16b\n\t" + "and v1.16b, v1.16b, v2.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "ushr v12.16b, v8.16b, #6\n\t" + "ushr v13.16b, v9.16b, #6\n\t" + "shl v4.16b, v8.16b, #2\n\t" + "shl v5.16b, v9.16b, #2\n\t" + "pmul v12.16b, v12.16b, v2.16b\n\t" + "pmul v13.16b, v13.16b, v2.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "ushr v4.16b, v8.16b, #5\n\t" + "ushr v5.16b, v9.16b, #5\n\t" + "pmul v4.16b, v4.16b, v2.16b\n\t" + "pmul v5.16b, v5.16b, v2.16b\n\t" + "shl v2.16b, v8.16b, #3\n\t" + "shl v3.16b, v9.16b, #3\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v2.16b, v0.16b, v4.16b\n\t" + "eor v3.16b, v1.16b, v5.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v0.16b, v12.16b, v4.16b\n\t" + "eor v1.16b, v13.16b, v5.16b\n\t" + "eor v12.16b, v12.16b, v2.16b\n\t" + "eor v13.16b, v13.16b, v3.16b\n\t" + "eor v2.16b, v2.16b, v8.16b\n\t" + "eor v3.16b, v3.16b, v9.16b\n\t" + "shl v8.4s, v2.4s, #8\n\t" + "shl v9.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "sri v8.4s, v2.4s, #24\n\t" + "sri v9.4s, v3.4s, #24\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "shl v2.4s, v4.4s, #24\n\t" + "shl v3.4s, v5.4s, #24\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v9.16b, v9.16b, v1.16b\n\t" + "sri v2.4s, v4.4s, #8\n\t" + "sri v3.4s, v5.4s, #8\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "eor v9.16b, v9.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v9.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "eor v2.16b, v8.16b, v13.16b\n\t" + "eor v3.16b, v9.16b, v13.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "eor v0.16b, v8.16b, v14.16b\n\t" + "eor v1.16b, v9.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v2.16b\n\t" + "orr v5.16b, v5.16b, v3.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "ld1 {v8.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v8.16b\n\t" + "tbl v5.16b, {v5.16b}, v8.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v8.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + /* Round Done */ + "rev32 v4.16b, v4.16b\n\t" + "rev32 v5.16b, v5.16b\n\t" + "ld1 {v1.16b, v2.16b, v3.16b}, [x10]\n\t" + "eor v4.16b, v4.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v2.16b\n\t" + "st1 {v4.16b, v5.16b}, [%x[out]], #32\n\t" + "sub %x[len], %x[len], #32\n\t" + "cmp %x[len], #32\n\t" + "b.ge L_AES_CBC_decrypt_NEON_loop_2_%=\n\t" + "cmp %x[len], #0\n\t" + "b.eq L_AES_CBC_decrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_start_1_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "ld1 {v7.2d}, [%[invshuffle]]\n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.16b}, [%x[in]], #16\n\t" + "mov v10.16b, v3.16b\n\t" + "mov v11.16b, v4.16b\n\t" + "ld1 {v8.16b}, [x9], #16\n\t" + "rev32 v4.16b, v4.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v4.16b, v4.16b, v8.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_loop_nr_1_%=: \n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v4.16b, v13.16b\n\t" + "eor v2.16b, v4.16b, v14.16b\n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v8.16b, v8.16b, v1.16b\n\t" + "tbl v8.16b, {v8.16b}, v7.16b\n\t" + "sshr v2.16b, v8.16b, #7\n\t" + "ushr v3.16b, v8.16b, #6\n\t" + "ushr v0.16b, v8.16b, #5\n\t" + "and v2.16b, v2.16b, v15.16b\n\t" + "pmul v3.16b, v3.16b, v15.16b\n\t" + "pmul v0.16b, v0.16b, v15.16b\n\t" + "shl v1.16b, v8.16b, #1\n\t" + "eor v2.16b, v2.16b, v1.16b\n\t" + "shl v1.16b, v8.16b, #3\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "shl v1.16b, v8.16b, #2\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v2.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v2.16b, v3.16b, v0.16b\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v1.16b, v8.16b\n\t" + "shl v8.4s, v1.4s, #8\n\t" + "rev32 v2.8h, v2.8h\n\t" + "sri v8.4s, v1.4s, #24\n\t" + "eor v8.16b, v8.16b, v3.16b\n\t" + "shl v1.4s, v0.4s, #24\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "sri v1.4s, v0.4s, #8\n\t" + "eor v8.16b, v8.16b, v1.16b\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v8.16b, v13.16b\n\t" + "eor v2.16b, v8.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v4.16b, v4.16b, v1.16b\n\t" + "tbl v4.16b, {v4.16b}, v7.16b\n\t" + "sshr v2.16b, v4.16b, #7\n\t" + "ushr v3.16b, v4.16b, #6\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "and v2.16b, v2.16b, v15.16b\n\t" + "pmul v3.16b, v3.16b, v15.16b\n\t" + "pmul v0.16b, v0.16b, v15.16b\n\t" + "shl v1.16b, v4.16b, #1\n\t" + "eor v2.16b, v2.16b, v1.16b\n\t" + "shl v1.16b, v4.16b, #3\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "shl v1.16b, v4.16b, #2\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v2.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v2.16b, v3.16b, v0.16b\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "shl v4.4s, v1.4s, #8\n\t" + "rev32 v2.8h, v2.8h\n\t" + "sri v4.4s, v1.4s, #24\n\t" + "eor v4.16b, v4.16b, v3.16b\n\t" + "shl v1.4s, v0.4s, #24\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "sri v1.4s, v0.4s, #8\n\t" + "eor v4.16b, v4.16b, v1.16b\n\t" + "ld1 {v8.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v8.16b\n\t" + "subs w8, w8, #2\n\t" + "b.ne L_AES_CBC_decrypt_NEON_loop_nr_1_%=\n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v4.16b, v13.16b\n\t" + "eor v2.16b, v4.16b, v14.16b\n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v8.16b, v8.16b, v1.16b\n\t" + "tbl v8.16b, {v8.16b}, v7.16b\n\t" + "sshr v2.16b, v8.16b, #7\n\t" + "ushr v3.16b, v8.16b, #6\n\t" + "ushr v0.16b, v8.16b, #5\n\t" + "and v2.16b, v2.16b, v15.16b\n\t" + "pmul v3.16b, v3.16b, v15.16b\n\t" + "pmul v0.16b, v0.16b, v15.16b\n\t" + "shl v1.16b, v8.16b, #1\n\t" + "eor v2.16b, v2.16b, v1.16b\n\t" + "shl v1.16b, v8.16b, #3\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "shl v1.16b, v8.16b, #2\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v2.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v2.16b, v3.16b, v0.16b\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v1.16b, v8.16b\n\t" + "shl v8.4s, v1.4s, #8\n\t" + "rev32 v2.8h, v2.8h\n\t" + "sri v8.4s, v1.4s, #24\n\t" + "eor v8.16b, v8.16b, v3.16b\n\t" + "shl v1.4s, v0.4s, #24\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "sri v1.4s, v0.4s, #8\n\t" + "eor v8.16b, v8.16b, v1.16b\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v8.16b, v13.16b\n\t" + "eor v2.16b, v8.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v4.16b, v4.16b, v1.16b\n\t" + "tbl v4.16b, {v4.16b}, v7.16b\n\t" + "ld1 {v8.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v8.16b\n\t" + "rev32 v4.16b, v4.16b\n\t" + "mov v3.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "st1 {v4.16b}, [%x[out]], #16\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_data_done_%=: \n\t" + "st1 {v3.2d}, [%x[iv]]\n\t" + "ldp x29, x30, [sp], #0x60\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [iv] "+r" (iv) + : [in] "r" (in), [ks] "r" (ks), [td] "r" (td), + [invshuffle] "r" (invshuffle) + : "memory", "cc", "x8", "x9", "x10", "v0", "v1", "v2", "v3", "v4", "v5", + "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", + "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", + "v25", "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#endif /* HAVE_AES_CBC */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC + * HAVE_AES_ECB */ +#endif /* HAVE_AES_DECRYPT */ +#ifdef HAVE_AESGCM +void GCM_gmult_len_NEON(unsigned char* x, const unsigned char* h, + const unsigned char* data, unsigned long len); +void GCM_gmult_len_NEON(unsigned char* x, const unsigned char* h, + const unsigned char* data, unsigned long len) +{ + __asm__ __volatile__ ( + "ld1 {v18.2d}, [%x[x]]\n\t" + "ld1 {v10.2d}, [%x[h]]\n\t" + "movi v19.16b, #15\n\t" + "eor v20.16b, v20.16b, v20.16b\n\t" + "rbit v18.16b, v18.16b\n\t" + "rbit v10.16b, v10.16b\n\t" + "and v12.16b, v10.16b, v19.16b\n\t" + "ushr v13.16b, v10.16b, #4\n\t" + "eor v14.16b, v12.16b, v13.16b\n\t" + "\n" + "L_GCM_gmult_len_NEON_start_block_%=: \n\t" + "ld1 {v0.16b}, [%x[data]], #16\n\t" + "rbit v0.16b, v0.16b\n\t" + "eor v18.16b, v18.16b, v0.16b\n\t" + /* Mul 128x128 */ + "and v15.16b, v18.16b, v19.16b\n\t" + "ushr v16.16b, v18.16b, #4\n\t" + "eor v17.16b, v15.16b, v16.16b\n\t" + "dup v0.16b, v12.b[0]\n\t" + "dup v2.16b, v14.b[0]\n\t" + "dup v1.16b, v13.b[0]\n\t" + "pmul v8.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "dup v0.16b, v12.b[1]\n\t" + "dup v2.16b, v14.b[1]\n\t" + "dup v1.16b, v13.b[1]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v6.16b, v20.16b, v3.16b, #15\n\t" + "ext v9.16b, v3.16b, v20.16b, #15\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[2]\n\t" + "dup v2.16b, v14.b[2]\n\t" + "dup v1.16b, v13.b[2]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #14\n\t" + "ext v6.16b, v20.16b, v3.16b, #14\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[3]\n\t" + "dup v2.16b, v14.b[3]\n\t" + "dup v1.16b, v13.b[3]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #13\n\t" + "ext v6.16b, v20.16b, v3.16b, #13\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[4]\n\t" + "dup v2.16b, v14.b[4]\n\t" + "dup v1.16b, v13.b[4]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #12\n\t" + "ext v6.16b, v20.16b, v3.16b, #12\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[5]\n\t" + "dup v2.16b, v14.b[5]\n\t" + "dup v1.16b, v13.b[5]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #11\n\t" + "ext v6.16b, v20.16b, v3.16b, #11\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[6]\n\t" + "dup v2.16b, v14.b[6]\n\t" + "dup v1.16b, v13.b[6]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #10\n\t" + "ext v6.16b, v20.16b, v3.16b, #10\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[7]\n\t" + "dup v2.16b, v14.b[7]\n\t" + "dup v1.16b, v13.b[7]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #9\n\t" + "ext v6.16b, v20.16b, v3.16b, #9\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[8]\n\t" + "dup v2.16b, v14.b[8]\n\t" + "dup v1.16b, v13.b[8]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #8\n\t" + "ext v6.16b, v20.16b, v3.16b, #8\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[9]\n\t" + "dup v2.16b, v14.b[9]\n\t" + "dup v1.16b, v13.b[9]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #7\n\t" + "ext v6.16b, v20.16b, v3.16b, #7\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[10]\n\t" + "dup v2.16b, v14.b[10]\n\t" + "dup v1.16b, v13.b[10]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #6\n\t" + "ext v6.16b, v20.16b, v3.16b, #6\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[11]\n\t" + "dup v2.16b, v14.b[11]\n\t" + "dup v1.16b, v13.b[11]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #5\n\t" + "ext v6.16b, v20.16b, v3.16b, #5\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[12]\n\t" + "dup v2.16b, v14.b[12]\n\t" + "dup v1.16b, v13.b[12]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #4\n\t" + "ext v6.16b, v20.16b, v3.16b, #4\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[13]\n\t" + "dup v2.16b, v14.b[13]\n\t" + "dup v1.16b, v13.b[13]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #3\n\t" + "ext v6.16b, v20.16b, v3.16b, #3\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[14]\n\t" + "dup v2.16b, v14.b[14]\n\t" + "dup v1.16b, v13.b[14]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #2\n\t" + "ext v6.16b, v20.16b, v3.16b, #2\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[15]\n\t" + "dup v2.16b, v14.b[15]\n\t" + "dup v1.16b, v13.b[15]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #1\n\t" + "ext v6.16b, v20.16b, v3.16b, #1\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + /* Reduce 254-bit number */ + "shl v0.16b, v9.16b, #1\n\t" + "shl v1.16b, v9.16b, #2\n\t" + "shl v2.16b, v9.16b, #7\n\t" + "ushr v3.16b, v9.16b, #7\n\t" + "ushr v4.16b, v9.16b, #6\n\t" + "ushr v5.16b, v9.16b, #1\n\t" + "eor v0.16b, v0.16b, v9.16b\n\t" + "eor v1.16b, v1.16b, v2.16b\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "ext v0.16b, v20.16b, v3.16b, #15\n\t" + "ext v1.16b, v20.16b, v4.16b, #15\n\t" + "ext v2.16b, v20.16b, v5.16b, #15\n\t" + "ext v4.16b, v4.16b, v20.16b, #15\n\t" + "ext v5.16b, v5.16b, v20.16b, #15\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v3.16b, v4.16b, v5.16b\n\t" + "shl v0.2d, v3.2d, #1\n\t" + "shl v1.2d, v3.2d, #2\n\t" + "shl v2.2d, v3.2d, #7\n\t" + "eor v3.16b, v3.16b, v0.16b\n\t" + "eor v1.16b, v1.16b, v2.16b\n\t" + "eor v8.16b, v8.16b, v3.16b\n\t" + "eor v18.16b, v8.16b, v1.16b\n\t" + "subs %x[len], %x[len], #16\n\t" + "b.ne L_GCM_gmult_len_NEON_start_block_%=\n\t" + "rbit v18.16b, v18.16b\n\t" + "st1 {v18.2d}, [%x[x]]\n\t" + : [x] "+r" (x), [len] "+r" (len) + : [h] "r" (h), [data] "r" (data) + : "memory", "cc", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", + "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", + "v19", "v20" + ); +} + +void AES_GCM_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +void AES_GCM_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + __asm__ __volatile__ ( + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[te]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[te]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[te]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[te]]\n\t" + "ld1 {v2.2d}, [%x[ctr]]\n\t" + "rev32 v2.16b, v2.16b\n\t" + "mov w6, v2.s[3]\n\t" + "cmp %x[len], #0x40\n\t" + "b.lt L_AES_GCM_encrypt_NEON_start_2_%=\n\t" + "mov x7, v2.d[0]\n\t" + "mov x8, v2.d[1]\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_loop_4_%=: \n\t" + "mov x12, %x[ks]\n\t" + "ld1 {v4.2d}, [x12], #16\n\t" + "mov v8.d[0], x7\n\t" + "mov v8.d[1], x8\n\t" + /* Round: 0 - XOR in key schedule */ + "add w6, w6, #1\n\t" + "mov v8.s[3], w6\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "add w6, w6, #1\n\t" + "mov v8.s[3], w6\n\t" + "eor v1.16b, v8.16b, v4.16b\n\t" + "add w6, w6, #1\n\t" + "mov v8.s[3], w6\n\t" + "eor v2.16b, v8.16b, v4.16b\n\t" + "add w6, w6, #1\n\t" + "mov v8.s[3], w6\n\t" + "eor v3.16b, v8.16b, v4.16b\n\t" + "sub w11, %w[nr], #2\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x12], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "movi v4.16b, #27\n\t" + "and v8.16b, v8.16b, v4.16b\n\t" + "and v9.16b, v9.16b, v4.16b\n\t" + "and v10.16b, v10.16b, v4.16b\n\t" + "and v11.16b, v11.16b, v4.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "eor v6.16b, v10.16b, v2.16b\n\t" + "eor v7.16b, v11.16b, v3.16b\n\t" + "shl v12.4s, v4.4s, #8\n\t" + "shl v13.4s, v5.4s, #8\n\t" + "shl v14.4s, v6.4s, #8\n\t" + "shl v15.4s, v7.4s, #8\n\t" + "sri v12.4s, v4.4s, #24\n\t" + "sri v13.4s, v5.4s, #24\n\t" + "sri v14.4s, v6.4s, #24\n\t" + "sri v15.4s, v7.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "shl v6.4s, v2.4s, #24\n\t" + "shl v7.4s, v3.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "sri v6.4s, v2.4s, #8\n\t" + "sri v7.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x12], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + /* Round Done */ + "subs w11, w11, #2\n\t" + "b.ne L_AES_GCM_encrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x12], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x12], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[in]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "sub %x[len], %x[len], #0x40\n\t" + "cmp %x[len], #0x40\n\t" + "b.ge L_AES_GCM_encrypt_NEON_loop_4_%=\n\t" + "mov v2.d[0], x7\n\t" + "mov v2.d[1], x8\n\t" + "mov v2.s[3], w6\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_start_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "cmp %x[len], #16\n\t" + "b.eq L_AES_GCM_encrypt_NEON_start_1_%=\n\t" + "b.lt L_AES_GCM_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_loop_2_%=: \n\t" + "mov x12, %x[ks]\n\t" + "ld1 {v4.2d}, [x12], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "add w6, w6, #1\n\t" + "mov v2.s[3], w6\n\t" + "eor v0.16b, v2.16b, v4.16b\n\t" + "add w6, w6, #1\n\t" + "mov v2.s[3], w6\n\t" + "eor v1.16b, v2.16b, v4.16b\n\t" + "sub w11, %w[nr], #2\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_loop_nr_2_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x12], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v10.16b, v0.16b, #1\n\t" + "shl v11.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "shl v10.4s, v4.4s, #8\n\t" + "shl v11.4s, v5.4s, #8\n\t" + "sri v10.4s, v4.4s, #24\n\t" + "sri v11.4s, v5.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x12], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* Round Done */ + "subs w11, w11, #2\n\t" + "b.ne L_AES_GCM_encrypt_NEON_loop_nr_2_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x12], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x12], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "ld1 {v4.16b, v5.16b}, [%x[in]], #32\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "sub %x[len], %x[len], #32\n\t" + "cmp %x[len], #0\n\t" + "b.eq L_AES_GCM_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_start_1_%=: \n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov x12, %x[ks]\n\t" + "add w6, w6, #1\n\t" + "ld1 {v4.2d}, [x12], #16\n\t" + "mov v2.s[3], w6\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v2.16b, v4.16b\n\t" + "sub w11, %w[nr], #2\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x12], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x12], #16\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v0.8h\n\t" + "eor v11.16b, v10.16b, v0.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v0.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v0.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v0.16b, v10.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "subs w11, w11, #2\n\t" + "b.ne L_AES_GCM_encrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x12], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x12], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "ld1 {v4.16b}, [%x[in]], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_data_done_%=: \n\t" + "rev32 v2.16b, v2.16b\n\t" + "st1 {v2.2d}, [%x[ctr]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [ctr] "+r" (ctr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te), [shuffle] "r" (shuffle) + : "memory", "cc", "x6", "x7", "x8", "x11", "x12", "v0", "v1", "v2", + "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", + "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", + "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", + "v31" + ); +} + +#endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AES_XTS +void AES_XTS_encrypt_NEON(const byte* in, byte* out, word32 sz, const byte* i, + byte* key, byte* key2, byte* tmp, int nr) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-32]!\n\t" + "add x29, sp, #0\n\t" + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[te]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[te]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[te]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[te]]\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov x17, #0x87\n\t" + "ld1 {v2.2d}, [%x[i]]\n\t" + "ld1 {v4.2d}, [%x[key2]]\n\t" + "rev32 v2.16b, v2.16b\n\t" + "add x22, %x[key2], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v2.16b, v2.16b, v4.16b\n\t" + "sub w21, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_nr_tweak_%=: \n\t" + "eor v8.16b, v2.16b, v12.16b\n\t" + "eor v9.16b, v2.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v2.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v2.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v2.16b, v2.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v2.16b, v2.16b, v9.16b\n\t" + "tbl v2.16b, {v2.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "shl v9.16b, v2.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v2.8h\n\t" + "eor v11.16b, v10.16b, v2.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v2.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v2.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v2.16b, v10.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v8.16b\n\t" + "subs w21, w21, #2\n\t" + "b.ne L_AES_XTS_encrypt_NEON_loop_nr_tweak_%=\n\t" + "eor v8.16b, v2.16b, v12.16b\n\t" + "eor v9.16b, v2.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v2.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v2.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v2.16b, v2.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v2.16b, v2.16b, v9.16b\n\t" + "tbl v2.16b, {v2.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + /* XOR in Key Schedule */ + "eor v2.16b, v2.16b, v4.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "mov x8, v2.d[0]\n\t" + "mov x9, v2.d[1]\n\t" + "cmp %w[sz], #0x40\n\t" + "b.lt L_AES_XTS_encrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_4_%=: \n\t" + "mov x22, %x[key]\n\t" + "ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[in]], #0x40\n\t" + "ld1 {v4.16b}, [x22], #16\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x11, x9, x8, #63\n\t" + "eor x10, x16, x8, lsl 1\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x13, x11, x10, #63\n\t" + "eor x12, x16, x10, lsl 1\n\t" + "and x16, x17, x13, asr 63\n\t" + "extr x15, x13, x12, #63\n\t" + "eor x14, x16, x12, lsl 1\n\t" + "mov v8.d[0], x8\n\t" + "mov v8.d[1], x9\n\t" + "mov v9.d[0], x10\n\t" + "mov v9.d[1], x11\n\t" + "mov v10.d[0], x12\n\t" + "mov v10.d[1], x13\n\t" + "mov v11.d[0], x14\n\t" + "mov v11.d[1], x15\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "sub w21, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x22], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "movi v4.16b, #27\n\t" + "and v8.16b, v8.16b, v4.16b\n\t" + "and v9.16b, v9.16b, v4.16b\n\t" + "and v10.16b, v10.16b, v4.16b\n\t" + "and v11.16b, v11.16b, v4.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "eor v6.16b, v10.16b, v2.16b\n\t" + "eor v7.16b, v11.16b, v3.16b\n\t" + "shl v12.4s, v4.4s, #8\n\t" + "shl v13.4s, v5.4s, #8\n\t" + "shl v14.4s, v6.4s, #8\n\t" + "shl v15.4s, v7.4s, #8\n\t" + "sri v12.4s, v4.4s, #24\n\t" + "sri v13.4s, v5.4s, #24\n\t" + "sri v14.4s, v6.4s, #24\n\t" + "sri v15.4s, v7.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "shl v6.4s, v2.4s, #24\n\t" + "shl v7.4s, v3.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "sri v6.4s, v2.4s, #8\n\t" + "sri v7.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + /* Round Done */ + "subs w21, w21, #2\n\t" + "b.ne L_AES_XTS_encrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x22], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "mov v8.d[0], x8\n\t" + "mov v8.d[1], x9\n\t" + "mov v9.d[0], x10\n\t" + "mov v9.d[1], x11\n\t" + "mov v10.d[0], x12\n\t" + "mov v10.d[1], x13\n\t" + "mov v11.d[0], x14\n\t" + "mov v11.d[1], x15\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "and x16, x17, x15, asr 63\n\t" + "extr x9, x15, x14, #63\n\t" + "eor x8, x16, x14, lsl 1\n\t" + "sub %w[sz], %w[sz], #0x40\n\t" + "cmp %w[sz], #0x40\n\t" + "b.ge L_AES_XTS_encrypt_NEON_loop_4_%=\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_start_2_%=: \n\t" + "cmp %w[sz], #32\n\t" + "b.lt L_AES_XTS_encrypt_NEON_start_1_%=\n\t" + "mov x22, %x[key]\n\t" + "ld1 {v0.16b, v1.16b}, [%x[in]], #32\n\t" + "ld1 {v4.16b}, [x22], #16\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x11, x9, x8, #63\n\t" + "eor x10, x16, x8, lsl 1\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x13, x11, x10, #63\n\t" + "eor x12, x16, x10, lsl 1\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "mov v3.d[0], x10\n\t" + "mov v3.d[1], x11\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "eor v1.16b, v1.16b, v3.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "sub w21, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_nr_2_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x22], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v10.16b, v0.16b, #1\n\t" + "shl v11.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "shl v10.4s, v4.4s, #8\n\t" + "shl v11.4s, v5.4s, #8\n\t" + "sri v10.4s, v4.4s, #24\n\t" + "sri v11.4s, v5.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* Round Done */ + "subs w21, w21, #2\n\t" + "b.ne L_AES_XTS_encrypt_NEON_loop_nr_2_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x22], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "eor v1.16b, v1.16b, v3.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x9, x11, x10, #63\n\t" + "eor x8, x16, x10, lsl 1\n\t" + "sub %w[sz], %w[sz], #32\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_start_1_%=: \n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "cmp %w[sz], #16\n\t" + "b.lt L_AES_XTS_encrypt_NEON_start_partial_%=\n\t" + "mov x22, %x[key]\n\t" + "ld1 {v0.16b}, [%x[in]], #16\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w21, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v0.8h\n\t" + "eor v11.16b, v10.16b, v0.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v0.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v0.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v0.16b, v10.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "subs w21, w21, #2\n\t" + "b.ne L_AES_XTS_encrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "subs %w[sz], %w[sz], #16\n\t" + "b.eq L_AES_XTS_encrypt_NEON_data_done_%=\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x9, x9, x8, #63\n\t" + "eor x8, x16, x8, lsl 1\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_start_partial_%=: \n\t" + "cbz %w[sz], L_AES_XTS_encrypt_NEON_data_done_%=\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "mov x22, %x[key]\n\t" + "sub %x[out], %x[out], #16\n\t" + "ld1 {v0.16b}, [%x[out]], #16\n\t" + "st1 {v0.2d}, [%x[tmp]]\n\t" + "mov w16, %w[sz]\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_start_byte_%=: \n\t" + "ldrb w10, [%x[tmp]]\n\t" + "ldrb w11, [%x[in]], #1\n\t" + "strb w10, [%x[out]], #1\n\t" + "strb w11, [%x[tmp]], #1\n\t" + "subs w16, w16, #1\n\t" + "b.gt L_AES_XTS_encrypt_NEON_start_byte_%=\n\t" + "sub %x[out], %x[out], %x[sz]\n\t" + "sub %x[tmp], %x[tmp], %x[sz]\n\t" + "sub %x[out], %x[out], #16\n\t" + "ld1 {v0.2d}, [%x[tmp]]\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w21, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_nr_partial_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v0.8h\n\t" + "eor v11.16b, v10.16b, v0.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v0.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v0.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v0.16b, v10.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "subs w21, w21, #2\n\t" + "b.ne L_AES_XTS_encrypt_NEON_loop_nr_partial_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "st1 {v0.16b}, [%x[out]]\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_data_done_%=: \n\t" + "ldp x29, x30, [sp], #32\n\t" + : [out] "+r" (out), [sz] "+r" (sz), [key] "+r" (key), + [key2] "+r" (key2), [tmp] "+r" (tmp), [nr] "+r" (nr) + : [in] "r" (in), [i] "r" (i), [te] "r" (te), [shuffle] "r" (shuffle) + : "memory", "cc", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", + "x16", "x17", "x21", "x22", "v0", "v1", "v2", "v3", "v4", "v5", + "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", + "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", + "v25", "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#ifdef HAVE_AES_DECRYPT +void AES_XTS_decrypt_NEON(const byte* in, byte* out, word32 sz, const byte* i, + byte* key, byte* key2, byte* tmp, int nr) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* td = L_AES_ARM64_NEON_td; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + const word8* invshuffle = L_AES_ARM64_NEON_shift_rows_invshuffle; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-32]!\n\t" + "add x29, sp, #0\n\t" + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[te]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[te]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[te]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[te]]\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov x17, #0x87\n\t" + "ands w19, %w[sz], #15\n\t" + "cset w16, ne\n\t" + "lsl w16, w16, #4\n\t" + "sub %w[sz], %w[sz], w16\n\t" + "ld1 {v2.2d}, [%x[i]]\n\t" + "ld1 {v4.2d}, [%x[key2]]\n\t" + "rev32 v2.16b, v2.16b\n\t" + "add x25, %x[key2], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v2.16b, v2.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_tweak_%=: \n\t" + "eor v8.16b, v2.16b, v12.16b\n\t" + "eor v9.16b, v2.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v2.2d}, [x25], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v2.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v2.16b, v2.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v2.16b, v2.16b, v9.16b\n\t" + "tbl v2.16b, {v2.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "shl v9.16b, v2.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v2.8h\n\t" + "eor v11.16b, v10.16b, v2.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v2.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v2.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v2.16b, v10.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v8.16b\n\t" + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_tweak_%=\n\t" + "eor v8.16b, v2.16b, v12.16b\n\t" + "eor v9.16b, v2.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v2.2d}, [x25], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v2.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v2.16b, v2.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v2.16b, v2.16b, v9.16b\n\t" + "tbl v2.16b, {v2.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v2.16b, v2.16b, v4.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "mov x8, v2.d[0]\n\t" + "mov x9, v2.d[1]\n\t" + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[td]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[td]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[td]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + "ld1 {v3.2d}, [%[invshuffle]]\n\t" + "cmp %w[sz], #0x40\n\t" + "b.lt L_AES_XTS_decrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_4_%=: \n\t" + "mov x25, %x[key]\n\t" + "ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[in]], #0x40\n\t" + "ld1 {v4.16b}, [x25], #16\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x11, x9, x8, #63\n\t" + "eor x10, x16, x8, lsl 1\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x13, x11, x10, #63\n\t" + "eor x12, x16, x10, lsl 1\n\t" + "and x16, x17, x13, asr 63\n\t" + "extr x15, x13, x12, #63\n\t" + "eor x14, x16, x12, lsl 1\n\t" + "mov v8.d[0], x8\n\t" + "mov v8.d[1], x9\n\t" + "mov v9.d[0], x10\n\t" + "mov v9.d[1], x11\n\t" + "mov v10.d[0], x12\n\t" + "mov v10.d[1], x13\n\t" + "mov v11.d[0], x14\n\t" + "mov v11.d[1], x15\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "ushr v14.16b, v6.16b, #6\n\t" + "ushr v15.16b, v7.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "shl v2.16b, v6.16b, #2\n\t" + "shl v3.16b, v7.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "eor v14.16b, v14.16b, v2.16b\n\t" + "eor v15.16b, v15.16b, v3.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "ushr v2.16b, v6.16b, #5\n\t" + "ushr v3.16b, v7.16b, #5\n\t" + "pmul v0.16b, v0.16b, v28.16b\n\t" + "pmul v1.16b, v1.16b, v28.16b\n\t" + "pmul v2.16b, v2.16b, v28.16b\n\t" + "pmul v3.16b, v3.16b, v28.16b\n\t" + "shl v28.16b, v4.16b, #3\n\t" + "shl v29.16b, v5.16b, #3\n\t" + "shl v30.16b, v6.16b, #3\n\t" + "shl v31.16b, v7.16b, #3\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v0.16b\n\t" + "eor v29.16b, v9.16b, v1.16b\n\t" + "eor v30.16b, v10.16b, v2.16b\n\t" + "eor v31.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v10.16b, v14.16b, v2.16b\n\t" + "eor v11.16b, v15.16b, v3.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v4.16b\n\t" + "eor v29.16b, v29.16b, v5.16b\n\t" + "eor v30.16b, v30.16b, v6.16b\n\t" + "eor v31.16b, v31.16b, v7.16b\n\t" + "shl v4.4s, v28.4s, #8\n\t" + "shl v5.4s, v29.4s, #8\n\t" + "shl v6.4s, v30.4s, #8\n\t" + "shl v7.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v4.4s, v28.4s, #24\n\t" + "sri v5.4s, v29.4s, #24\n\t" + "sri v6.4s, v30.4s, #24\n\t" + "sri v7.4s, v31.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + "shl v28.4s, v0.4s, #24\n\t" + "shl v29.4s, v1.4s, #24\n\t" + "shl v30.4s, v2.4s, #24\n\t" + "shl v31.4s, v3.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "sri v28.4s, v0.4s, #8\n\t" + "sri v29.4s, v1.4s, #8\n\t" + "sri v30.4s, v2.4s, #8\n\t" + "sri v31.4s, v3.4s, #8\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x25], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v0.16b, #6\n\t" + "ushr v13.16b, v1.16b, #6\n\t" + "ushr v14.16b, v2.16b, #6\n\t" + "ushr v15.16b, v3.16b, #6\n\t" + "shl v4.16b, v0.16b, #2\n\t" + "shl v5.16b, v1.16b, #2\n\t" + "shl v6.16b, v2.16b, #2\n\t" + "shl v7.16b, v3.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "eor v14.16b, v14.16b, v6.16b\n\t" + "eor v15.16b, v15.16b, v7.16b\n\t" + "ushr v4.16b, v0.16b, #5\n\t" + "ushr v5.16b, v1.16b, #5\n\t" + "ushr v6.16b, v2.16b, #5\n\t" + "ushr v7.16b, v3.16b, #5\n\t" + "pmul v4.16b, v4.16b, v28.16b\n\t" + "pmul v5.16b, v5.16b, v28.16b\n\t" + "pmul v6.16b, v6.16b, v28.16b\n\t" + "pmul v7.16b, v7.16b, v28.16b\n\t" + "shl v28.16b, v0.16b, #3\n\t" + "shl v29.16b, v1.16b, #3\n\t" + "shl v30.16b, v2.16b, #3\n\t" + "shl v31.16b, v3.16b, #3\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v4.16b\n\t" + "eor v29.16b, v9.16b, v5.16b\n\t" + "eor v30.16b, v10.16b, v6.16b\n\t" + "eor v31.16b, v11.16b, v7.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + "eor v8.16b, v12.16b, v4.16b\n\t" + "eor v9.16b, v13.16b, v5.16b\n\t" + "eor v10.16b, v14.16b, v6.16b\n\t" + "eor v11.16b, v15.16b, v7.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v0.16b\n\t" + "eor v29.16b, v29.16b, v1.16b\n\t" + "eor v30.16b, v30.16b, v2.16b\n\t" + "eor v31.16b, v31.16b, v3.16b\n\t" + "shl v0.4s, v28.4s, #8\n\t" + "shl v1.4s, v29.4s, #8\n\t" + "shl v2.4s, v30.4s, #8\n\t" + "shl v3.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v0.4s, v28.4s, #24\n\t" + "sri v1.4s, v29.4s, #24\n\t" + "sri v2.4s, v30.4s, #24\n\t" + "sri v3.4s, v31.4s, #24\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + "shl v28.4s, v4.4s, #24\n\t" + "shl v29.4s, v5.4s, #24\n\t" + "shl v30.4s, v6.4s, #24\n\t" + "shl v31.4s, v7.4s, #24\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "sri v28.4s, v4.4s, #8\n\t" + "sri v29.4s, v5.4s, #8\n\t" + "sri v30.4s, v6.4s, #8\n\t" + "sri v31.4s, v7.4s, #8\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "ushr v14.16b, v6.16b, #6\n\t" + "ushr v15.16b, v7.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "shl v2.16b, v6.16b, #2\n\t" + "shl v3.16b, v7.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "eor v14.16b, v14.16b, v2.16b\n\t" + "eor v15.16b, v15.16b, v3.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "ushr v2.16b, v6.16b, #5\n\t" + "ushr v3.16b, v7.16b, #5\n\t" + "pmul v0.16b, v0.16b, v28.16b\n\t" + "pmul v1.16b, v1.16b, v28.16b\n\t" + "pmul v2.16b, v2.16b, v28.16b\n\t" + "pmul v3.16b, v3.16b, v28.16b\n\t" + "shl v28.16b, v4.16b, #3\n\t" + "shl v29.16b, v5.16b, #3\n\t" + "shl v30.16b, v6.16b, #3\n\t" + "shl v31.16b, v7.16b, #3\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v0.16b\n\t" + "eor v29.16b, v9.16b, v1.16b\n\t" + "eor v30.16b, v10.16b, v2.16b\n\t" + "eor v31.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v10.16b, v14.16b, v2.16b\n\t" + "eor v11.16b, v15.16b, v3.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v4.16b\n\t" + "eor v29.16b, v29.16b, v5.16b\n\t" + "eor v30.16b, v30.16b, v6.16b\n\t" + "eor v31.16b, v31.16b, v7.16b\n\t" + "shl v4.4s, v28.4s, #8\n\t" + "shl v5.4s, v29.4s, #8\n\t" + "shl v6.4s, v30.4s, #8\n\t" + "shl v7.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v4.4s, v28.4s, #24\n\t" + "sri v5.4s, v29.4s, #24\n\t" + "sri v6.4s, v30.4s, #24\n\t" + "sri v7.4s, v31.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + "shl v28.4s, v0.4s, #24\n\t" + "shl v29.4s, v1.4s, #24\n\t" + "shl v30.4s, v2.4s, #24\n\t" + "shl v31.4s, v3.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "sri v28.4s, v0.4s, #8\n\t" + "sri v29.4s, v1.4s, #8\n\t" + "sri v30.4s, v2.4s, #8\n\t" + "sri v31.4s, v3.4s, #8\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x25], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "mov v8.d[0], x8\n\t" + "mov v8.d[1], x9\n\t" + "mov v9.d[0], x10\n\t" + "mov v9.d[1], x11\n\t" + "mov v10.d[0], x12\n\t" + "mov v10.d[1], x13\n\t" + "mov v11.d[0], x14\n\t" + "mov v11.d[1], x15\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "and x16, x17, x15, asr 63\n\t" + "extr x9, x15, x14, #63\n\t" + "eor x8, x16, x14, lsl 1\n\t" + "sub %w[sz], %w[sz], #0x40\n\t" + "cmp %w[sz], #0x40\n\t" + "b.ge L_AES_XTS_decrypt_NEON_loop_4_%=\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_start_2_%=: \n\t" + "cmp %w[sz], #32\n\t" + "b.lt L_AES_XTS_decrypt_NEON_start_1_%=\n\t" + "mov x25, %x[key]\n\t" + "ld1 {v0.16b, v1.16b}, [%x[in]], #32\n\t" + "ld1 {v4.16b}, [x25], #16\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x11, x9, x8, #63\n\t" + "eor x10, x16, x8, lsl 1\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x13, x11, x10, #63\n\t" + "eor x12, x16, x10, lsl 1\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "mov v3.d[0], x10\n\t" + "mov v3.d[1], x11\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "eor v1.16b, v1.16b, v3.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "pmul v0.16b, v0.16b, v10.16b\n\t" + "pmul v1.16b, v1.16b, v10.16b\n\t" + "shl v10.16b, v4.16b, #3\n\t" + "shl v11.16b, v5.16b, #3\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v0.16b\n\t" + "eor v11.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v5.16b\n\t" + "shl v4.4s, v10.4s, #8\n\t" + "shl v5.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v4.4s, v10.4s, #24\n\t" + "sri v5.4s, v11.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "shl v10.4s, v0.4s, #24\n\t" + "shl v11.4s, v1.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "sri v10.4s, v0.4s, #8\n\t" + "sri v11.4s, v1.4s, #8\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x25], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v0.16b, #6\n\t" + "ushr v13.16b, v1.16b, #6\n\t" + "shl v4.16b, v0.16b, #2\n\t" + "shl v5.16b, v1.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "ushr v4.16b, v0.16b, #5\n\t" + "ushr v5.16b, v1.16b, #5\n\t" + "pmul v4.16b, v4.16b, v10.16b\n\t" + "pmul v5.16b, v5.16b, v10.16b\n\t" + "shl v10.16b, v0.16b, #3\n\t" + "shl v11.16b, v1.16b, #3\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v4.16b\n\t" + "eor v11.16b, v9.16b, v5.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v8.16b, v12.16b, v4.16b\n\t" + "eor v9.16b, v13.16b, v5.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v0.16b\n\t" + "eor v11.16b, v11.16b, v1.16b\n\t" + "shl v0.4s, v10.4s, #8\n\t" + "shl v1.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v0.4s, v10.4s, #24\n\t" + "sri v1.4s, v11.4s, #24\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "shl v10.4s, v4.4s, #24\n\t" + "shl v11.4s, v5.4s, #24\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "sri v10.4s, v4.4s, #8\n\t" + "sri v11.4s, v5.4s, #8\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_2_%=\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "pmul v0.16b, v0.16b, v10.16b\n\t" + "pmul v1.16b, v1.16b, v10.16b\n\t" + "shl v10.16b, v4.16b, #3\n\t" + "shl v11.16b, v5.16b, #3\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v0.16b\n\t" + "eor v11.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v5.16b\n\t" + "shl v4.4s, v10.4s, #8\n\t" + "shl v5.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v4.4s, v10.4s, #24\n\t" + "sri v5.4s, v11.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "shl v10.4s, v0.4s, #24\n\t" + "shl v11.4s, v1.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "sri v10.4s, v0.4s, #8\n\t" + "sri v11.4s, v1.4s, #8\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x25], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "eor v1.16b, v1.16b, v3.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x9, x11, x10, #63\n\t" + "eor x8, x16, x10, lsl 1\n\t" + "sub %w[sz], %w[sz], #32\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_start_1_%=: \n\t" + "ld1 {v3.2d}, [%[invshuffle]]\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "cmp %w[sz], #16\n\t" + "b.lt L_AES_XTS_decrypt_NEON_start_partial_%=\n\t" + "mov x25, %x[key]\n\t" + "ld1 {v0.16b}, [%x[in]], #16\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "ushr v11.16b, v0.16b, #6\n\t" + "ushr v8.16b, v0.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v0.16b\n\t" + "shl v0.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v0.4s, v9.4s, #24\n\t" + "eor v0.16b, v0.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v0.16b, v0.16b, v9.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "sub %w[sz], %w[sz], #16\n\t" + "cbz w19, L_AES_XTS_decrypt_NEON_data_done_%=\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x9, x9, x8, #63\n\t" + "eor x8, x16, x8, lsl 1\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_start_partial_%=: \n\t" + "mov %w[sz], w19\n\t" + "cbz %w[sz], L_AES_XTS_decrypt_NEON_data_done_%=\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x11, x9, x8, #63\n\t" + "eor x10, x16, x8, lsl 1\n\t" + "mov v1.d[0], x10\n\t" + "mov v1.d[1], x11\n\t" + "mov x25, %x[key]\n\t" + "ld1 {v0.16b}, [%x[in]], #16\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_partial_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "ushr v11.16b, v0.16b, #6\n\t" + "ushr v8.16b, v0.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v0.16b\n\t" + "shl v0.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v0.4s, v9.4s, #24\n\t" + "eor v0.16b, v0.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v0.16b, v0.16b, v9.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_partial_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "st1 {v0.2d}, [%x[tmp]]\n\t" + "add %x[out], %x[out], #16\n\t" + "mov w16, %w[sz]\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_start_byte_%=: \n\t" + "ldrb w10, [%x[tmp]]\n\t" + "ldrb w11, [%x[in]], #1\n\t" + "strb w10, [%x[out]], #1\n\t" + "strb w11, [%x[tmp]], #1\n\t" + "subs w16, w16, #1\n\t" + "b.gt L_AES_XTS_decrypt_NEON_start_byte_%=\n\t" + "sub %x[out], %x[out], %x[sz]\n\t" + "sub %x[tmp], %x[tmp], %x[sz]\n\t" + "sub %x[out], %x[out], #16\n\t" + "mov x25, %x[key]\n\t" + "ld1 {v0.2d}, [%x[tmp]]\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_partial_2_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "ushr v11.16b, v0.16b, #6\n\t" + "ushr v8.16b, v0.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v0.16b\n\t" + "shl v0.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v0.4s, v9.4s, #24\n\t" + "eor v0.16b, v0.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v0.16b, v0.16b, v9.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_partial_2_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "st1 {v0.16b}, [%x[out]]\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_data_done_%=: \n\t" + "ldp x29, x30, [sp], #32\n\t" + : [out] "+r" (out), [sz] "+r" (sz), [key] "+r" (key), + [key2] "+r" (key2), [tmp] "+r" (tmp), [nr] "+r" (nr) + : [in] "r" (in), [i] "r" (i), [te] "r" (te), [td] "r" (td), + [shuffle] "r" (shuffle), [invshuffle] "r" (invshuffle) + : "memory", "cc", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", + "x16", "x17", "x19", "x24", "x25", "v0", "v1", "v2", "v3", "v4", + "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", + "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", + "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_XTS */ +#endif /* !WOLFSSL_ARMASM_NO_NEON */ +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP +#ifdef HAVE_AES_DECRYPT +static const word32 L_AES_ARM64_td[] = { + 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, + 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, + 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, + 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, + 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0, + 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9, + 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, + 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8, + 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971, + 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, + 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f, + 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b, + 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, + 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab, + 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708, + 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, + 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2, + 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe, + 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, + 0x390b83ec, 0xaa4060ef, 0x065e719f, 0x51bd6e10, + 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd, + 0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015, + 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e, + 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee, + 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000, + 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72, + 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39, + 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, + 0xb10c0a67, 0x0f9357e7, 0xd2b4ee96, 0x9e1b9b91, + 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a, + 0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, + 0x0b0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9, + 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60, + 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, + 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1, + 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611, + 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, + 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3, + 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964, + 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, + 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b, + 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf, + 0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46, + 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af, + 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512, + 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, + 0x09cd2678, 0xf46e5918, 0x01ec9ab7, 0xa8834f9a, + 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8, + 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, + 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266, + 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8, + 0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6, + 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604, + 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551, + 0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, + 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647, + 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c, + 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, + 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737, + 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db, + 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, + 0x72161dc3, 0x0cbce225, 0x8b283c49, 0x41ff0d95, + 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, + 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857, +}; + +#endif /* HAVE_AES_DECRYPT */ +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +static const word32 L_AES_ARM64_te[] = { + 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, + 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, + 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b, + 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, + 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d, + 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0, + 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, + 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0, + 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626, + 0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc, + 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1, + 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515, + 0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, + 0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a, + 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2, + 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, + 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a, + 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0, + 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, + 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484, + 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded, + 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, + 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939, + 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf, + 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, + 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585, + 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f, + 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, + 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f, + 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5, + 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, + 0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2, + 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec, + 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, + 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d, + 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373, + 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, + 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888, + 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414, + 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, + 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a, + 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c, + 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, + 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979, + 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d, + 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, + 0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea, + 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808, + 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, + 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6, + 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f, + 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, + 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666, + 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e, + 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, + 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e, + 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111, + 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, + 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9, + 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf, + 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, + 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868, + 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, + 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, +}; + +#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || + * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +void AES_invert_key(unsigned char* ks, word32 rounds); +void AES_invert_key(unsigned char* ks, word32 rounds) +{ + const word32* te = L_AES_ARM64_te; + const word32* td = L_AES_ARM64_td; + __asm__ __volatile__ ( + "add x12, %x[ks], %x[rounds], lsl 4\n\t" + "mov w13, %w[rounds]\n\t" + "\n" + "L_AES_invert_key_loop_%=: \n\t" + "ldp w4, w5, [%x[ks]]\n\t" + "ldnp w6, w7, [%x[ks], #8]\n\t" + "ldp w8, w9, [x12]\n\t" + "ldnp w10, w11, [x12, #8]\n\t" + "stp w4, w5, [x12]\n\t" + "stnp w6, w7, [x12, #8]\n\t" + "stp w8, w9, [%x[ks]], #8\n\t" + "stp w10, w11, [%x[ks]], #8\n\t" + "subs w13, w13, #2\n\t" + "sub x12, x12, #16\n\t" + "b.ne L_AES_invert_key_loop_%=\n\t" + "sub %x[ks], %x[ks], %x[rounds], lsl 3\n\t" + "add %x[ks], %x[ks], #16\n\t" + "sub w13, %w[rounds], #1\n\t" + "\n" + "L_AES_invert_key_mix_loop_%=: \n\t" + "ldp w4, w5, [%x[ks]]\n\t" + "ldnp w6, w7, [%x[ks], #8]\n\t" + "ubfx w8, w4, #0, #8\n\t" + "ubfx w9, w4, #8, #8\n\t" + "ubfx w10, w4, #16, #8\n\t" + "ubfx w11, w4, #24, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "eor w10, w10, w8, ror 16\n\t" + "eor w10, w10, w9, ror 8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "str w10, [%x[ks]], #4\n\t" + "ubfx w8, w5, #0, #8\n\t" + "ubfx w9, w5, #8, #8\n\t" + "ubfx w10, w5, #16, #8\n\t" + "ubfx w11, w5, #24, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "eor w10, w10, w8, ror 16\n\t" + "eor w10, w10, w9, ror 8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "str w10, [%x[ks]], #4\n\t" + "ubfx w8, w6, #0, #8\n\t" + "ubfx w9, w6, #8, #8\n\t" + "ubfx w10, w6, #16, #8\n\t" + "ubfx w11, w6, #24, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "eor w10, w10, w8, ror 16\n\t" + "eor w10, w10, w9, ror 8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "str w10, [%x[ks]], #4\n\t" + "ubfx w8, w7, #0, #8\n\t" + "ubfx w9, w7, #8, #8\n\t" + "ubfx w10, w7, #16, #8\n\t" + "ubfx w11, w7, #24, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "eor w10, w10, w8, ror 16\n\t" + "eor w10, w10, w9, ror 8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "str w10, [%x[ks]], #4\n\t" + "subs w13, w13, #1\n\t" + "b.ne L_AES_invert_key_mix_loop_%=\n\t" + : [ks] "+r" (ks), [rounds] "+r" (rounds) + : [te] "r" (te), [td] "r" (td) + : "memory", "cc", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", + "x12", "x13" + ); +} + +#endif /* HAVE_AES_DECRYPT */ +static const word32 L_AES_ARM64_rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1b000000, 0x36000000, +}; + +void AES_set_encrypt_key(const unsigned char* key, word32 len, + unsigned char* ks); +void AES_set_encrypt_key(const unsigned char* key, word32 len, + unsigned char* ks) +{ + const word32* rcon = L_AES_ARM64_rcon; + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "cmp %w[len], #0x80\n\t" + "b.eq L_AES_set_encrypt_key_start_128_%=\n\t" + "cmp %w[len], #0xc0\n\t" + "b.eq L_AES_set_encrypt_key_start_192_%=\n\t" + "ldr w6, [%x[key]]\n\t" + "ldr w7, [%x[key], #4]\n\t" + "ldr w8, [%x[key], #8]\n\t" + "ldr w9, [%x[key], #12]\n\t" + "rev w6, w6\n\t" + "rev w7, w7\n\t" + "rev w8, w8\n\t" + "rev w9, w9\n\t" + "stp w6, w7, [%x[ks]], #8\n\t" + "stp w8, w9, [%x[ks]], #8\n\t" + "ldr w6, [%x[key], #16]\n\t" + "ldr w7, [%x[key], #20]\n\t" + "ldr w8, [%x[key], #24]\n\t" + "ldr w9, [%x[key], #28]\n\t" + "rev w6, w6\n\t" + "rev w7, w7\n\t" + "rev w8, w8\n\t" + "rev w9, w9\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "sub %x[ks], %x[ks], #16\n\t" + "mov x4, #6\n\t" + "\n" + "L_AES_set_encrypt_key_loop_256_%=: \n\t" + "ubfx w6, w9, #0, #8\n\t" + "ubfx w7, w9, #8, #8\n\t" + "ubfx w8, w9, #16, #8\n\t" + "ubfx w9, w9, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "eor w3, w9, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "ldr w3, [%[rcon]], #4\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "add %x[ks], %x[ks], #16\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "sub %x[ks], %x[ks], #16\n\t" + "mov w3, w9\n\t" + "ubfx w6, w3, #8, #8\n\t" + "ubfx w7, w3, #16, #8\n\t" + "ubfx w8, w3, #24, #8\n\t" + "ubfx w3, w3, #0, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w3, w3, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w3, [%[te], x3, LSL 0]\n\t" + "eor w3, w3, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "add %x[ks], %x[ks], #16\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "sub %x[ks], %x[ks], #16\n\t" + "subs x4, x4, #1\n\t" + "b.ne L_AES_set_encrypt_key_loop_256_%=\n\t" + "ubfx w6, w9, #0, #8\n\t" + "ubfx w7, w9, #8, #8\n\t" + "ubfx w8, w9, #16, #8\n\t" + "ubfx w9, w9, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "eor w3, w9, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "ldr w3, [%[rcon]], #4\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "add %x[ks], %x[ks], #16\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "sub %x[ks], %x[ks], #16\n\t" + "b L_AES_set_encrypt_key_end_%=\n\t" + "\n" + "L_AES_set_encrypt_key_start_192_%=: \n\t" + "ldr w6, [%x[key]]\n\t" + "ldr w7, [%x[key], #4]\n\t" + "ldr w8, [%x[key], #8]\n\t" + "ldr w9, [%x[key], #12]\n\t" + "ldr w10, [%x[key], #16]\n\t" + "ldr w11, [%x[key], #20]\n\t" + "rev w6, w6\n\t" + "rev w7, w7\n\t" + "rev w8, w8\n\t" + "rev w9, w9\n\t" + "rev w10, w10\n\t" + "rev w11, w11\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "stnp w10, w11, [%x[ks], #16]\n\t" + "mov x4, #7\n\t" + "\n" + "L_AES_set_encrypt_key_loop_192_%=: \n\t" + "ubfx w6, w11, #0, #8\n\t" + "ubfx w7, w11, #8, #8\n\t" + "ubfx w8, w11, #16, #8\n\t" + "ubfx w11, w11, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "eor w3, w11, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "ldp w10, w11, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "ldr w3, [%[rcon]], #4\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "eor w10, w10, w9\n\t" + "eor w11, w11, w10\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "stnp w10, w11, [%x[ks], #16]\n\t" + "subs x4, x4, #1\n\t" + "b.ne L_AES_set_encrypt_key_loop_192_%=\n\t" + "ubfx w6, w11, #0, #8\n\t" + "ubfx w7, w11, #8, #8\n\t" + "ubfx w8, w11, #16, #8\n\t" + "ubfx w11, w11, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "eor w3, w11, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "ldp w10, w11, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "ldr w3, [%[rcon]], #4\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "b L_AES_set_encrypt_key_end_%=\n\t" + "\n" + "L_AES_set_encrypt_key_start_128_%=: \n\t" + "ldr w6, [%x[key]]\n\t" + "ldr w7, [%x[key], #4]\n\t" + "ldr w8, [%x[key], #8]\n\t" + "ldr w9, [%x[key], #12]\n\t" + "rev w6, w6\n\t" + "rev w7, w7\n\t" + "rev w8, w8\n\t" + "rev w9, w9\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "mov x4, #10\n\t" + "\n" + "L_AES_set_encrypt_key_loop_128_%=: \n\t" + "ubfx w6, w9, #0, #8\n\t" + "ubfx w7, w9, #8, #8\n\t" + "ubfx w8, w9, #16, #8\n\t" + "ubfx w9, w9, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "eor w3, w9, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "ldr w3, [%[rcon]], #4\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "subs x4, x4, #1\n\t" + "b.ne L_AES_set_encrypt_key_loop_128_%=\n\t" + "\n" + "L_AES_set_encrypt_key_end_%=: \n\t" + : [len] "+r" (len), [ks] "+r" (ks) + : [key] "r" (key), [rcon] "r" (rcon), [te] "r" (te) + : "memory", "cc", "x3", "x4", "x6", "x7", "x8", "x9", "x10", "x11" + ); +} + +#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_ECB) +void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr) +{ + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "\n" + "L_AES_ECB_encrypt_loop_block_128_%=: \n\t" + "mov x17, %x[ks]\n\t" + "ldr x6, [%x[in]]\n\t" + "ldr x7, [%x[in], #8]\n\t" + "rev32 x6, x6\n\t" + "rev32 x7, x7\n\t" + "ldp x10, x11, [x17], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "sub w16, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_encrypt_loop_nr_%=: \n\t" + "ubfx x10, x6, #48, #8\n\t" + "ubfx x13, x6, #24, #8\n\t" + "ubfx x14, x7, #8, #8\n\t" + "ubfx x15, x7, #32, #8\n\t" + "ldr x8, [%[te]]\n\t" + "ldr x8, [%[te], #64]\n\t" + "ldr x8, [%[te], #128]\n\t" + "ldr x8, [%[te], #192]\n\t" + "ldr x8, [%[te], #256]\n\t" + "ldr x8, [%[te], #320]\n\t" + "ldr x8, [%[te], #384]\n\t" + "ldr x8, [%[te], #448]\n\t" + "ldr x8, [%[te], #512]\n\t" + "ldr x8, [%[te], #576]\n\t" + "ldr x8, [%[te], #640]\n\t" + "ldr x8, [%[te], #704]\n\t" + "ldr x8, [%[te], #768]\n\t" + "ldr x8, [%[te], #832]\n\t" + "ldr x8, [%[te], #896]\n\t" + "ldr x8, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x11, x7, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x6, #56, #8\n\t" + "eor w10, w10, w14, ror 8\n\t" + "ubfx x14, x7, #40, #8\n\t" + "eor w10, w10, w15, ror 16\n\t" + "ubfx x15, x6, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x7, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x7, #24, #8\n\t" + "eor w11, w11, w14, ror 8\n\t" + "ubfx x14, x6, #8, #8\n\t" + "eor w11, w11, w15, ror 16\n\t" + "ubfx x15, x6, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x7, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x6, #16, #8\n\t" + "eor w12, w12, w14, ror 8\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w12, w15, ror 16\n\t" + "ubfx x15, x6, #40, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w8, ror 24\n\t" + "ldp x6, x7, [x17], #16\n\t" + "eor w13, w13, w14, ror 24\n\t" + "eor w13, w13, w15, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x6\n\t" + "eor x11, x11, x7\n\t" + "ubfx x6, x10, #48, #8\n\t" + "ubfx x9, x10, #24, #8\n\t" + "ubfx x14, x11, #8, #8\n\t" + "ubfx x15, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w6, [%[te], x6, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x7, x11, #16, #8\n\t" + "eor w6, w6, w9, ror 24\n\t" + "ubfx x9, x10, #56, #8\n\t" + "eor w6, w6, w14, ror 8\n\t" + "ubfx x14, x11, #40, #8\n\t" + "eor w6, w6, w15, ror 16\n\t" + "ubfx x15, x10, #0, #8\n\t" + "ldr w7, [%[te], x7, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x11, #48, #8\n\t" + "eor w7, w7, w9, ror 24\n\t" + "ubfx x9, x11, #24, #8\n\t" + "eor w7, w7, w14, ror 8\n\t" + "ubfx x14, x10, #8, #8\n\t" + "eor w7, w7, w15, ror 16\n\t" + "ubfx x15, x10, #32, #8\n\t" + "bfi x6, x7, #32, #32\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w8, w8, w9, ror 24\n\t" + "ubfx x9, x10, #16, #8\n\t" + "eor w8, w8, w14, ror 8\n\t" + "ubfx x14, x11, #56, #8\n\t" + "eor w7, w8, w15, ror 16\n\t" + "ubfx x15, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w12, ror 24\n\t" + "ldp x10, x11, [x17], #16\n\t" + "eor w9, w9, w14, ror 24\n\t" + "eor w9, w9, w15, ror 8\n\t" + "bfi x7, x9, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "subs w16, w16, #2\n\t" + "b.ne L_AES_ECB_encrypt_loop_nr_%=\n\t" + "ubfx x10, x6, #48, #8\n\t" + "ubfx x13, x6, #24, #8\n\t" + "ubfx x14, x7, #8, #8\n\t" + "ubfx x15, x7, #32, #8\n\t" + "ldr x8, [%[te]]\n\t" + "ldr x8, [%[te], #64]\n\t" + "ldr x8, [%[te], #128]\n\t" + "ldr x8, [%[te], #192]\n\t" + "ldr x8, [%[te], #256]\n\t" + "ldr x8, [%[te], #320]\n\t" + "ldr x8, [%[te], #384]\n\t" + "ldr x8, [%[te], #448]\n\t" + "ldr x8, [%[te], #512]\n\t" + "ldr x8, [%[te], #576]\n\t" + "ldr x8, [%[te], #640]\n\t" + "ldr x8, [%[te], #704]\n\t" + "ldr x8, [%[te], #768]\n\t" + "ldr x8, [%[te], #832]\n\t" + "ldr x8, [%[te], #896]\n\t" + "ldr x8, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x11, x7, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x6, #56, #8\n\t" + "eor w10, w10, w14, ror 8\n\t" + "ubfx x14, x7, #40, #8\n\t" + "eor w10, w10, w15, ror 16\n\t" + "ubfx x15, x6, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x7, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x7, #24, #8\n\t" + "eor w11, w11, w14, ror 8\n\t" + "ubfx x14, x6, #8, #8\n\t" + "eor w11, w11, w15, ror 16\n\t" + "ubfx x15, x6, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x7, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x6, #16, #8\n\t" + "eor w12, w12, w14, ror 8\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w12, w15, ror 16\n\t" + "ubfx x15, x6, #40, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w8, ror 24\n\t" + "ldp x6, x7, [x17], #16\n\t" + "eor w13, w13, w14, ror 24\n\t" + "eor w13, w13, w15, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x6\n\t" + "eor x11, x11, x7\n\t" + "ubfx x6, x11, #32, #8\n\t" + "ubfx x9, x11, #8, #8\n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x15, x10, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldr x13, [%[te]]\n\t" + "ldr x13, [%[te], #64]\n\t" + "ldr x13, [%[te], #128]\n\t" + "ldr x13, [%[te], #192]\n\t" + "ldr x13, [%[te], #256]\n\t" + "ldr x13, [%[te], #320]\n\t" + "ldr x13, [%[te], #384]\n\t" + "ldr x13, [%[te], #448]\n\t" + "ldr x13, [%[te], #512]\n\t" + "ldr x13, [%[te], #576]\n\t" + "ldr x13, [%[te], #640]\n\t" + "ldr x13, [%[te], #704]\n\t" + "ldr x13, [%[te], #768]\n\t" + "ldr x13, [%[te], #832]\n\t" + "ldr x13, [%[te], #896]\n\t" + "ldr x13, [%[te], #960]\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x7, x10, #0, #8\n\t" + "eor w6, w6, w9, lsl 8\n\t" + "ubfx x9, x11, #40, #8\n\t" + "eor w6, w6, w14, lsl 16\n\t" + "ubfx x14, x11, #16, #8\n\t" + "eor w6, w6, w15, lsl 24\n\t" + "ubfx x15, x10, #56, #8\n\t" + "lsl w7, w7, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x8, x10, #32, #8\n\t" + "eor w7, w7, w9, lsl 8\n\t" + "ubfx x9, x10, #8, #8\n\t" + "eor w7, w7, w14, lsl 16\n\t" + "ubfx x14, x11, #48, #8\n\t" + "eor w7, w7, w15, lsl 24\n\t" + "ubfx x15, x11, #24, #8\n\t" + "bfi x6, x7, #32, #32\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x13, x11, #56, #8\n\t" + "eor w8, w8, w9, lsl 8\n\t" + "ubfx x9, x11, #0, #8\n\t" + "eor w8, w8, w14, lsl 16\n\t" + "ubfx x14, x10, #40, #8\n\t" + "eor w7, w8, w15, lsl 24\n\t" + "ubfx x15, x10, #16, #8\n\t" + "lsl w13, w13, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "eor w14, w14, w13, lsl 16\n\t" + "ldp x10, x11, [x17]\n\t" + "eor w9, w9, w14, lsl 8\n\t" + "eor w9, w9, w15, lsl 16\n\t" + "bfi x7, x9, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "rev32 x6, x6\n\t" + "rev32 x7, x7\n\t" + "str x6, [%x[out]]\n\t" + "str x7, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_ECB_encrypt_loop_block_128_%=\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te) + : "memory", "cc", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", + "x14", "x15", "x16", "x17" + ); +} + +#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || + * WOLFSSL_AES_COUNTER || HAVE_AES_ECB */ +#ifdef HAVE_AES_CBC +void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv) +{ + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "ldp x7, x8, [%x[iv]]\n\t" + "\n" + "L_AES_CBC_encrypt_loop_block_%=: \n\t" + "mov x19, %x[ks]\n\t" + "ldr x11, [%x[in]]\n\t" + "ldr x12, [%x[in], #8]\n\t" + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "rev32 x7, x7\n\t" + "rev32 x8, x8\n\t" + "ldp x11, x12, [x19], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "sub w17, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_encrypt_loop_nr_%=: \n\t" + "ubfx x11, x7, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x15, x8, #8, #8\n\t" + "ubfx x16, x8, #32, #8\n\t" + "ldr x9, [%[te]]\n\t" + "ldr x9, [%[te], #64]\n\t" + "ldr x9, [%[te], #128]\n\t" + "ldr x9, [%[te], #192]\n\t" + "ldr x9, [%[te], #256]\n\t" + "ldr x9, [%[te], #320]\n\t" + "ldr x9, [%[te], #384]\n\t" + "ldr x9, [%[te], #448]\n\t" + "ldr x9, [%[te], #512]\n\t" + "ldr x9, [%[te], #576]\n\t" + "ldr x9, [%[te], #640]\n\t" + "ldr x9, [%[te], #704]\n\t" + "ldr x9, [%[te], #768]\n\t" + "ldr x9, [%[te], #832]\n\t" + "ldr x9, [%[te], #896]\n\t" + "ldr x9, [%[te], #960]\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x12, x8, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w15, ror 8\n\t" + "ubfx x15, x8, #40, #8\n\t" + "eor w11, w11, w16, ror 16\n\t" + "ubfx x16, x7, #0, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x13, x8, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w15, ror 8\n\t" + "ubfx x15, x7, #8, #8\n\t" + "eor w12, w12, w16, ror 16\n\t" + "ubfx x16, x7, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x9, x8, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x7, #16, #8\n\t" + "eor w13, w13, w15, ror 8\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w13, w16, ror 16\n\t" + "ubfx x16, x7, #40, #8\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "eor w15, w15, w9, ror 24\n\t" + "ldp x7, x8, [x19], #16\n\t" + "eor w14, w14, w15, ror 24\n\t" + "eor w14, w14, w16, ror 8\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x11, #48, #8\n\t" + "ubfx x10, x11, #24, #8\n\t" + "ubfx x15, x12, #8, #8\n\t" + "ubfx x16, x12, #32, #8\n\t" + "ldr x13, [%[te]]\n\t" + "ldr x13, [%[te], #64]\n\t" + "ldr x13, [%[te], #128]\n\t" + "ldr x13, [%[te], #192]\n\t" + "ldr x13, [%[te], #256]\n\t" + "ldr x13, [%[te], #320]\n\t" + "ldr x13, [%[te], #384]\n\t" + "ldr x13, [%[te], #448]\n\t" + "ldr x13, [%[te], #512]\n\t" + "ldr x13, [%[te], #576]\n\t" + "ldr x13, [%[te], #640]\n\t" + "ldr x13, [%[te], #704]\n\t" + "ldr x13, [%[te], #768]\n\t" + "ldr x13, [%[te], #832]\n\t" + "ldr x13, [%[te], #896]\n\t" + "ldr x13, [%[te], #960]\n\t" + "ldr w7, [%[te], x7, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x8, x12, #16, #8\n\t" + "eor w7, w7, w10, ror 24\n\t" + "ubfx x10, x11, #56, #8\n\t" + "eor w7, w7, w15, ror 8\n\t" + "ubfx x15, x12, #40, #8\n\t" + "eor w7, w7, w16, ror 16\n\t" + "ubfx x16, x11, #0, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x9, x12, #48, #8\n\t" + "eor w8, w8, w10, ror 24\n\t" + "ubfx x10, x12, #24, #8\n\t" + "eor w8, w8, w15, ror 8\n\t" + "ubfx x15, x11, #8, #8\n\t" + "eor w8, w8, w16, ror 16\n\t" + "ubfx x16, x11, #32, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x13, x12, #0, #8\n\t" + "eor w9, w9, w10, ror 24\n\t" + "ubfx x10, x11, #16, #8\n\t" + "eor w9, w9, w15, ror 8\n\t" + "ubfx x15, x12, #56, #8\n\t" + "eor w8, w9, w16, ror 16\n\t" + "ubfx x16, x11, #40, #8\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "eor w15, w15, w13, ror 24\n\t" + "ldp x11, x12, [x19], #16\n\t" + "eor w10, w10, w15, ror 24\n\t" + "eor w10, w10, w16, ror 8\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "subs w17, w17, #2\n\t" + "b.ne L_AES_CBC_encrypt_loop_nr_%=\n\t" + "ubfx x11, x7, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x15, x8, #8, #8\n\t" + "ubfx x16, x8, #32, #8\n\t" + "ldr x9, [%[te]]\n\t" + "ldr x9, [%[te], #64]\n\t" + "ldr x9, [%[te], #128]\n\t" + "ldr x9, [%[te], #192]\n\t" + "ldr x9, [%[te], #256]\n\t" + "ldr x9, [%[te], #320]\n\t" + "ldr x9, [%[te], #384]\n\t" + "ldr x9, [%[te], #448]\n\t" + "ldr x9, [%[te], #512]\n\t" + "ldr x9, [%[te], #576]\n\t" + "ldr x9, [%[te], #640]\n\t" + "ldr x9, [%[te], #704]\n\t" + "ldr x9, [%[te], #768]\n\t" + "ldr x9, [%[te], #832]\n\t" + "ldr x9, [%[te], #896]\n\t" + "ldr x9, [%[te], #960]\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x12, x8, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w15, ror 8\n\t" + "ubfx x15, x8, #40, #8\n\t" + "eor w11, w11, w16, ror 16\n\t" + "ubfx x16, x7, #0, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x13, x8, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w15, ror 8\n\t" + "ubfx x15, x7, #8, #8\n\t" + "eor w12, w12, w16, ror 16\n\t" + "ubfx x16, x7, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x9, x8, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x7, #16, #8\n\t" + "eor w13, w13, w15, ror 8\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w13, w16, ror 16\n\t" + "ubfx x16, x7, #40, #8\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "eor w15, w15, w9, ror 24\n\t" + "ldp x7, x8, [x19], #16\n\t" + "eor w14, w14, w15, ror 24\n\t" + "eor w14, w14, w16, ror 8\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x12, #32, #8\n\t" + "ubfx x10, x12, #8, #8\n\t" + "ubfx x15, x11, #48, #8\n\t" + "ubfx x16, x11, #24, #8\n\t" + "lsl w7, w7, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w15, w15, #2\n\t" + "lsl w16, w16, #2\n\t" + "ldr x14, [%[te]]\n\t" + "ldr x14, [%[te], #64]\n\t" + "ldr x14, [%[te], #128]\n\t" + "ldr x14, [%[te], #192]\n\t" + "ldr x14, [%[te], #256]\n\t" + "ldr x14, [%[te], #320]\n\t" + "ldr x14, [%[te], #384]\n\t" + "ldr x14, [%[te], #448]\n\t" + "ldr x14, [%[te], #512]\n\t" + "ldr x14, [%[te], #576]\n\t" + "ldr x14, [%[te], #640]\n\t" + "ldr x14, [%[te], #704]\n\t" + "ldr x14, [%[te], #768]\n\t" + "ldr x14, [%[te], #832]\n\t" + "ldr x14, [%[te], #896]\n\t" + "ldr x14, [%[te], #960]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ldrb w16, [%[te], x16, LSL 0]\n\t" + "ubfx x8, x11, #0, #8\n\t" + "eor w7, w7, w10, lsl 8\n\t" + "ubfx x10, x12, #40, #8\n\t" + "eor w7, w7, w15, lsl 16\n\t" + "ubfx x15, x12, #16, #8\n\t" + "eor w7, w7, w16, lsl 24\n\t" + "ubfx x16, x11, #56, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w15, w15, #2\n\t" + "lsl w16, w16, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ldrb w16, [%[te], x16, LSL 0]\n\t" + "ubfx x9, x11, #32, #8\n\t" + "eor w8, w8, w10, lsl 8\n\t" + "ubfx x10, x11, #8, #8\n\t" + "eor w8, w8, w15, lsl 16\n\t" + "ubfx x15, x12, #48, #8\n\t" + "eor w8, w8, w16, lsl 24\n\t" + "ubfx x16, x12, #24, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w15, w15, #2\n\t" + "lsl w16, w16, #2\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ldrb w16, [%[te], x16, LSL 0]\n\t" + "ubfx x14, x12, #56, #8\n\t" + "eor w9, w9, w10, lsl 8\n\t" + "ubfx x10, x12, #0, #8\n\t" + "eor w9, w9, w15, lsl 16\n\t" + "ubfx x15, x11, #40, #8\n\t" + "eor w8, w9, w16, lsl 24\n\t" + "ubfx x16, x11, #16, #8\n\t" + "lsl w14, w14, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w15, w15, #2\n\t" + "lsl w16, w16, #2\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ldrb w16, [%[te], x16, LSL 0]\n\t" + "eor w15, w15, w14, lsl 16\n\t" + "ldp x11, x12, [x19]\n\t" + "eor w10, w10, w15, lsl 8\n\t" + "eor w10, w10, w16, lsl 16\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "rev32 x7, x7\n\t" + "rev32 x8, x8\n\t" + "str x7, [%x[out]]\n\t" + "str x8, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_CBC_encrypt_loop_block_%=\n\t" + "stp x7, x8, [%x[iv]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [iv] "+r" (iv) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te) + : "memory", "cc", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", + "x15", "x16", "x17", "x19" + ); +} + +#endif /* HAVE_AES_CBC */ +#ifdef WOLFSSL_AES_COUNTER +void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr) +{ + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "ldp x15, x16, [%x[ctr]]\n\t" + "rev32 x15, x15\n\t" + "rev32 x16, x16\n\t" + "\n" + "L_AES_CTR_encrypt_loop_block_128_%=: \n\t" + "mov x21, %x[ks]\n\t" + "ldp x11, x12, [x21], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x7, x15, x11\n\t" + "eor x8, x16, x12\n\t" + "sub w20, %w[nr], #2\n\t" + "\n" + "L_AES_CTR_encrypt_loop_nr_%=: \n\t" + "ubfx x11, x7, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x17, x8, #8, #8\n\t" + "ubfx x19, x8, #32, #8\n\t" + "ldr x9, [%[te]]\n\t" + "ldr x9, [%[te], #64]\n\t" + "ldr x9, [%[te], #128]\n\t" + "ldr x9, [%[te], #192]\n\t" + "ldr x9, [%[te], #256]\n\t" + "ldr x9, [%[te], #320]\n\t" + "ldr x9, [%[te], #384]\n\t" + "ldr x9, [%[te], #448]\n\t" + "ldr x9, [%[te], #512]\n\t" + "ldr x9, [%[te], #576]\n\t" + "ldr x9, [%[te], #640]\n\t" + "ldr x9, [%[te], #704]\n\t" + "ldr x9, [%[te], #768]\n\t" + "ldr x9, [%[te], #832]\n\t" + "ldr x9, [%[te], #896]\n\t" + "ldr x9, [%[te], #960]\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x12, x8, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w17, ror 8\n\t" + "ubfx x17, x8, #40, #8\n\t" + "eor w11, w11, w19, ror 16\n\t" + "ubfx x19, x7, #0, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x13, x8, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w17, ror 8\n\t" + "ubfx x17, x7, #8, #8\n\t" + "eor w12, w12, w19, ror 16\n\t" + "ubfx x19, x7, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x9, x8, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x7, #16, #8\n\t" + "eor w13, w13, w17, ror 8\n\t" + "ubfx x17, x8, #56, #8\n\t" + "eor w12, w13, w19, ror 16\n\t" + "ubfx x19, x7, #40, #8\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "eor w17, w17, w9, ror 24\n\t" + "ldp x7, x8, [x21], #16\n\t" + "eor w14, w14, w17, ror 24\n\t" + "eor w14, w14, w19, ror 8\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x11, #48, #8\n\t" + "ubfx x10, x11, #24, #8\n\t" + "ubfx x17, x12, #8, #8\n\t" + "ubfx x19, x12, #32, #8\n\t" + "ldr x13, [%[te]]\n\t" + "ldr x13, [%[te], #64]\n\t" + "ldr x13, [%[te], #128]\n\t" + "ldr x13, [%[te], #192]\n\t" + "ldr x13, [%[te], #256]\n\t" + "ldr x13, [%[te], #320]\n\t" + "ldr x13, [%[te], #384]\n\t" + "ldr x13, [%[te], #448]\n\t" + "ldr x13, [%[te], #512]\n\t" + "ldr x13, [%[te], #576]\n\t" + "ldr x13, [%[te], #640]\n\t" + "ldr x13, [%[te], #704]\n\t" + "ldr x13, [%[te], #768]\n\t" + "ldr x13, [%[te], #832]\n\t" + "ldr x13, [%[te], #896]\n\t" + "ldr x13, [%[te], #960]\n\t" + "ldr w7, [%[te], x7, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x8, x12, #16, #8\n\t" + "eor w7, w7, w10, ror 24\n\t" + "ubfx x10, x11, #56, #8\n\t" + "eor w7, w7, w17, ror 8\n\t" + "ubfx x17, x12, #40, #8\n\t" + "eor w7, w7, w19, ror 16\n\t" + "ubfx x19, x11, #0, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x9, x12, #48, #8\n\t" + "eor w8, w8, w10, ror 24\n\t" + "ubfx x10, x12, #24, #8\n\t" + "eor w8, w8, w17, ror 8\n\t" + "ubfx x17, x11, #8, #8\n\t" + "eor w8, w8, w19, ror 16\n\t" + "ubfx x19, x11, #32, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x13, x12, #0, #8\n\t" + "eor w9, w9, w10, ror 24\n\t" + "ubfx x10, x11, #16, #8\n\t" + "eor w9, w9, w17, ror 8\n\t" + "ubfx x17, x12, #56, #8\n\t" + "eor w8, w9, w19, ror 16\n\t" + "ubfx x19, x11, #40, #8\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "eor w17, w17, w13, ror 24\n\t" + "ldp x11, x12, [x21], #16\n\t" + "eor w10, w10, w17, ror 24\n\t" + "eor w10, w10, w19, ror 8\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "subs w20, w20, #2\n\t" + "b.ne L_AES_CTR_encrypt_loop_nr_%=\n\t" + "ubfx x11, x7, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x17, x8, #8, #8\n\t" + "ubfx x19, x8, #32, #8\n\t" + "ldr x9, [%[te]]\n\t" + "ldr x9, [%[te], #64]\n\t" + "ldr x9, [%[te], #128]\n\t" + "ldr x9, [%[te], #192]\n\t" + "ldr x9, [%[te], #256]\n\t" + "ldr x9, [%[te], #320]\n\t" + "ldr x9, [%[te], #384]\n\t" + "ldr x9, [%[te], #448]\n\t" + "ldr x9, [%[te], #512]\n\t" + "ldr x9, [%[te], #576]\n\t" + "ldr x9, [%[te], #640]\n\t" + "ldr x9, [%[te], #704]\n\t" + "ldr x9, [%[te], #768]\n\t" + "ldr x9, [%[te], #832]\n\t" + "ldr x9, [%[te], #896]\n\t" + "ldr x9, [%[te], #960]\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x12, x8, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w17, ror 8\n\t" + "ubfx x17, x8, #40, #8\n\t" + "eor w11, w11, w19, ror 16\n\t" + "ubfx x19, x7, #0, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x13, x8, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w17, ror 8\n\t" + "ubfx x17, x7, #8, #8\n\t" + "eor w12, w12, w19, ror 16\n\t" + "ubfx x19, x7, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x9, x8, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x7, #16, #8\n\t" + "eor w13, w13, w17, ror 8\n\t" + "ubfx x17, x8, #56, #8\n\t" + "eor w12, w13, w19, ror 16\n\t" + "ubfx x19, x7, #40, #8\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "eor w17, w17, w9, ror 24\n\t" + "ldp x7, x8, [x21], #16\n\t" + "eor w14, w14, w17, ror 24\n\t" + "eor w14, w14, w19, ror 8\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x12, #32, #8\n\t" + "ubfx x10, x12, #8, #8\n\t" + "ubfx x17, x11, #48, #8\n\t" + "ubfx x19, x11, #24, #8\n\t" + "lsl w7, w7, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w17, w17, #2\n\t" + "lsl w19, w19, #2\n\t" + "ldr x14, [%[te]]\n\t" + "ldr x14, [%[te], #64]\n\t" + "ldr x14, [%[te], #128]\n\t" + "ldr x14, [%[te], #192]\n\t" + "ldr x14, [%[te], #256]\n\t" + "ldr x14, [%[te], #320]\n\t" + "ldr x14, [%[te], #384]\n\t" + "ldr x14, [%[te], #448]\n\t" + "ldr x14, [%[te], #512]\n\t" + "ldr x14, [%[te], #576]\n\t" + "ldr x14, [%[te], #640]\n\t" + "ldr x14, [%[te], #704]\n\t" + "ldr x14, [%[te], #768]\n\t" + "ldr x14, [%[te], #832]\n\t" + "ldr x14, [%[te], #896]\n\t" + "ldr x14, [%[te], #960]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ubfx x8, x11, #0, #8\n\t" + "eor w7, w7, w10, lsl 8\n\t" + "ubfx x10, x12, #40, #8\n\t" + "eor w7, w7, w17, lsl 16\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w7, w7, w19, lsl 24\n\t" + "ubfx x19, x11, #56, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w17, w17, #2\n\t" + "lsl w19, w19, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ubfx x9, x11, #32, #8\n\t" + "eor w8, w8, w10, lsl 8\n\t" + "ubfx x10, x11, #8, #8\n\t" + "eor w8, w8, w17, lsl 16\n\t" + "ubfx x17, x12, #48, #8\n\t" + "eor w8, w8, w19, lsl 24\n\t" + "ubfx x19, x12, #24, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w17, w17, #2\n\t" + "lsl w19, w19, #2\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ubfx x14, x12, #56, #8\n\t" + "eor w9, w9, w10, lsl 8\n\t" + "ubfx x10, x12, #0, #8\n\t" + "eor w9, w9, w17, lsl 16\n\t" + "ubfx x17, x11, #40, #8\n\t" + "eor w8, w9, w19, lsl 24\n\t" + "ubfx x19, x11, #16, #8\n\t" + "lsl w14, w14, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w17, w17, #2\n\t" + "lsl w19, w19, #2\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "eor w17, w17, w14, lsl 16\n\t" + "ldp x11, x12, [x21]\n\t" + "eor w10, w10, w17, lsl 8\n\t" + "eor w10, w10, w19, lsl 16\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "rev32 x7, x7\n\t" + "rev32 x8, x8\n\t" + "ldr x11, [%x[in]]\n\t" + "ldr x12, [%x[in], #8]\n\t" + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "str x7, [%x[out]]\n\t" + "str x8, [%x[out], #8]\n\t" + "ror x16, x16, #32\n\t" + "ror x15, x15, #32\n\t" + "adds x16, x16, #1\n\t" + "adc x15, x15, xzr\n\t" + "ror x16, x16, #32\n\t" + "ror x15, x15, #32\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_CTR_encrypt_loop_block_128_%=\n\t" + "rev32 x15, x15\n\t" + "rev32 x16, x16\n\t" + "stp x15, x16, [%x[ctr]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [ctr] "+r" (ctr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te) + : "memory", "cc", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", + "x15", "x16", "x17", "x19", "x20", "x21" + ); +} + +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +static const word8 L_AES_ARM64_td4[] = { + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, + 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, + 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, + 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, + 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, + 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, + 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, + 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, + 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, + 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, + 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, + 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, + 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, + 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, + 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, + 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d, +}; + +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) +void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr) +{ + const word32* td = L_AES_ARM64_td; + const word8* td4 = L_AES_ARM64_td4; + __asm__ __volatile__ ( + "\n" + "L_AES_ECB_decrypt_loop_block_%=: \n\t" + "mov x19, %x[ks]\n\t" + "ldr x7, [%x[in]]\n\t" + "ldr x8, [%x[in], #8]\n\t" + "rev32 x7, x7\n\t" + "rev32 x8, x8\n\t" + "ldp x11, x12, [x19], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "sub w17, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_decrypt_loop_nr_%=: \n\t" + "ubfx x11, x8, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x15, x8, #8, #8\n\t" + "ubfx x16, x7, #32, #8\n\t" + "ldr x9, [%[td]]\n\t" + "ldr x9, [%[td], #64]\n\t" + "ldr x9, [%[td], #128]\n\t" + "ldr x9, [%[td], #192]\n\t" + "ldr x9, [%[td], #256]\n\t" + "ldr x9, [%[td], #320]\n\t" + "ldr x9, [%[td], #384]\n\t" + "ldr x9, [%[td], #448]\n\t" + "ldr x9, [%[td], #512]\n\t" + "ldr x9, [%[td], #576]\n\t" + "ldr x9, [%[td], #640]\n\t" + "ldr x9, [%[td], #704]\n\t" + "ldr x9, [%[td], #768]\n\t" + "ldr x9, [%[td], #832]\n\t" + "ldr x9, [%[td], #896]\n\t" + "ldr x9, [%[td], #960]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x12, x7, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w15, ror 8\n\t" + "ubfx x15, x8, #40, #8\n\t" + "eor w11, w11, w16, ror 16\n\t" + "ubfx x16, x8, #0, #8\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x13, x7, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w15, ror 8\n\t" + "ubfx x15, x7, #8, #8\n\t" + "eor w12, w12, w16, ror 16\n\t" + "ubfx x16, x8, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x9, x7, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x8, #16, #8\n\t" + "eor w13, w13, w15, ror 8\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w13, w16, ror 16\n\t" + "ubfx x16, x7, #40, #8\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "eor w15, w15, w9, ror 24\n\t" + "ldp x7, x8, [x19], #16\n\t" + "eor w14, w14, w16, ror 8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x12, #48, #8\n\t" + "ubfx x10, x11, #24, #8\n\t" + "ubfx x15, x12, #8, #8\n\t" + "ubfx x16, x11, #32, #8\n\t" + "ldr x13, [%[td]]\n\t" + "ldr x13, [%[td], #64]\n\t" + "ldr x13, [%[td], #128]\n\t" + "ldr x13, [%[td], #192]\n\t" + "ldr x13, [%[td], #256]\n\t" + "ldr x13, [%[td], #320]\n\t" + "ldr x13, [%[td], #384]\n\t" + "ldr x13, [%[td], #448]\n\t" + "ldr x13, [%[td], #512]\n\t" + "ldr x13, [%[td], #576]\n\t" + "ldr x13, [%[td], #640]\n\t" + "ldr x13, [%[td], #704]\n\t" + "ldr x13, [%[td], #768]\n\t" + "ldr x13, [%[td], #832]\n\t" + "ldr x13, [%[td], #896]\n\t" + "ldr x13, [%[td], #960]\n\t" + "ldr w7, [%[td], x7, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x8, x11, #16, #8\n\t" + "eor w7, w7, w10, ror 24\n\t" + "ubfx x10, x11, #56, #8\n\t" + "eor w7, w7, w15, ror 8\n\t" + "ubfx x15, x12, #40, #8\n\t" + "eor w7, w7, w16, ror 16\n\t" + "ubfx x16, x12, #0, #8\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x9, x11, #48, #8\n\t" + "eor w8, w8, w10, ror 24\n\t" + "ubfx x10, x12, #24, #8\n\t" + "eor w8, w8, w15, ror 8\n\t" + "ubfx x15, x11, #8, #8\n\t" + "eor w8, w8, w16, ror 16\n\t" + "ubfx x16, x12, #32, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x13, x11, #0, #8\n\t" + "eor w9, w9, w10, ror 24\n\t" + "ubfx x10, x12, #16, #8\n\t" + "eor w9, w9, w15, ror 8\n\t" + "ubfx x15, x12, #56, #8\n\t" + "eor w8, w9, w16, ror 16\n\t" + "ubfx x16, x11, #40, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "eor w15, w15, w13, ror 24\n\t" + "ldp x11, x12, [x19], #16\n\t" + "eor w10, w10, w16, ror 8\n\t" + "eor w10, w10, w15, ror 24\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "subs w17, w17, #2\n\t" + "b.ne L_AES_ECB_decrypt_loop_nr_%=\n\t" + "ubfx x11, x8, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x15, x8, #8, #8\n\t" + "ubfx x16, x7, #32, #8\n\t" + "ldr x9, [%[td]]\n\t" + "ldr x9, [%[td], #64]\n\t" + "ldr x9, [%[td], #128]\n\t" + "ldr x9, [%[td], #192]\n\t" + "ldr x9, [%[td], #256]\n\t" + "ldr x9, [%[td], #320]\n\t" + "ldr x9, [%[td], #384]\n\t" + "ldr x9, [%[td], #448]\n\t" + "ldr x9, [%[td], #512]\n\t" + "ldr x9, [%[td], #576]\n\t" + "ldr x9, [%[td], #640]\n\t" + "ldr x9, [%[td], #704]\n\t" + "ldr x9, [%[td], #768]\n\t" + "ldr x9, [%[td], #832]\n\t" + "ldr x9, [%[td], #896]\n\t" + "ldr x9, [%[td], #960]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x12, x7, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w15, ror 8\n\t" + "ubfx x15, x8, #40, #8\n\t" + "eor w11, w11, w16, ror 16\n\t" + "ubfx x16, x8, #0, #8\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x13, x7, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w15, ror 8\n\t" + "ubfx x15, x7, #8, #8\n\t" + "eor w12, w12, w16, ror 16\n\t" + "ubfx x16, x8, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x9, x7, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x8, #16, #8\n\t" + "eor w13, w13, w15, ror 8\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w13, w16, ror 16\n\t" + "ubfx x16, x7, #40, #8\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "eor w15, w15, w9, ror 24\n\t" + "ldp x7, x8, [x19], #16\n\t" + "eor w14, w14, w16, ror 8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x11, #32, #8\n\t" + "ubfx x10, x12, #8, #8\n\t" + "ubfx x15, x12, #48, #8\n\t" + "ubfx x16, x11, #24, #8\n\t" + "ldr x14, [%[td4]]\n\t" + "ldr x14, [%[td4], #64]\n\t" + "ldr x14, [%[td4], #128]\n\t" + "ldr x14, [%[td4], #192]\n\t" + "ldr x14, [%[td4], #256]\n\t" + "ldr x14, [%[td4], #320]\n\t" + "ldr x14, [%[td4], #384]\n\t" + "ldr x14, [%[td4], #448]\n\t" + "ldr x14, [%[td4], #512]\n\t" + "ldr x14, [%[td4], #576]\n\t" + "ldr x14, [%[td4], #640]\n\t" + "ldr x14, [%[td4], #704]\n\t" + "ldr x14, [%[td4], #768]\n\t" + "ldr x14, [%[td4], #832]\n\t" + "ldr x14, [%[td4], #896]\n\t" + "ldr x14, [%[td4], #960]\n\t" + "ldrb w7, [%[td4], x7, LSL 0]\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ubfx x8, x12, #0, #8\n\t" + "eor w7, w7, w10, lsl 8\n\t" + "ubfx x10, x12, #40, #8\n\t" + "eor w7, w7, w15, lsl 16\n\t" + "ubfx x15, x11, #16, #8\n\t" + "eor w7, w7, w16, lsl 24\n\t" + "ubfx x16, x11, #56, #8\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w8, [%[td4], x8, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ubfx x9, x12, #32, #8\n\t" + "eor w8, w8, w10, lsl 8\n\t" + "ubfx x10, x11, #8, #8\n\t" + "eor w8, w8, w15, lsl 16\n\t" + "ubfx x15, x11, #48, #8\n\t" + "eor w8, w8, w16, lsl 24\n\t" + "ubfx x16, x12, #24, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w9, [%[td4], x9, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ubfx x14, x12, #56, #8\n\t" + "eor w9, w9, w10, lsl 8\n\t" + "ubfx x10, x11, #0, #8\n\t" + "eor w9, w9, w15, lsl 16\n\t" + "ubfx x15, x11, #40, #8\n\t" + "eor w8, w9, w16, lsl 24\n\t" + "ubfx x16, x12, #16, #8\n\t" + "ldrb w14, [%[td4], x14, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "eor w15, w15, w14, lsl 16\n\t" + "ldp x11, x12, [x19]\n\t" + "eor w10, w10, w15, lsl 8\n\t" + "eor w10, w10, w16, lsl 16\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "rev32 x7, x7\n\t" + "rev32 x8, x8\n\t" + "str x7, [%x[out]]\n\t" + "str x8, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_ECB_decrypt_loop_block_%=\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr) + : [in] "r" (in), [ks] "r" (ks), [td] "r" (td), [td4] "r" (td4) + : "memory", "cc", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", + "x15", "x16", "x17", "x19" + ); +} + +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ +#ifdef HAVE_AES_CBC +void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv) +{ + const word8* td4 = L_AES_ARM64_td4; + const word32* td = L_AES_ARM64_td; + __asm__ __volatile__ ( + "\n" + "L_AES_CBC_decrypt_loop_block_%=: \n\t" + "mov x20, %x[ks]\n\t" + "ldr x8, [%x[in]]\n\t" + "ldr x9, [%x[in], #8]\n\t" + "stnp x8, x9, [%x[iv], #16]\n\t" + "rev32 x8, x8\n\t" + "rev32 x9, x9\n\t" + "ldp x12, x13, [x20], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "sub w19, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_decrypt_loop_nr_even_%=: \n\t" + "ubfx x12, x9, #48, #8\n\t" + "ubfx x15, x8, #24, #8\n\t" + "ubfx x16, x9, #8, #8\n\t" + "ubfx x17, x8, #32, #8\n\t" + "ldr x10, [%[td]]\n\t" + "ldr x10, [%[td], #64]\n\t" + "ldr x10, [%[td], #128]\n\t" + "ldr x10, [%[td], #192]\n\t" + "ldr x10, [%[td], #256]\n\t" + "ldr x10, [%[td], #320]\n\t" + "ldr x10, [%[td], #384]\n\t" + "ldr x10, [%[td], #448]\n\t" + "ldr x10, [%[td], #512]\n\t" + "ldr x10, [%[td], #576]\n\t" + "ldr x10, [%[td], #640]\n\t" + "ldr x10, [%[td], #704]\n\t" + "ldr x10, [%[td], #768]\n\t" + "ldr x10, [%[td], #832]\n\t" + "ldr x10, [%[td], #896]\n\t" + "ldr x10, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x13, x8, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w12, w16, ror 8\n\t" + "ubfx x16, x9, #40, #8\n\t" + "eor w12, w12, w17, ror 16\n\t" + "ubfx x17, x9, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x8, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x9, #24, #8\n\t" + "eor w13, w13, w16, ror 8\n\t" + "ubfx x16, x8, #8, #8\n\t" + "eor w13, w13, w17, ror 16\n\t" + "ubfx x17, x9, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x8, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x9, #16, #8\n\t" + "eor w14, w14, w16, ror 8\n\t" + "ubfx x16, x9, #56, #8\n\t" + "eor w13, w14, w17, ror 16\n\t" + "ubfx x17, x8, #40, #8\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w10, ror 24\n\t" + "ldp x8, x9, [x20], #16\n\t" + "eor w15, w15, w17, ror 8\n\t" + "eor w15, w15, w16, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x8\n\t" + "eor x13, x13, x9\n\t" + "ubfx x8, x13, #48, #8\n\t" + "ubfx x11, x12, #24, #8\n\t" + "ubfx x16, x13, #8, #8\n\t" + "ubfx x17, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x9, x12, #16, #8\n\t" + "eor w8, w8, w11, ror 24\n\t" + "ubfx x11, x12, #56, #8\n\t" + "eor w8, w8, w16, ror 8\n\t" + "ubfx x16, x13, #40, #8\n\t" + "eor w8, w8, w17, ror 16\n\t" + "ubfx x17, x13, #0, #8\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x12, #48, #8\n\t" + "eor w9, w9, w11, ror 24\n\t" + "ubfx x11, x13, #24, #8\n\t" + "eor w9, w9, w16, ror 8\n\t" + "ubfx x16, x12, #8, #8\n\t" + "eor w9, w9, w17, ror 16\n\t" + "ubfx x17, x13, #32, #8\n\t" + "bfi x8, x9, #32, #32\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "ubfx x11, x13, #16, #8\n\t" + "eor w10, w10, w16, ror 8\n\t" + "ubfx x16, x13, #56, #8\n\t" + "eor w9, w10, w17, ror 16\n\t" + "ubfx x17, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w14, ror 24\n\t" + "ldp x12, x13, [x20], #16\n\t" + "eor w11, w11, w17, ror 8\n\t" + "eor w11, w11, w16, ror 24\n\t" + "bfi x9, x11, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "subs w19, w19, #2\n\t" + "b.ne L_AES_CBC_decrypt_loop_nr_even_%=\n\t" + "ubfx x12, x9, #48, #8\n\t" + "ubfx x15, x8, #24, #8\n\t" + "ubfx x16, x9, #8, #8\n\t" + "ubfx x17, x8, #32, #8\n\t" + "ldr x10, [%[td]]\n\t" + "ldr x10, [%[td], #64]\n\t" + "ldr x10, [%[td], #128]\n\t" + "ldr x10, [%[td], #192]\n\t" + "ldr x10, [%[td], #256]\n\t" + "ldr x10, [%[td], #320]\n\t" + "ldr x10, [%[td], #384]\n\t" + "ldr x10, [%[td], #448]\n\t" + "ldr x10, [%[td], #512]\n\t" + "ldr x10, [%[td], #576]\n\t" + "ldr x10, [%[td], #640]\n\t" + "ldr x10, [%[td], #704]\n\t" + "ldr x10, [%[td], #768]\n\t" + "ldr x10, [%[td], #832]\n\t" + "ldr x10, [%[td], #896]\n\t" + "ldr x10, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x13, x8, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w12, w16, ror 8\n\t" + "ubfx x16, x9, #40, #8\n\t" + "eor w12, w12, w17, ror 16\n\t" + "ubfx x17, x9, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x8, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x9, #24, #8\n\t" + "eor w13, w13, w16, ror 8\n\t" + "ubfx x16, x8, #8, #8\n\t" + "eor w13, w13, w17, ror 16\n\t" + "ubfx x17, x9, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x8, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x9, #16, #8\n\t" + "eor w14, w14, w16, ror 8\n\t" + "ubfx x16, x9, #56, #8\n\t" + "eor w13, w14, w17, ror 16\n\t" + "ubfx x17, x8, #40, #8\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w10, ror 24\n\t" + "ldp x8, x9, [x20], #16\n\t" + "eor w15, w15, w17, ror 8\n\t" + "eor w15, w15, w16, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x8\n\t" + "eor x13, x13, x9\n\t" + "ubfx x8, x12, #32, #8\n\t" + "ubfx x11, x13, #8, #8\n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x17, x12, #24, #8\n\t" + "ldr x15, [%[td4]]\n\t" + "ldr x15, [%[td4], #64]\n\t" + "ldr x15, [%[td4], #128]\n\t" + "ldr x15, [%[td4], #192]\n\t" + "ldr x15, [%[td4], #256]\n\t" + "ldr x15, [%[td4], #320]\n\t" + "ldr x15, [%[td4], #384]\n\t" + "ldr x15, [%[td4], #448]\n\t" + "ldr x15, [%[td4], #512]\n\t" + "ldr x15, [%[td4], #576]\n\t" + "ldr x15, [%[td4], #640]\n\t" + "ldr x15, [%[td4], #704]\n\t" + "ldr x15, [%[td4], #768]\n\t" + "ldr x15, [%[td4], #832]\n\t" + "ldr x15, [%[td4], #896]\n\t" + "ldr x15, [%[td4], #960]\n\t" + "ldrb w8, [%[td4], x8, LSL 0]\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ubfx x9, x13, #0, #8\n\t" + "eor w8, w8, w11, lsl 8\n\t" + "ubfx x11, x13, #40, #8\n\t" + "eor w8, w8, w16, lsl 16\n\t" + "ubfx x16, x12, #16, #8\n\t" + "eor w8, w8, w17, lsl 24\n\t" + "ubfx x17, x12, #56, #8\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ldrb w9, [%[td4], x9, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ubfx x10, x13, #32, #8\n\t" + "eor w9, w9, w11, lsl 8\n\t" + "ubfx x11, x12, #8, #8\n\t" + "eor w9, w9, w16, lsl 16\n\t" + "ubfx x16, x12, #48, #8\n\t" + "eor w9, w9, w17, lsl 24\n\t" + "ubfx x17, x13, #24, #8\n\t" + "bfi x8, x9, #32, #32\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ubfx x15, x13, #56, #8\n\t" + "eor w10, w10, w11, lsl 8\n\t" + "ubfx x11, x12, #0, #8\n\t" + "eor w10, w10, w16, lsl 16\n\t" + "ubfx x16, x12, #40, #8\n\t" + "eor w9, w10, w17, lsl 24\n\t" + "ubfx x17, x13, #16, #8\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "eor w16, w16, w15, lsl 16\n\t" + "ldp x12, x13, [x20]\n\t" + "eor w11, w11, w16, lsl 8\n\t" + "eor w11, w11, w17, lsl 16\n\t" + "bfi x9, x11, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "rev32 x8, x8\n\t" + "rev32 x9, x9\n\t" + "ldp x12, x13, [%x[iv]]\n\t" + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "str x8, [%x[out]]\n\t" + "str x9, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.eq L_AES_CBC_decrypt_end_dec_odd_%=\n\t" + "mov x20, %x[ks]\n\t" + "ldr x8, [%x[in]]\n\t" + "ldr x9, [%x[in], #8]\n\t" + "stp x8, x9, [%x[iv]]\n\t" + "rev32 x8, x8\n\t" + "rev32 x9, x9\n\t" + "ldp x12, x13, [x20], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "sub w19, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_decrypt_loop_nr_odd_%=: \n\t" + "ubfx x12, x9, #48, #8\n\t" + "ubfx x15, x8, #24, #8\n\t" + "ubfx x16, x9, #8, #8\n\t" + "ubfx x17, x8, #32, #8\n\t" + "ldr x10, [%[td]]\n\t" + "ldr x10, [%[td], #64]\n\t" + "ldr x10, [%[td], #128]\n\t" + "ldr x10, [%[td], #192]\n\t" + "ldr x10, [%[td], #256]\n\t" + "ldr x10, [%[td], #320]\n\t" + "ldr x10, [%[td], #384]\n\t" + "ldr x10, [%[td], #448]\n\t" + "ldr x10, [%[td], #512]\n\t" + "ldr x10, [%[td], #576]\n\t" + "ldr x10, [%[td], #640]\n\t" + "ldr x10, [%[td], #704]\n\t" + "ldr x10, [%[td], #768]\n\t" + "ldr x10, [%[td], #832]\n\t" + "ldr x10, [%[td], #896]\n\t" + "ldr x10, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x13, x8, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w12, w16, ror 8\n\t" + "ubfx x16, x9, #40, #8\n\t" + "eor w12, w12, w17, ror 16\n\t" + "ubfx x17, x9, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x8, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x9, #24, #8\n\t" + "eor w13, w13, w16, ror 8\n\t" + "ubfx x16, x8, #8, #8\n\t" + "eor w13, w13, w17, ror 16\n\t" + "ubfx x17, x9, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x8, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x9, #16, #8\n\t" + "eor w14, w14, w16, ror 8\n\t" + "ubfx x16, x9, #56, #8\n\t" + "eor w13, w14, w17, ror 16\n\t" + "ubfx x17, x8, #40, #8\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w10, ror 24\n\t" + "ldp x8, x9, [x20], #16\n\t" + "eor w15, w15, w17, ror 8\n\t" + "eor w15, w15, w16, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x8\n\t" + "eor x13, x13, x9\n\t" + "ubfx x8, x13, #48, #8\n\t" + "ubfx x11, x12, #24, #8\n\t" + "ubfx x16, x13, #8, #8\n\t" + "ubfx x17, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x9, x12, #16, #8\n\t" + "eor w8, w8, w11, ror 24\n\t" + "ubfx x11, x12, #56, #8\n\t" + "eor w8, w8, w16, ror 8\n\t" + "ubfx x16, x13, #40, #8\n\t" + "eor w8, w8, w17, ror 16\n\t" + "ubfx x17, x13, #0, #8\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x12, #48, #8\n\t" + "eor w9, w9, w11, ror 24\n\t" + "ubfx x11, x13, #24, #8\n\t" + "eor w9, w9, w16, ror 8\n\t" + "ubfx x16, x12, #8, #8\n\t" + "eor w9, w9, w17, ror 16\n\t" + "ubfx x17, x13, #32, #8\n\t" + "bfi x8, x9, #32, #32\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "ubfx x11, x13, #16, #8\n\t" + "eor w10, w10, w16, ror 8\n\t" + "ubfx x16, x13, #56, #8\n\t" + "eor w9, w10, w17, ror 16\n\t" + "ubfx x17, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w14, ror 24\n\t" + "ldp x12, x13, [x20], #16\n\t" + "eor w11, w11, w17, ror 8\n\t" + "eor w11, w11, w16, ror 24\n\t" + "bfi x9, x11, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "subs w19, w19, #2\n\t" + "b.ne L_AES_CBC_decrypt_loop_nr_odd_%=\n\t" + "ubfx x12, x9, #48, #8\n\t" + "ubfx x15, x8, #24, #8\n\t" + "ubfx x16, x9, #8, #8\n\t" + "ubfx x17, x8, #32, #8\n\t" + "ldr x10, [%[td]]\n\t" + "ldr x10, [%[td], #64]\n\t" + "ldr x10, [%[td], #128]\n\t" + "ldr x10, [%[td], #192]\n\t" + "ldr x10, [%[td], #256]\n\t" + "ldr x10, [%[td], #320]\n\t" + "ldr x10, [%[td], #384]\n\t" + "ldr x10, [%[td], #448]\n\t" + "ldr x10, [%[td], #512]\n\t" + "ldr x10, [%[td], #576]\n\t" + "ldr x10, [%[td], #640]\n\t" + "ldr x10, [%[td], #704]\n\t" + "ldr x10, [%[td], #768]\n\t" + "ldr x10, [%[td], #832]\n\t" + "ldr x10, [%[td], #896]\n\t" + "ldr x10, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x13, x8, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w12, w16, ror 8\n\t" + "ubfx x16, x9, #40, #8\n\t" + "eor w12, w12, w17, ror 16\n\t" + "ubfx x17, x9, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x8, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x9, #24, #8\n\t" + "eor w13, w13, w16, ror 8\n\t" + "ubfx x16, x8, #8, #8\n\t" + "eor w13, w13, w17, ror 16\n\t" + "ubfx x17, x9, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x8, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x9, #16, #8\n\t" + "eor w14, w14, w16, ror 8\n\t" + "ubfx x16, x9, #56, #8\n\t" + "eor w13, w14, w17, ror 16\n\t" + "ubfx x17, x8, #40, #8\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w10, ror 24\n\t" + "ldp x8, x9, [x20], #16\n\t" + "eor w15, w15, w17, ror 8\n\t" + "eor w15, w15, w16, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x8\n\t" + "eor x13, x13, x9\n\t" + "ubfx x8, x12, #32, #8\n\t" + "ubfx x11, x13, #8, #8\n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x17, x12, #24, #8\n\t" + "ldr x15, [%[td4]]\n\t" + "ldr x15, [%[td4], #64]\n\t" + "ldr x15, [%[td4], #128]\n\t" + "ldr x15, [%[td4], #192]\n\t" + "ldr x15, [%[td4], #256]\n\t" + "ldr x15, [%[td4], #320]\n\t" + "ldr x15, [%[td4], #384]\n\t" + "ldr x15, [%[td4], #448]\n\t" + "ldr x15, [%[td4], #512]\n\t" + "ldr x15, [%[td4], #576]\n\t" + "ldr x15, [%[td4], #640]\n\t" + "ldr x15, [%[td4], #704]\n\t" + "ldr x15, [%[td4], #768]\n\t" + "ldr x15, [%[td4], #832]\n\t" + "ldr x15, [%[td4], #896]\n\t" + "ldr x15, [%[td4], #960]\n\t" + "ldrb w8, [%[td4], x8, LSL 0]\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ubfx x9, x13, #0, #8\n\t" + "eor w8, w8, w11, lsl 8\n\t" + "ubfx x11, x13, #40, #8\n\t" + "eor w8, w8, w16, lsl 16\n\t" + "ubfx x16, x12, #16, #8\n\t" + "eor w8, w8, w17, lsl 24\n\t" + "ubfx x17, x12, #56, #8\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ldrb w9, [%[td4], x9, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ubfx x10, x13, #32, #8\n\t" + "eor w9, w9, w11, lsl 8\n\t" + "ubfx x11, x12, #8, #8\n\t" + "eor w9, w9, w16, lsl 16\n\t" + "ubfx x16, x12, #48, #8\n\t" + "eor w9, w9, w17, lsl 24\n\t" + "ubfx x17, x13, #24, #8\n\t" + "bfi x8, x9, #32, #32\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ubfx x15, x13, #56, #8\n\t" + "eor w10, w10, w11, lsl 8\n\t" + "ubfx x11, x12, #0, #8\n\t" + "eor w10, w10, w16, lsl 16\n\t" + "ubfx x16, x12, #40, #8\n\t" + "eor w9, w10, w17, lsl 24\n\t" + "ubfx x17, x13, #16, #8\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "eor w16, w16, w15, lsl 16\n\t" + "ldp x12, x13, [x20]\n\t" + "eor w11, w11, w16, lsl 8\n\t" + "eor w11, w11, w17, lsl 16\n\t" + "bfi x9, x11, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "rev32 x8, x8\n\t" + "rev32 x9, x9\n\t" + "ldnp x12, x13, [%x[iv], #16]\n\t" + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "str x8, [%x[out]]\n\t" + "str x9, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_CBC_decrypt_loop_block_%=\n\t" + "b L_AES_CBC_decrypt_end_dec_%=\n\t" + "\n" + "L_AES_CBC_decrypt_end_dec_odd_%=: \n\t" + "ldnp x12, x13, [%x[iv], #16]\n\t" + "stp x12, x13, [%x[iv]]\n\t" + "\n" + "L_AES_CBC_decrypt_end_dec_%=: \n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [iv] "+r" (iv) + : [in] "r" (in), [ks] "r" (ks), [td4] "r" (td4), [td] "r" (td) + : "memory", "cc", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", + "x16", "x17", "x19", "x20" + ); +} + +#endif /* HAVE_AES_CBC */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC + * HAVE_AES_ECB */ +#endif /* HAVE_AES_DECRYPT */ +#ifdef HAVE_AESGCM +static const word32 L_GCM_gmult_len_r[] = { + 0x00000000, 0x1c200000, 0x38400000, 0x24600000, + 0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000, + 0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000, + 0x91800000, 0x8da00000, 0xa9c00000, 0xb5e00000, + 0x00000000, 0x01c20000, 0x03840000, 0x02460000, + 0x07080000, 0x06ca0000, 0x048c0000, 0x054e0000, + 0x0e100000, 0x0fd20000, 0x0d940000, 0x0c560000, + 0x09180000, 0x08da0000, 0x0a9c0000, 0x0b5e0000, +}; + +void GCM_gmult_len(unsigned char* x, const unsigned char** m, + const unsigned char* data, unsigned long len); +void GCM_gmult_len(unsigned char* x, const unsigned char** m, + const unsigned char* data, unsigned long len) +{ + const word32* r = L_GCM_gmult_len_r; + __asm__ __volatile__ ( + "\n" + "L_GCM_gmult_len_start_block_%=: \n\t" + "ldp x4, x5, [%x[x]]\n\t" + "ldp x6, x7, [%x[data]]\n\t" + "eor x4, x4, x6\n\t" + "eor x5, x5, x7\n\t" + "ubfx x12, x5, #56, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x8, x9, [x12]\n\t" + "ubfx x12, x5, #60, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #48, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #52, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #40, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #44, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #32, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #36, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #24, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #28, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #16, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #20, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #8, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #12, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #0, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #4, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #56, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #60, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #48, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #52, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #40, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #44, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #32, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #36, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #24, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #28, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #16, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #20, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #8, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #12, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfiz x12, x4, #4, #4\n\t" + "add x12, x12, %x[m]\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x11, x9, #0, #4\n\t" + "ubfx x12, x4, #4, #4\n\t" + "lsr x9, x9, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 60\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #4\n\t" + "eor x8, x8, x6\n\t" + "ldr w6, [%[r], x11, LSL 2]\n\t" + "eor x9, x9, x7\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "rev x8, x8\n\t" + "rev x9, x9\n\t" + "stp x8, x9, [%x[x]]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[data], %x[data], #16\n\t" + "b.ne L_GCM_gmult_len_start_block_%=\n\t" + : [x] "+r" (x), [len] "+r" (len) + : [m] "r" (m), [data] "r" (data), [r] "r" (r) + : "memory", "cc", "x4", "x5", "x6", "x7", "x8", "x9", "x11", "x12" + ); +} + +void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr) +{ + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "ldp x16, x17, [%x[ctr]]\n\t" + "rev32 x16, x16\n\t" + "rev32 x17, x17\n\t" + "\n" + "L_AES_GCM_encrypt_loop_block_%=: \n\t" + "mov x21, %x[ks]\n\t" + "lsr x9, x17, #32\n\t" + "ldp x10, x11, [x21], #16\n\t" + "add w9, w9, #1\n\t" + "bfi x17, x9, #32, #32\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x6, x16, x10\n\t" + "eor x7, x17, x11\n\t" + "sub w20, %w[nr], #2\n\t" + "\n" + "L_AES_GCM_encrypt_loop_nr_%=: \n\t" + "ubfx x10, x6, #48, #8\n\t" + "ubfx x13, x6, #24, #8\n\t" + "ubfx x14, x7, #8, #8\n\t" + "ubfx x15, x7, #32, #8\n\t" + "ldr x8, [%[te]]\n\t" + "ldr x8, [%[te], #64]\n\t" + "ldr x8, [%[te], #128]\n\t" + "ldr x8, [%[te], #192]\n\t" + "ldr x8, [%[te], #256]\n\t" + "ldr x8, [%[te], #320]\n\t" + "ldr x8, [%[te], #384]\n\t" + "ldr x8, [%[te], #448]\n\t" + "ldr x8, [%[te], #512]\n\t" + "ldr x8, [%[te], #576]\n\t" + "ldr x8, [%[te], #640]\n\t" + "ldr x8, [%[te], #704]\n\t" + "ldr x8, [%[te], #768]\n\t" + "ldr x8, [%[te], #832]\n\t" + "ldr x8, [%[te], #896]\n\t" + "ldr x8, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x11, x7, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x6, #56, #8\n\t" + "eor w10, w10, w14, ror 8\n\t" + "ubfx x14, x7, #40, #8\n\t" + "eor w10, w10, w15, ror 16\n\t" + "ubfx x15, x6, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x7, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x7, #24, #8\n\t" + "eor w11, w11, w14, ror 8\n\t" + "ubfx x14, x6, #8, #8\n\t" + "eor w11, w11, w15, ror 16\n\t" + "ubfx x15, x6, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x7, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x6, #16, #8\n\t" + "eor w12, w12, w14, ror 8\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w12, w15, ror 16\n\t" + "ubfx x15, x6, #40, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w8, ror 24\n\t" + "ldp x6, x7, [x21], #16\n\t" + "eor w13, w13, w14, ror 24\n\t" + "eor w13, w13, w15, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x6\n\t" + "eor x11, x11, x7\n\t" + "ubfx x6, x10, #48, #8\n\t" + "ubfx x9, x10, #24, #8\n\t" + "ubfx x14, x11, #8, #8\n\t" + "ubfx x15, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w6, [%[te], x6, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x7, x11, #16, #8\n\t" + "eor w6, w6, w9, ror 24\n\t" + "ubfx x9, x10, #56, #8\n\t" + "eor w6, w6, w14, ror 8\n\t" + "ubfx x14, x11, #40, #8\n\t" + "eor w6, w6, w15, ror 16\n\t" + "ubfx x15, x10, #0, #8\n\t" + "ldr w7, [%[te], x7, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x11, #48, #8\n\t" + "eor w7, w7, w9, ror 24\n\t" + "ubfx x9, x11, #24, #8\n\t" + "eor w7, w7, w14, ror 8\n\t" + "ubfx x14, x10, #8, #8\n\t" + "eor w7, w7, w15, ror 16\n\t" + "ubfx x15, x10, #32, #8\n\t" + "bfi x6, x7, #32, #32\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w8, w8, w9, ror 24\n\t" + "ubfx x9, x10, #16, #8\n\t" + "eor w8, w8, w14, ror 8\n\t" + "ubfx x14, x11, #56, #8\n\t" + "eor w7, w8, w15, ror 16\n\t" + "ubfx x15, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w12, ror 24\n\t" + "ldp x10, x11, [x21], #16\n\t" + "eor w9, w9, w14, ror 24\n\t" + "eor w9, w9, w15, ror 8\n\t" + "bfi x7, x9, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "subs w20, w20, #2\n\t" + "b.ne L_AES_GCM_encrypt_loop_nr_%=\n\t" + "ubfx x10, x6, #48, #8\n\t" + "ubfx x13, x6, #24, #8\n\t" + "ubfx x14, x7, #8, #8\n\t" + "ubfx x15, x7, #32, #8\n\t" + "ldr x8, [%[te]]\n\t" + "ldr x8, [%[te], #64]\n\t" + "ldr x8, [%[te], #128]\n\t" + "ldr x8, [%[te], #192]\n\t" + "ldr x8, [%[te], #256]\n\t" + "ldr x8, [%[te], #320]\n\t" + "ldr x8, [%[te], #384]\n\t" + "ldr x8, [%[te], #448]\n\t" + "ldr x8, [%[te], #512]\n\t" + "ldr x8, [%[te], #576]\n\t" + "ldr x8, [%[te], #640]\n\t" + "ldr x8, [%[te], #704]\n\t" + "ldr x8, [%[te], #768]\n\t" + "ldr x8, [%[te], #832]\n\t" + "ldr x8, [%[te], #896]\n\t" + "ldr x8, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x11, x7, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x6, #56, #8\n\t" + "eor w10, w10, w14, ror 8\n\t" + "ubfx x14, x7, #40, #8\n\t" + "eor w10, w10, w15, ror 16\n\t" + "ubfx x15, x6, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x7, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x7, #24, #8\n\t" + "eor w11, w11, w14, ror 8\n\t" + "ubfx x14, x6, #8, #8\n\t" + "eor w11, w11, w15, ror 16\n\t" + "ubfx x15, x6, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x7, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x6, #16, #8\n\t" + "eor w12, w12, w14, ror 8\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w12, w15, ror 16\n\t" + "ubfx x15, x6, #40, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w8, ror 24\n\t" + "ldp x6, x7, [x21], #16\n\t" + "eor w13, w13, w14, ror 24\n\t" + "eor w13, w13, w15, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x6\n\t" + "eor x11, x11, x7\n\t" + "ubfx x6, x11, #32, #8\n\t" + "ubfx x9, x11, #8, #8\n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x15, x10, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldr x13, [%[te]]\n\t" + "ldr x13, [%[te], #64]\n\t" + "ldr x13, [%[te], #128]\n\t" + "ldr x13, [%[te], #192]\n\t" + "ldr x13, [%[te], #256]\n\t" + "ldr x13, [%[te], #320]\n\t" + "ldr x13, [%[te], #384]\n\t" + "ldr x13, [%[te], #448]\n\t" + "ldr x13, [%[te], #512]\n\t" + "ldr x13, [%[te], #576]\n\t" + "ldr x13, [%[te], #640]\n\t" + "ldr x13, [%[te], #704]\n\t" + "ldr x13, [%[te], #768]\n\t" + "ldr x13, [%[te], #832]\n\t" + "ldr x13, [%[te], #896]\n\t" + "ldr x13, [%[te], #960]\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x7, x10, #0, #8\n\t" + "eor w6, w6, w9, lsl 8\n\t" + "ubfx x9, x11, #40, #8\n\t" + "eor w6, w6, w14, lsl 16\n\t" + "ubfx x14, x11, #16, #8\n\t" + "eor w6, w6, w15, lsl 24\n\t" + "ubfx x15, x10, #56, #8\n\t" + "lsl w7, w7, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x8, x10, #32, #8\n\t" + "eor w7, w7, w9, lsl 8\n\t" + "ubfx x9, x10, #8, #8\n\t" + "eor w7, w7, w14, lsl 16\n\t" + "ubfx x14, x11, #48, #8\n\t" + "eor w7, w7, w15, lsl 24\n\t" + "ubfx x15, x11, #24, #8\n\t" + "bfi x6, x7, #32, #32\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x13, x11, #56, #8\n\t" + "eor w8, w8, w9, lsl 8\n\t" + "ubfx x9, x11, #0, #8\n\t" + "eor w8, w8, w14, lsl 16\n\t" + "ubfx x14, x10, #40, #8\n\t" + "eor w7, w8, w15, lsl 24\n\t" + "ubfx x15, x10, #16, #8\n\t" + "lsl w13, w13, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "eor w14, w14, w13, lsl 16\n\t" + "ldp x10, x11, [x21]\n\t" + "eor w9, w9, w14, lsl 8\n\t" + "eor w9, w9, w15, lsl 16\n\t" + "bfi x7, x9, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "rev32 x6, x6\n\t" + "rev32 x7, x7\n\t" + "ldr x10, [%x[in]]\n\t" + "ldr x11, [%x[in], #8]\n\t" + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "str x6, [%x[out]]\n\t" + "str x7, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_GCM_encrypt_loop_block_%=\n\t" + "rev32 x16, x16\n\t" + "rev32 x17, x17\n\t" + "stp x16, x17, [%x[ctr]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [ctr] "+r" (ctr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te) + : "memory", "cc", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", + "x14", "x15", "x16", "x17", "x20", "x21" + ); +} + +#endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AES_XTS +void AES_XTS_encrypt(const byte* in, byte* out, word32 sz, const byte* i, + byte* key, byte* key2, byte* tmp, int nr) +{ + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-32]!\n\t" + "add x29, sp, #0\n\t" + "mov x9, #0x87\n\t" + "mov x26, %x[key2]\n\t" + "ldp x21, x22, [%x[i]]\n\t" + "ldp x14, x15, [x26], #16\n\t" + "rev32 x21, x21\n\t" + "rev32 x22, x22\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x21, x21, x14\n\t" + "eor x22, x22, x15\n\t" + "sub w25, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_loop_nr_tweak_%=: \n\t" + "ubfx x14, x21, #48, #8\n\t" + "ubfx x17, x21, #24, #8\n\t" + "ubfx x19, x22, #8, #8\n\t" + "ubfx x20, x22, #32, #8\n\t" + "ldr x23, [%[te]]\n\t" + "ldr x23, [%[te], #64]\n\t" + "ldr x23, [%[te], #128]\n\t" + "ldr x23, [%[te], #192]\n\t" + "ldr x23, [%[te], #256]\n\t" + "ldr x23, [%[te], #320]\n\t" + "ldr x23, [%[te], #384]\n\t" + "ldr x23, [%[te], #448]\n\t" + "ldr x23, [%[te], #512]\n\t" + "ldr x23, [%[te], #576]\n\t" + "ldr x23, [%[te], #640]\n\t" + "ldr x23, [%[te], #704]\n\t" + "ldr x23, [%[te], #768]\n\t" + "ldr x23, [%[te], #832]\n\t" + "ldr x23, [%[te], #896]\n\t" + "ldr x23, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x22, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x21, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x22, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x21, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x22, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x22, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x21, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x21, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x23, x22, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x21, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x22, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x21, #40, #8\n\t" + "ldr w23, [%[te], x23, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w23, ror 24\n\t" + "ldp x21, x22, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x21\n\t" + "eor x15, x15, x22\n\t" + "ubfx x21, x14, #48, #8\n\t" + "ubfx x24, x14, #24, #8\n\t" + "ubfx x19, x15, #8, #8\n\t" + "ubfx x20, x15, #32, #8\n\t" + "ldr x16, [%[te]]\n\t" + "ldr x16, [%[te], #64]\n\t" + "ldr x16, [%[te], #128]\n\t" + "ldr x16, [%[te], #192]\n\t" + "ldr x16, [%[te], #256]\n\t" + "ldr x16, [%[te], #320]\n\t" + "ldr x16, [%[te], #384]\n\t" + "ldr x16, [%[te], #448]\n\t" + "ldr x16, [%[te], #512]\n\t" + "ldr x16, [%[te], #576]\n\t" + "ldr x16, [%[te], #640]\n\t" + "ldr x16, [%[te], #704]\n\t" + "ldr x16, [%[te], #768]\n\t" + "ldr x16, [%[te], #832]\n\t" + "ldr x16, [%[te], #896]\n\t" + "ldr x16, [%[te], #960]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w24, [%[te], x24, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x22, x15, #16, #8\n\t" + "eor w21, w21, w24, ror 24\n\t" + "ubfx x24, x14, #56, #8\n\t" + "eor w21, w21, w19, ror 8\n\t" + "ubfx x19, x15, #40, #8\n\t" + "eor w21, w21, w20, ror 16\n\t" + "ubfx x20, x14, #0, #8\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ldr w24, [%[te], x24, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x23, x15, #48, #8\n\t" + "eor w22, w22, w24, ror 24\n\t" + "ubfx x24, x15, #24, #8\n\t" + "eor w22, w22, w19, ror 8\n\t" + "ubfx x19, x14, #8, #8\n\t" + "eor w22, w22, w20, ror 16\n\t" + "ubfx x20, x14, #32, #8\n\t" + "bfi x21, x22, #32, #32\n\t" + "ldr w23, [%[te], x23, LSL 2]\n\t" + "ldr w24, [%[te], x24, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x15, #0, #8\n\t" + "eor w23, w23, w24, ror 24\n\t" + "ubfx x24, x14, #16, #8\n\t" + "eor w23, w23, w19, ror 8\n\t" + "ubfx x19, x15, #56, #8\n\t" + "eor w22, w23, w20, ror 16\n\t" + "ubfx x20, x14, #40, #8\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w24, [%[te], x24, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w16, ror 24\n\t" + "ldp x14, x15, [x26], #16\n\t" + "eor w24, w24, w19, ror 24\n\t" + "eor w24, w24, w20, ror 8\n\t" + "bfi x22, x24, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x21, x21, x14\n\t" + "eor x22, x22, x15\n\t" + "subs w25, w25, #2\n\t" + "b.ne L_AES_XTS_encrypt_loop_nr_tweak_%=\n\t" + "ubfx x14, x21, #48, #8\n\t" + "ubfx x17, x21, #24, #8\n\t" + "ubfx x19, x22, #8, #8\n\t" + "ubfx x20, x22, #32, #8\n\t" + "ldr x23, [%[te]]\n\t" + "ldr x23, [%[te], #64]\n\t" + "ldr x23, [%[te], #128]\n\t" + "ldr x23, [%[te], #192]\n\t" + "ldr x23, [%[te], #256]\n\t" + "ldr x23, [%[te], #320]\n\t" + "ldr x23, [%[te], #384]\n\t" + "ldr x23, [%[te], #448]\n\t" + "ldr x23, [%[te], #512]\n\t" + "ldr x23, [%[te], #576]\n\t" + "ldr x23, [%[te], #640]\n\t" + "ldr x23, [%[te], #704]\n\t" + "ldr x23, [%[te], #768]\n\t" + "ldr x23, [%[te], #832]\n\t" + "ldr x23, [%[te], #896]\n\t" + "ldr x23, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x22, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x21, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x22, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x21, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x22, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x22, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x21, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x21, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x23, x22, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x21, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x22, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x21, #40, #8\n\t" + "ldr w23, [%[te], x23, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w23, ror 24\n\t" + "ldp x21, x22, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x21\n\t" + "eor x15, x15, x22\n\t" + "ubfx x21, x15, #32, #8\n\t" + "ubfx x24, x15, #8, #8\n\t" + "ubfx x19, x14, #48, #8\n\t" + "ubfx x20, x14, #24, #8\n\t" + "lsl w21, w21, #2\n\t" + "lsl w24, w24, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldr x17, [%[te]]\n\t" + "ldr x17, [%[te], #64]\n\t" + "ldr x17, [%[te], #128]\n\t" + "ldr x17, [%[te], #192]\n\t" + "ldr x17, [%[te], #256]\n\t" + "ldr x17, [%[te], #320]\n\t" + "ldr x17, [%[te], #384]\n\t" + "ldr x17, [%[te], #448]\n\t" + "ldr x17, [%[te], #512]\n\t" + "ldr x17, [%[te], #576]\n\t" + "ldr x17, [%[te], #640]\n\t" + "ldr x17, [%[te], #704]\n\t" + "ldr x17, [%[te], #768]\n\t" + "ldr x17, [%[te], #832]\n\t" + "ldr x17, [%[te], #896]\n\t" + "ldr x17, [%[te], #960]\n\t" + "ldrb w21, [%[te], x21, LSL 0]\n\t" + "ldrb w24, [%[te], x24, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x22, x14, #0, #8\n\t" + "eor w21, w21, w24, lsl 8\n\t" + "ubfx x24, x15, #40, #8\n\t" + "eor w21, w21, w19, lsl 16\n\t" + "ubfx x19, x15, #16, #8\n\t" + "eor w21, w21, w20, lsl 24\n\t" + "ubfx x20, x14, #56, #8\n\t" + "lsl w22, w22, #2\n\t" + "lsl w24, w24, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w22, [%[te], x22, LSL 0]\n\t" + "ldrb w24, [%[te], x24, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x23, x14, #32, #8\n\t" + "eor w22, w22, w24, lsl 8\n\t" + "ubfx x24, x14, #8, #8\n\t" + "eor w22, w22, w19, lsl 16\n\t" + "ubfx x19, x15, #48, #8\n\t" + "eor w22, w22, w20, lsl 24\n\t" + "ubfx x20, x15, #24, #8\n\t" + "bfi x21, x22, #32, #32\n\t" + "lsl w23, w23, #2\n\t" + "lsl w24, w24, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w23, [%[te], x23, LSL 0]\n\t" + "ldrb w24, [%[te], x24, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x17, x15, #56, #8\n\t" + "eor w23, w23, w24, lsl 8\n\t" + "ubfx x24, x15, #0, #8\n\t" + "eor w23, w23, w19, lsl 16\n\t" + "ubfx x19, x14, #40, #8\n\t" + "eor w22, w23, w20, lsl 24\n\t" + "ubfx x20, x14, #16, #8\n\t" + "lsl w17, w17, #2\n\t" + "lsl w24, w24, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w24, [%[te], x24, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "eor w19, w19, w17, lsl 16\n\t" + "ldp x14, x15, [x26]\n\t" + "eor w24, w24, w19, lsl 8\n\t" + "eor w24, w24, w20, lsl 16\n\t" + "bfi x22, x24, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x21, x21, x14\n\t" + "eor x22, x22, x15\n\t" + "rev32 x21, x21\n\t" + "rev32 x22, x22\n\t" + "\n" + "L_AES_XTS_encrypt_loop_block_%=: \n\t" + "mov x26, %x[key]\n\t" + "ldp x10, x11, [%x[in]]\n\t" + "ldp x14, x15, [x26], #16\n\t" + "eor x10, x10, x21\n\t" + "eor x11, x11, x22\n\t" + "rev32 x10, x10\n\t" + "rev32 x11, x11\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "sub w25, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_loop_nr_%=: \n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x17, x10, #24, #8\n\t" + "ubfx x19, x11, #8, #8\n\t" + "ubfx x20, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x11, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x10, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x11, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x10, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x11, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x11, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x10, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x10, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x10, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x11, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w12, ror 24\n\t" + "ldp x10, x11, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x10\n\t" + "eor x15, x15, x11\n\t" + "ubfx x10, x14, #48, #8\n\t" + "ubfx x13, x14, #24, #8\n\t" + "ubfx x19, x15, #8, #8\n\t" + "ubfx x20, x15, #32, #8\n\t" + "ldr x16, [%[te]]\n\t" + "ldr x16, [%[te], #64]\n\t" + "ldr x16, [%[te], #128]\n\t" + "ldr x16, [%[te], #192]\n\t" + "ldr x16, [%[te], #256]\n\t" + "ldr x16, [%[te], #320]\n\t" + "ldr x16, [%[te], #384]\n\t" + "ldr x16, [%[te], #448]\n\t" + "ldr x16, [%[te], #512]\n\t" + "ldr x16, [%[te], #576]\n\t" + "ldr x16, [%[te], #640]\n\t" + "ldr x16, [%[te], #704]\n\t" + "ldr x16, [%[te], #768]\n\t" + "ldr x16, [%[te], #832]\n\t" + "ldr x16, [%[te], #896]\n\t" + "ldr x16, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x11, x15, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x14, #56, #8\n\t" + "eor w10, w10, w19, ror 8\n\t" + "ubfx x19, x15, #40, #8\n\t" + "eor w10, w10, w20, ror 16\n\t" + "ubfx x20, x14, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x15, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x15, #24, #8\n\t" + "eor w11, w11, w19, ror 8\n\t" + "ubfx x19, x14, #8, #8\n\t" + "eor w11, w11, w20, ror 16\n\t" + "ubfx x20, x14, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x15, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x14, #16, #8\n\t" + "eor w12, w12, w19, ror 8\n\t" + "ubfx x19, x15, #56, #8\n\t" + "eor w11, w12, w20, ror 16\n\t" + "ubfx x20, x14, #40, #8\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w16, ror 24\n\t" + "ldp x14, x15, [x26], #16\n\t" + "eor w13, w13, w19, ror 24\n\t" + "eor w13, w13, w20, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "subs w25, w25, #2\n\t" + "b.ne L_AES_XTS_encrypt_loop_nr_%=\n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x17, x10, #24, #8\n\t" + "ubfx x19, x11, #8, #8\n\t" + "ubfx x20, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x11, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x10, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x11, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x10, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x11, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x11, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x10, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x10, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x10, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x11, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w12, ror 24\n\t" + "ldp x10, x11, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x10\n\t" + "eor x15, x15, x11\n\t" + "ubfx x10, x15, #32, #8\n\t" + "ubfx x13, x15, #8, #8\n\t" + "ubfx x19, x14, #48, #8\n\t" + "ubfx x20, x14, #24, #8\n\t" + "lsl w10, w10, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldr x17, [%[te]]\n\t" + "ldr x17, [%[te], #64]\n\t" + "ldr x17, [%[te], #128]\n\t" + "ldr x17, [%[te], #192]\n\t" + "ldr x17, [%[te], #256]\n\t" + "ldr x17, [%[te], #320]\n\t" + "ldr x17, [%[te], #384]\n\t" + "ldr x17, [%[te], #448]\n\t" + "ldr x17, [%[te], #512]\n\t" + "ldr x17, [%[te], #576]\n\t" + "ldr x17, [%[te], #640]\n\t" + "ldr x17, [%[te], #704]\n\t" + "ldr x17, [%[te], #768]\n\t" + "ldr x17, [%[te], #832]\n\t" + "ldr x17, [%[te], #896]\n\t" + "ldr x17, [%[te], #960]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x11, x14, #0, #8\n\t" + "eor w10, w10, w13, lsl 8\n\t" + "ubfx x13, x15, #40, #8\n\t" + "eor w10, w10, w19, lsl 16\n\t" + "ubfx x19, x15, #16, #8\n\t" + "eor w10, w10, w20, lsl 24\n\t" + "ubfx x20, x14, #56, #8\n\t" + "lsl w11, w11, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x12, x14, #32, #8\n\t" + "eor w11, w11, w13, lsl 8\n\t" + "ubfx x13, x14, #8, #8\n\t" + "eor w11, w11, w19, lsl 16\n\t" + "ubfx x19, x15, #48, #8\n\t" + "eor w11, w11, w20, lsl 24\n\t" + "ubfx x20, x15, #24, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "lsl w12, w12, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w12, [%[te], x12, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x17, x15, #56, #8\n\t" + "eor w12, w12, w13, lsl 8\n\t" + "ubfx x13, x15, #0, #8\n\t" + "eor w12, w12, w19, lsl 16\n\t" + "ubfx x19, x14, #40, #8\n\t" + "eor w11, w12, w20, lsl 24\n\t" + "ubfx x20, x14, #16, #8\n\t" + "lsl w17, w17, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "eor w19, w19, w17, lsl 16\n\t" + "ldp x14, x15, [x26]\n\t" + "eor w13, w13, w19, lsl 8\n\t" + "eor w13, w13, w20, lsl 16\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "rev32 x10, x10\n\t" + "rev32 x11, x11\n\t" + "eor x10, x10, x21\n\t" + "eor x11, x11, x22\n\t" + "stp x10, x11, [%x[out]]\n\t" + "and x19, x9, x22, asr 63\n\t" + "extr x22, x22, x21, #63\n\t" + "eor x21, x19, x21, lsl 1\n\t" + "sub %w[sz], %w[sz], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "cmp %w[sz], #16\n\t" + "b.ge L_AES_XTS_encrypt_loop_block_%=\n\t" + "cbz %w[sz], L_AES_XTS_encrypt_done_data_%=\n\t" + "mov x26, %x[key]\n\t" + "sub %x[out], %x[out], #16\n\t" + "ldp x10, x11, [%x[out]], #16\n\t" + "stp x10, x11, [%x[tmp]]\n\t" + "mov w14, %w[sz]\n\t" + "\n" + "L_AES_XTS_encrypt_start_byte_%=: \n\t" + "ldrb w19, [%x[tmp]]\n\t" + "ldrb w20, [%x[in]], #1\n\t" + "strb w19, [%x[out]], #1\n\t" + "strb w20, [%x[tmp]], #1\n\t" + "subs w14, w14, #1\n\t" + "b.gt L_AES_XTS_encrypt_start_byte_%=\n\t" + "sub %x[out], %x[out], %x[sz]\n\t" + "sub %x[tmp], %x[tmp], %x[sz]\n\t" + "sub %x[out], %x[out], #16\n\t" + "ldp x10, x11, [%x[tmp]]\n\t" + "ldp x14, x15, [x26], #16\n\t" + "eor x10, x10, x21\n\t" + "eor x11, x11, x22\n\t" + "rev32 x10, x10\n\t" + "rev32 x11, x11\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "sub w25, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_loop_nr_partial_%=: \n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x17, x10, #24, #8\n\t" + "ubfx x19, x11, #8, #8\n\t" + "ubfx x20, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x11, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x10, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x11, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x10, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x11, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x11, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x10, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x10, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x10, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x11, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w12, ror 24\n\t" + "ldp x10, x11, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x10\n\t" + "eor x15, x15, x11\n\t" + "ubfx x10, x14, #48, #8\n\t" + "ubfx x13, x14, #24, #8\n\t" + "ubfx x19, x15, #8, #8\n\t" + "ubfx x20, x15, #32, #8\n\t" + "ldr x16, [%[te]]\n\t" + "ldr x16, [%[te], #64]\n\t" + "ldr x16, [%[te], #128]\n\t" + "ldr x16, [%[te], #192]\n\t" + "ldr x16, [%[te], #256]\n\t" + "ldr x16, [%[te], #320]\n\t" + "ldr x16, [%[te], #384]\n\t" + "ldr x16, [%[te], #448]\n\t" + "ldr x16, [%[te], #512]\n\t" + "ldr x16, [%[te], #576]\n\t" + "ldr x16, [%[te], #640]\n\t" + "ldr x16, [%[te], #704]\n\t" + "ldr x16, [%[te], #768]\n\t" + "ldr x16, [%[te], #832]\n\t" + "ldr x16, [%[te], #896]\n\t" + "ldr x16, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x11, x15, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x14, #56, #8\n\t" + "eor w10, w10, w19, ror 8\n\t" + "ubfx x19, x15, #40, #8\n\t" + "eor w10, w10, w20, ror 16\n\t" + "ubfx x20, x14, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x15, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x15, #24, #8\n\t" + "eor w11, w11, w19, ror 8\n\t" + "ubfx x19, x14, #8, #8\n\t" + "eor w11, w11, w20, ror 16\n\t" + "ubfx x20, x14, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x15, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x14, #16, #8\n\t" + "eor w12, w12, w19, ror 8\n\t" + "ubfx x19, x15, #56, #8\n\t" + "eor w11, w12, w20, ror 16\n\t" + "ubfx x20, x14, #40, #8\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w16, ror 24\n\t" + "ldp x14, x15, [x26], #16\n\t" + "eor w13, w13, w19, ror 24\n\t" + "eor w13, w13, w20, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "subs w25, w25, #2\n\t" + "b.ne L_AES_XTS_encrypt_loop_nr_partial_%=\n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x17, x10, #24, #8\n\t" + "ubfx x19, x11, #8, #8\n\t" + "ubfx x20, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x11, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x10, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x11, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x10, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x11, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x11, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x10, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x10, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x10, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x11, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w12, ror 24\n\t" + "ldp x10, x11, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x10\n\t" + "eor x15, x15, x11\n\t" + "ubfx x10, x15, #32, #8\n\t" + "ubfx x13, x15, #8, #8\n\t" + "ubfx x19, x14, #48, #8\n\t" + "ubfx x20, x14, #24, #8\n\t" + "lsl w10, w10, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldr x17, [%[te]]\n\t" + "ldr x17, [%[te], #64]\n\t" + "ldr x17, [%[te], #128]\n\t" + "ldr x17, [%[te], #192]\n\t" + "ldr x17, [%[te], #256]\n\t" + "ldr x17, [%[te], #320]\n\t" + "ldr x17, [%[te], #384]\n\t" + "ldr x17, [%[te], #448]\n\t" + "ldr x17, [%[te], #512]\n\t" + "ldr x17, [%[te], #576]\n\t" + "ldr x17, [%[te], #640]\n\t" + "ldr x17, [%[te], #704]\n\t" + "ldr x17, [%[te], #768]\n\t" + "ldr x17, [%[te], #832]\n\t" + "ldr x17, [%[te], #896]\n\t" + "ldr x17, [%[te], #960]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x11, x14, #0, #8\n\t" + "eor w10, w10, w13, lsl 8\n\t" + "ubfx x13, x15, #40, #8\n\t" + "eor w10, w10, w19, lsl 16\n\t" + "ubfx x19, x15, #16, #8\n\t" + "eor w10, w10, w20, lsl 24\n\t" + "ubfx x20, x14, #56, #8\n\t" + "lsl w11, w11, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x12, x14, #32, #8\n\t" + "eor w11, w11, w13, lsl 8\n\t" + "ubfx x13, x14, #8, #8\n\t" + "eor w11, w11, w19, lsl 16\n\t" + "ubfx x19, x15, #48, #8\n\t" + "eor w11, w11, w20, lsl 24\n\t" + "ubfx x20, x15, #24, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "lsl w12, w12, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w12, [%[te], x12, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x17, x15, #56, #8\n\t" + "eor w12, w12, w13, lsl 8\n\t" + "ubfx x13, x15, #0, #8\n\t" + "eor w12, w12, w19, lsl 16\n\t" + "ubfx x19, x14, #40, #8\n\t" + "eor w11, w12, w20, lsl 24\n\t" + "ubfx x20, x14, #16, #8\n\t" + "lsl w17, w17, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "eor w19, w19, w17, lsl 16\n\t" + "ldp x14, x15, [x26]\n\t" + "eor w13, w13, w19, lsl 8\n\t" + "eor w13, w13, w20, lsl 16\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "rev32 x10, x10\n\t" + "rev32 x11, x11\n\t" + "eor x10, x10, x21\n\t" + "eor x11, x11, x22\n\t" + "stp x10, x11, [%x[out]]\n\t" + "\n" + "L_AES_XTS_encrypt_done_data_%=: \n\t" + "ldp x29, x30, [sp], #32\n\t" + : [out] "+r" (out), [sz] "+r" (sz), [key] "+r" (key), + [key2] "+r" (key2), [tmp] "+r" (tmp), [nr] "+r" (nr) + : [in] "r" (in), [i] "r" (i), [te] "r" (te) + : "memory", "cc", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", + "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26" + ); +} + +#ifdef HAVE_AES_DECRYPT +void AES_XTS_decrypt(const byte* in, byte* out, word32 sz, const byte* i, + byte* key, byte* key2, byte* tmp, int nr) +{ + const word32* td = L_AES_ARM64_td; + const word8* td4 = L_AES_ARM64_td4; + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-32]!\n\t" + "add x29, sp, #0\n\t" + "ands w11, %w[sz], #15\n\t" + "cset w11, ne\n\t" + "lsl w11, w11, #4\n\t" + "sub %w[sz], %w[sz], w11\n\t" + "mov x11, #0x87\n\t" + "mov x28, %x[key2]\n\t" + "ldp x23, x24, [%x[i]]\n\t" + "ldp x16, x17, [x28], #16\n\t" + "rev32 x23, x23\n\t" + "rev32 x24, x24\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x23, x23, x16\n\t" + "eor x24, x24, x17\n\t" + "sub w27, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_loop_nr_tweak_%=: \n\t" + "ubfx x16, x23, #48, #8\n\t" + "ubfx x20, x23, #24, #8\n\t" + "ubfx x21, x24, #8, #8\n\t" + "ubfx x22, x24, #32, #8\n\t" + "ldr x25, [%[te]]\n\t" + "ldr x25, [%[te], #64]\n\t" + "ldr x25, [%[te], #128]\n\t" + "ldr x25, [%[te], #192]\n\t" + "ldr x25, [%[te], #256]\n\t" + "ldr x25, [%[te], #320]\n\t" + "ldr x25, [%[te], #384]\n\t" + "ldr x25, [%[te], #448]\n\t" + "ldr x25, [%[te], #512]\n\t" + "ldr x25, [%[te], #576]\n\t" + "ldr x25, [%[te], #640]\n\t" + "ldr x25, [%[te], #704]\n\t" + "ldr x25, [%[te], #768]\n\t" + "ldr x25, [%[te], #832]\n\t" + "ldr x25, [%[te], #896]\n\t" + "ldr x25, [%[te], #960]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x17, x24, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x23, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x24, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x23, #0, #8\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x19, x24, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x24, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x23, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x23, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x25, x24, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x23, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x24, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x23, #40, #8\n\t" + "ldr w25, [%[te], x25, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "eor w21, w21, w25, ror 24\n\t" + "ldp x23, x24, [x28], #16\n\t" + "eor w20, w20, w21, ror 24\n\t" + "eor w20, w20, w22, ror 8\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x23\n\t" + "eor x17, x17, x24\n\t" + "ubfx x23, x16, #48, #8\n\t" + "ubfx x26, x16, #24, #8\n\t" + "ubfx x21, x17, #8, #8\n\t" + "ubfx x22, x17, #32, #8\n\t" + "ldr x19, [%[te]]\n\t" + "ldr x19, [%[te], #64]\n\t" + "ldr x19, [%[te], #128]\n\t" + "ldr x19, [%[te], #192]\n\t" + "ldr x19, [%[te], #256]\n\t" + "ldr x19, [%[te], #320]\n\t" + "ldr x19, [%[te], #384]\n\t" + "ldr x19, [%[te], #448]\n\t" + "ldr x19, [%[te], #512]\n\t" + "ldr x19, [%[te], #576]\n\t" + "ldr x19, [%[te], #640]\n\t" + "ldr x19, [%[te], #704]\n\t" + "ldr x19, [%[te], #768]\n\t" + "ldr x19, [%[te], #832]\n\t" + "ldr x19, [%[te], #896]\n\t" + "ldr x19, [%[te], #960]\n\t" + "ldr w23, [%[te], x23, LSL 2]\n\t" + "ldr w26, [%[te], x26, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x24, x17, #16, #8\n\t" + "eor w23, w23, w26, ror 24\n\t" + "ubfx x26, x16, #56, #8\n\t" + "eor w23, w23, w21, ror 8\n\t" + "ubfx x21, x17, #40, #8\n\t" + "eor w23, w23, w22, ror 16\n\t" + "ubfx x22, x16, #0, #8\n\t" + "ldr w24, [%[te], x24, LSL 2]\n\t" + "ldr w26, [%[te], x26, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x25, x17, #48, #8\n\t" + "eor w24, w24, w26, ror 24\n\t" + "ubfx x26, x17, #24, #8\n\t" + "eor w24, w24, w21, ror 8\n\t" + "ubfx x21, x16, #8, #8\n\t" + "eor w24, w24, w22, ror 16\n\t" + "ubfx x22, x16, #32, #8\n\t" + "bfi x23, x24, #32, #32\n\t" + "ldr w25, [%[te], x25, LSL 2]\n\t" + "ldr w26, [%[te], x26, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x19, x17, #0, #8\n\t" + "eor w25, w25, w26, ror 24\n\t" + "ubfx x26, x16, #16, #8\n\t" + "eor w25, w25, w21, ror 8\n\t" + "ubfx x21, x17, #56, #8\n\t" + "eor w24, w25, w22, ror 16\n\t" + "ubfx x22, x16, #40, #8\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w26, [%[te], x26, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "eor w21, w21, w19, ror 24\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor w26, w26, w21, ror 24\n\t" + "eor w26, w26, w22, ror 8\n\t" + "bfi x24, x26, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x23, x23, x16\n\t" + "eor x24, x24, x17\n\t" + "subs w27, w27, #2\n\t" + "b.ne L_AES_XTS_decrypt_loop_nr_tweak_%=\n\t" + "ubfx x16, x23, #48, #8\n\t" + "ubfx x20, x23, #24, #8\n\t" + "ubfx x21, x24, #8, #8\n\t" + "ubfx x22, x24, #32, #8\n\t" + "ldr x25, [%[te]]\n\t" + "ldr x25, [%[te], #64]\n\t" + "ldr x25, [%[te], #128]\n\t" + "ldr x25, [%[te], #192]\n\t" + "ldr x25, [%[te], #256]\n\t" + "ldr x25, [%[te], #320]\n\t" + "ldr x25, [%[te], #384]\n\t" + "ldr x25, [%[te], #448]\n\t" + "ldr x25, [%[te], #512]\n\t" + "ldr x25, [%[te], #576]\n\t" + "ldr x25, [%[te], #640]\n\t" + "ldr x25, [%[te], #704]\n\t" + "ldr x25, [%[te], #768]\n\t" + "ldr x25, [%[te], #832]\n\t" + "ldr x25, [%[te], #896]\n\t" + "ldr x25, [%[te], #960]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x17, x24, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x23, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x24, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x23, #0, #8\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x19, x24, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x24, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x23, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x23, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x25, x24, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x23, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x24, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x23, #40, #8\n\t" + "ldr w25, [%[te], x25, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "eor w21, w21, w25, ror 24\n\t" + "ldp x23, x24, [x28], #16\n\t" + "eor w20, w20, w21, ror 24\n\t" + "eor w20, w20, w22, ror 8\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x23\n\t" + "eor x17, x17, x24\n\t" + "ubfx x23, x17, #32, #8\n\t" + "ubfx x26, x17, #8, #8\n\t" + "ubfx x21, x16, #48, #8\n\t" + "ubfx x22, x16, #24, #8\n\t" + "lsl w23, w23, #2\n\t" + "lsl w26, w26, #2\n\t" + "lsl w21, w21, #2\n\t" + "lsl w22, w22, #2\n\t" + "ldr x20, [%[te]]\n\t" + "ldr x20, [%[te], #64]\n\t" + "ldr x20, [%[te], #128]\n\t" + "ldr x20, [%[te], #192]\n\t" + "ldr x20, [%[te], #256]\n\t" + "ldr x20, [%[te], #320]\n\t" + "ldr x20, [%[te], #384]\n\t" + "ldr x20, [%[te], #448]\n\t" + "ldr x20, [%[te], #512]\n\t" + "ldr x20, [%[te], #576]\n\t" + "ldr x20, [%[te], #640]\n\t" + "ldr x20, [%[te], #704]\n\t" + "ldr x20, [%[te], #768]\n\t" + "ldr x20, [%[te], #832]\n\t" + "ldr x20, [%[te], #896]\n\t" + "ldr x20, [%[te], #960]\n\t" + "ldrb w23, [%[te], x23, LSL 0]\n\t" + "ldrb w26, [%[te], x26, LSL 0]\n\t" + "ldrb w21, [%[te], x21, LSL 0]\n\t" + "ldrb w22, [%[te], x22, LSL 0]\n\t" + "ubfx x24, x16, #0, #8\n\t" + "eor w23, w23, w26, lsl 8\n\t" + "ubfx x26, x17, #40, #8\n\t" + "eor w23, w23, w21, lsl 16\n\t" + "ubfx x21, x17, #16, #8\n\t" + "eor w23, w23, w22, lsl 24\n\t" + "ubfx x22, x16, #56, #8\n\t" + "lsl w24, w24, #2\n\t" + "lsl w26, w26, #2\n\t" + "lsl w21, w21, #2\n\t" + "lsl w22, w22, #2\n\t" + "ldrb w24, [%[te], x24, LSL 0]\n\t" + "ldrb w26, [%[te], x26, LSL 0]\n\t" + "ldrb w21, [%[te], x21, LSL 0]\n\t" + "ldrb w22, [%[te], x22, LSL 0]\n\t" + "ubfx x25, x16, #32, #8\n\t" + "eor w24, w24, w26, lsl 8\n\t" + "ubfx x26, x16, #8, #8\n\t" + "eor w24, w24, w21, lsl 16\n\t" + "ubfx x21, x17, #48, #8\n\t" + "eor w24, w24, w22, lsl 24\n\t" + "ubfx x22, x17, #24, #8\n\t" + "bfi x23, x24, #32, #32\n\t" + "lsl w25, w25, #2\n\t" + "lsl w26, w26, #2\n\t" + "lsl w21, w21, #2\n\t" + "lsl w22, w22, #2\n\t" + "ldrb w25, [%[te], x25, LSL 0]\n\t" + "ldrb w26, [%[te], x26, LSL 0]\n\t" + "ldrb w21, [%[te], x21, LSL 0]\n\t" + "ldrb w22, [%[te], x22, LSL 0]\n\t" + "ubfx x20, x17, #56, #8\n\t" + "eor w25, w25, w26, lsl 8\n\t" + "ubfx x26, x17, #0, #8\n\t" + "eor w25, w25, w21, lsl 16\n\t" + "ubfx x21, x16, #40, #8\n\t" + "eor w24, w25, w22, lsl 24\n\t" + "ubfx x22, x16, #16, #8\n\t" + "lsl w20, w20, #2\n\t" + "lsl w26, w26, #2\n\t" + "lsl w21, w21, #2\n\t" + "lsl w22, w22, #2\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ldrb w26, [%[te], x26, LSL 0]\n\t" + "ldrb w21, [%[te], x21, LSL 0]\n\t" + "ldrb w22, [%[te], x22, LSL 0]\n\t" + "eor w21, w21, w20, lsl 16\n\t" + "ldp x16, x17, [x28]\n\t" + "eor w26, w26, w21, lsl 8\n\t" + "eor w26, w26, w22, lsl 16\n\t" + "bfi x24, x26, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x23, x23, x16\n\t" + "eor x24, x24, x17\n\t" + "rev32 x23, x23\n\t" + "rev32 x24, x24\n\t" + "cmp %w[sz], #16\n\t" + "b.lt L_AES_XTS_decrypt_start_partail_%=\n\t" + "\n" + "L_AES_XTS_decrypt_loop_block_%=: \n\t" + "mov x28, %x[key]\n\t" + "ldp x12, x13, [%x[in]]\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor x12, x12, x23\n\t" + "eor x13, x13, x24\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "sub w27, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_loop_nr_%=: \n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x17, #48, #8\n\t" + "ubfx x15, x16, #24, #8\n\t" + "ubfx x21, x17, #8, #8\n\t" + "ubfx x22, x16, #32, #8\n\t" + "ldr x19, [%[td]]\n\t" + "ldr x19, [%[td], #64]\n\t" + "ldr x19, [%[td], #128]\n\t" + "ldr x19, [%[td], #192]\n\t" + "ldr x19, [%[td], #256]\n\t" + "ldr x19, [%[td], #320]\n\t" + "ldr x19, [%[td], #384]\n\t" + "ldr x19, [%[td], #448]\n\t" + "ldr x19, [%[td], #512]\n\t" + "ldr x19, [%[td], #576]\n\t" + "ldr x19, [%[td], #640]\n\t" + "ldr x19, [%[td], #704]\n\t" + "ldr x19, [%[td], #768]\n\t" + "ldr x19, [%[td], #832]\n\t" + "ldr x19, [%[td], #896]\n\t" + "ldr x19, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x13, x16, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x16, #56, #8\n\t" + "eor w12, w12, w21, ror 8\n\t" + "ubfx x21, x17, #40, #8\n\t" + "eor w12, w12, w22, ror 16\n\t" + "ubfx x22, x17, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x16, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x17, #24, #8\n\t" + "eor w13, w13, w21, ror 8\n\t" + "ubfx x21, x16, #8, #8\n\t" + "eor w13, w13, w22, ror 16\n\t" + "ubfx x22, x17, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x16, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x17, #16, #8\n\t" + "eor w14, w14, w21, ror 8\n\t" + "ubfx x21, x17, #56, #8\n\t" + "eor w13, w14, w22, ror 16\n\t" + "ubfx x22, x16, #40, #8\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w19, ror 24\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor w15, w15, w22, ror 8\n\t" + "eor w15, w15, w21, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "subs w27, w27, #2\n\t" + "b.ne L_AES_XTS_decrypt_loop_nr_%=\n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x16, #32, #8\n\t" + "ubfx x15, x17, #8, #8\n\t" + "ubfx x21, x17, #48, #8\n\t" + "ubfx x22, x16, #24, #8\n\t" + "ldr x20, [%[td4]]\n\t" + "ldr x20, [%[td4], #64]\n\t" + "ldr x20, [%[td4], #128]\n\t" + "ldr x20, [%[td4], #192]\n\t" + "ldr x20, [%[td4], #256]\n\t" + "ldr x20, [%[td4], #320]\n\t" + "ldr x20, [%[td4], #384]\n\t" + "ldr x20, [%[td4], #448]\n\t" + "ldr x20, [%[td4], #512]\n\t" + "ldr x20, [%[td4], #576]\n\t" + "ldr x20, [%[td4], #640]\n\t" + "ldr x20, [%[td4], #704]\n\t" + "ldr x20, [%[td4], #768]\n\t" + "ldr x20, [%[td4], #832]\n\t" + "ldr x20, [%[td4], #896]\n\t" + "ldr x20, [%[td4], #960]\n\t" + "ldrb w12, [%[td4], x12, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ubfx x13, x17, #0, #8\n\t" + "eor w12, w12, w15, lsl 8\n\t" + "ubfx x15, x17, #40, #8\n\t" + "eor w12, w12, w21, lsl 16\n\t" + "ubfx x21, x16, #16, #8\n\t" + "eor w12, w12, w22, lsl 24\n\t" + "ubfx x22, x16, #56, #8\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w13, [%[td4], x13, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x14, x17, #32, #8\n\t" + "eor w13, w13, w15, lsl 8\n\t" + "ubfx x15, x16, #8, #8\n\t" + "eor w13, w13, w21, lsl 16\n\t" + "ubfx x21, x16, #48, #8\n\t" + "eor w13, w13, w22, lsl 24\n\t" + "ubfx x22, x17, #24, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w14, [%[td4], x14, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x20, x17, #56, #8\n\t" + "eor w14, w14, w15, lsl 8\n\t" + "ubfx x15, x16, #0, #8\n\t" + "eor w14, w14, w21, lsl 16\n\t" + "ubfx x21, x16, #40, #8\n\t" + "eor w13, w14, w22, lsl 24\n\t" + "ubfx x22, x17, #16, #8\n\t" + "ldrb w20, [%[td4], x20, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "eor w21, w21, w20, lsl 16\n\t" + "ldp x16, x17, [x28]\n\t" + "eor w15, w15, w21, lsl 8\n\t" + "eor w15, w15, w22, lsl 16\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + "eor x12, x12, x23\n\t" + "eor x13, x13, x24\n\t" + "stp x12, x13, [%x[out]]\n\t" + "and x21, x11, x24, asr 63\n\t" + "extr x24, x24, x23, #63\n\t" + "eor x23, x21, x23, lsl 1\n\t" + "sub %w[sz], %w[sz], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "cmp %w[sz], #16\n\t" + "b.ge L_AES_XTS_decrypt_loop_block_%=\n\t" + "cbz %w[sz], L_AES_XTS_decrypt_done_data_%=\n\t" + "\n" + "L_AES_XTS_decrypt_start_partail_%=: \n\t" + "and x21, x11, x24, asr 63\n\t" + "extr x26, x24, x23, #63\n\t" + "eor x25, x21, x23, lsl 1\n\t" + "mov x28, %x[key]\n\t" + "ldp x12, x13, [%x[in]], #16\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor x12, x12, x25\n\t" + "eor x13, x13, x26\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "sub w27, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_loop_nr_partial_1_%=: \n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x17, #48, #8\n\t" + "ubfx x15, x16, #24, #8\n\t" + "ubfx x21, x17, #8, #8\n\t" + "ubfx x22, x16, #32, #8\n\t" + "ldr x19, [%[td]]\n\t" + "ldr x19, [%[td], #64]\n\t" + "ldr x19, [%[td], #128]\n\t" + "ldr x19, [%[td], #192]\n\t" + "ldr x19, [%[td], #256]\n\t" + "ldr x19, [%[td], #320]\n\t" + "ldr x19, [%[td], #384]\n\t" + "ldr x19, [%[td], #448]\n\t" + "ldr x19, [%[td], #512]\n\t" + "ldr x19, [%[td], #576]\n\t" + "ldr x19, [%[td], #640]\n\t" + "ldr x19, [%[td], #704]\n\t" + "ldr x19, [%[td], #768]\n\t" + "ldr x19, [%[td], #832]\n\t" + "ldr x19, [%[td], #896]\n\t" + "ldr x19, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x13, x16, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x16, #56, #8\n\t" + "eor w12, w12, w21, ror 8\n\t" + "ubfx x21, x17, #40, #8\n\t" + "eor w12, w12, w22, ror 16\n\t" + "ubfx x22, x17, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x16, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x17, #24, #8\n\t" + "eor w13, w13, w21, ror 8\n\t" + "ubfx x21, x16, #8, #8\n\t" + "eor w13, w13, w22, ror 16\n\t" + "ubfx x22, x17, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x16, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x17, #16, #8\n\t" + "eor w14, w14, w21, ror 8\n\t" + "ubfx x21, x17, #56, #8\n\t" + "eor w13, w14, w22, ror 16\n\t" + "ubfx x22, x16, #40, #8\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w19, ror 24\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor w15, w15, w22, ror 8\n\t" + "eor w15, w15, w21, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "subs w27, w27, #2\n\t" + "b.ne L_AES_XTS_decrypt_loop_nr_partial_1_%=\n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x16, #32, #8\n\t" + "ubfx x15, x17, #8, #8\n\t" + "ubfx x21, x17, #48, #8\n\t" + "ubfx x22, x16, #24, #8\n\t" + "ldr x20, [%[td4]]\n\t" + "ldr x20, [%[td4], #64]\n\t" + "ldr x20, [%[td4], #128]\n\t" + "ldr x20, [%[td4], #192]\n\t" + "ldr x20, [%[td4], #256]\n\t" + "ldr x20, [%[td4], #320]\n\t" + "ldr x20, [%[td4], #384]\n\t" + "ldr x20, [%[td4], #448]\n\t" + "ldr x20, [%[td4], #512]\n\t" + "ldr x20, [%[td4], #576]\n\t" + "ldr x20, [%[td4], #640]\n\t" + "ldr x20, [%[td4], #704]\n\t" + "ldr x20, [%[td4], #768]\n\t" + "ldr x20, [%[td4], #832]\n\t" + "ldr x20, [%[td4], #896]\n\t" + "ldr x20, [%[td4], #960]\n\t" + "ldrb w12, [%[td4], x12, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ubfx x13, x17, #0, #8\n\t" + "eor w12, w12, w15, lsl 8\n\t" + "ubfx x15, x17, #40, #8\n\t" + "eor w12, w12, w21, lsl 16\n\t" + "ubfx x21, x16, #16, #8\n\t" + "eor w12, w12, w22, lsl 24\n\t" + "ubfx x22, x16, #56, #8\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w13, [%[td4], x13, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x14, x17, #32, #8\n\t" + "eor w13, w13, w15, lsl 8\n\t" + "ubfx x15, x16, #8, #8\n\t" + "eor w13, w13, w21, lsl 16\n\t" + "ubfx x21, x16, #48, #8\n\t" + "eor w13, w13, w22, lsl 24\n\t" + "ubfx x22, x17, #24, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w14, [%[td4], x14, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x20, x17, #56, #8\n\t" + "eor w14, w14, w15, lsl 8\n\t" + "ubfx x15, x16, #0, #8\n\t" + "eor w14, w14, w21, lsl 16\n\t" + "ubfx x21, x16, #40, #8\n\t" + "eor w13, w14, w22, lsl 24\n\t" + "ubfx x22, x17, #16, #8\n\t" + "ldrb w20, [%[td4], x20, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "eor w21, w21, w20, lsl 16\n\t" + "ldp x16, x17, [x28]\n\t" + "eor w15, w15, w21, lsl 8\n\t" + "eor w15, w15, w22, lsl 16\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + "eor x12, x12, x25\n\t" + "eor x13, x13, x26\n\t" + "stp x12, x13, [%x[tmp]]\n\t" + "add %x[out], %x[out], #16\n\t" + "mov w16, %w[sz]\n\t" + "\n" + "L_AES_XTS_decrypt_start_byte_%=: \n\t" + "ldrb w21, [%x[tmp]]\n\t" + "ldrb w22, [%x[in]], #1\n\t" + "strb w21, [%x[out]], #1\n\t" + "strb w22, [%x[tmp]], #1\n\t" + "subs w16, w16, #1\n\t" + "b.gt L_AES_XTS_decrypt_start_byte_%=\n\t" + "sub %x[out], %x[out], %x[sz]\n\t" + "sub %x[tmp], %x[tmp], %x[sz]\n\t" + "sub %x[out], %x[out], #16\n\t" + "mov x28, %x[key]\n\t" + "ldp x12, x13, [%x[tmp]]\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor x12, x12, x23\n\t" + "eor x13, x13, x24\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "sub w27, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_loop_nr_partial_2_%=: \n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x17, #48, #8\n\t" + "ubfx x15, x16, #24, #8\n\t" + "ubfx x21, x17, #8, #8\n\t" + "ubfx x22, x16, #32, #8\n\t" + "ldr x19, [%[td]]\n\t" + "ldr x19, [%[td], #64]\n\t" + "ldr x19, [%[td], #128]\n\t" + "ldr x19, [%[td], #192]\n\t" + "ldr x19, [%[td], #256]\n\t" + "ldr x19, [%[td], #320]\n\t" + "ldr x19, [%[td], #384]\n\t" + "ldr x19, [%[td], #448]\n\t" + "ldr x19, [%[td], #512]\n\t" + "ldr x19, [%[td], #576]\n\t" + "ldr x19, [%[td], #640]\n\t" + "ldr x19, [%[td], #704]\n\t" + "ldr x19, [%[td], #768]\n\t" + "ldr x19, [%[td], #832]\n\t" + "ldr x19, [%[td], #896]\n\t" + "ldr x19, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x13, x16, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x16, #56, #8\n\t" + "eor w12, w12, w21, ror 8\n\t" + "ubfx x21, x17, #40, #8\n\t" + "eor w12, w12, w22, ror 16\n\t" + "ubfx x22, x17, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x16, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x17, #24, #8\n\t" + "eor w13, w13, w21, ror 8\n\t" + "ubfx x21, x16, #8, #8\n\t" + "eor w13, w13, w22, ror 16\n\t" + "ubfx x22, x17, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x16, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x17, #16, #8\n\t" + "eor w14, w14, w21, ror 8\n\t" + "ubfx x21, x17, #56, #8\n\t" + "eor w13, w14, w22, ror 16\n\t" + "ubfx x22, x16, #40, #8\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w19, ror 24\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor w15, w15, w22, ror 8\n\t" + "eor w15, w15, w21, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "subs w27, w27, #2\n\t" + "b.ne L_AES_XTS_decrypt_loop_nr_partial_2_%=\n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x16, #32, #8\n\t" + "ubfx x15, x17, #8, #8\n\t" + "ubfx x21, x17, #48, #8\n\t" + "ubfx x22, x16, #24, #8\n\t" + "ldr x20, [%[td4]]\n\t" + "ldr x20, [%[td4], #64]\n\t" + "ldr x20, [%[td4], #128]\n\t" + "ldr x20, [%[td4], #192]\n\t" + "ldr x20, [%[td4], #256]\n\t" + "ldr x20, [%[td4], #320]\n\t" + "ldr x20, [%[td4], #384]\n\t" + "ldr x20, [%[td4], #448]\n\t" + "ldr x20, [%[td4], #512]\n\t" + "ldr x20, [%[td4], #576]\n\t" + "ldr x20, [%[td4], #640]\n\t" + "ldr x20, [%[td4], #704]\n\t" + "ldr x20, [%[td4], #768]\n\t" + "ldr x20, [%[td4], #832]\n\t" + "ldr x20, [%[td4], #896]\n\t" + "ldr x20, [%[td4], #960]\n\t" + "ldrb w12, [%[td4], x12, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ubfx x13, x17, #0, #8\n\t" + "eor w12, w12, w15, lsl 8\n\t" + "ubfx x15, x17, #40, #8\n\t" + "eor w12, w12, w21, lsl 16\n\t" + "ubfx x21, x16, #16, #8\n\t" + "eor w12, w12, w22, lsl 24\n\t" + "ubfx x22, x16, #56, #8\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w13, [%[td4], x13, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x14, x17, #32, #8\n\t" + "eor w13, w13, w15, lsl 8\n\t" + "ubfx x15, x16, #8, #8\n\t" + "eor w13, w13, w21, lsl 16\n\t" + "ubfx x21, x16, #48, #8\n\t" + "eor w13, w13, w22, lsl 24\n\t" + "ubfx x22, x17, #24, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w14, [%[td4], x14, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x20, x17, #56, #8\n\t" + "eor w14, w14, w15, lsl 8\n\t" + "ubfx x15, x16, #0, #8\n\t" + "eor w14, w14, w21, lsl 16\n\t" + "ubfx x21, x16, #40, #8\n\t" + "eor w13, w14, w22, lsl 24\n\t" + "ubfx x22, x17, #16, #8\n\t" + "ldrb w20, [%[td4], x20, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "eor w21, w21, w20, lsl 16\n\t" + "ldp x16, x17, [x28]\n\t" + "eor w15, w15, w21, lsl 8\n\t" + "eor w15, w15, w22, lsl 16\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + "eor x12, x12, x23\n\t" + "eor x13, x13, x24\n\t" + "stp x12, x13, [%x[out]]\n\t" + "\n" + "L_AES_XTS_decrypt_done_data_%=: \n\t" + "ldp x29, x30, [sp], #32\n\t" + : [out] "+r" (out), [sz] "+r" (sz), [key] "+r" (key), + [key2] "+r" (key2), [tmp] "+r" (tmp), [nr] "+r" (nr) + : [in] "r" (in), [i] "r" (i), [td] "r" (td), [td4] "r" (td4), + [te] "r" (te) + : "memory", "cc", "x11", "x12", "x13", "x14", "x15", "x16", "x17", + "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", + "x28" + ); +} + +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_XTS */ +#endif /* !WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP */ #endif /* !defined(NO_AES) && defined(WOLFSSL_ARMASM) */ #endif /* __aarch64__ */ #endif /* WOLFSSL_ARMASM */ diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index f4da2a0b2..36c8e6ef4 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -888,9 +888,74 @@ WOLFSSL_API int wc_AesCtsDecryptFinal(Aes* aes, byte* out, word32* outSz); #endif -#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if defined(WOLFSSL_ARMASM) +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +WOLFSSL_LOCAL void AES_set_encrypt_key(const unsigned char* key, word32 len, + unsigned char* ks); +WOLFSSL_LOCAL void AES_invert_key(unsigned char* ks, word32 rounds); +WOLFSSL_LOCAL void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +WOLFSSL_LOCAL void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +WOLFSSL_LOCAL void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +WOLFSSL_LOCAL void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +WOLFSSL_LOCAL void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) +/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved. + */ +WOLFSSL_LOCAL void GCM_gmult_len(byte* x, const byte** m, + const unsigned char* data, unsigned long len); +#endif +WOLFSSL_LOCAL void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +#if defined(WOLFSSL_AES_XTS) && defined(__aarch64__) +WOLFSSL_LOCAL void AES_XTS_encrypt(const byte* in, byte* out, word32 sz, + const byte* i, byte* key, byte* key2, byte* tmp, int nr); +WOLFSSL_LOCAL void AES_XTS_decrypt(const byte* in, byte* out, word32 sz, + const byte* i, byte* key, byte* key2, byte* tmp, int nr); +#endif +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ + +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +WOLFSSL_LOCAL void AES_set_encrypt_key_NEON(const unsigned char* key, + word32 len, unsigned char* ks); +WOLFSSL_LOCAL void AES_invert_key_NEON(unsigned char* ks, word32 rounds); +WOLFSSL_LOCAL void AES_ECB_encrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr); +WOLFSSL_LOCAL void AES_ECB_decrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr); +WOLFSSL_LOCAL void AES_CBC_encrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr, + unsigned char* iv); +WOLFSSL_LOCAL void AES_CBC_decrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr, + unsigned char* iv); +WOLFSSL_LOCAL void AES_CTR_encrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr, + unsigned char* ctr); +#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) +/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved. + */ +WOLFSSL_LOCAL void GCM_gmult_len_NEON(byte* x, const byte* h, + const unsigned char* data, unsigned long len); +#endif +WOLFSSL_LOCAL void AES_GCM_encrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr, + unsigned char* ctr); +#endif + +#ifdef WOLFSSL_AES_XTS +WOLFSSL_LOCAL void AES_XTS_encrypt_NEON(const byte* in, byte* out, word32 sz, + const byte* i, byte* key, byte* key2, byte* tmp, int nr); +WOLFSSL_LOCAL void AES_XTS_decrypt_NEON(const byte* in, byte* out, word32 sz, + const byte* i, byte* key, byte* key2, byte* tmp, int nr); +#endif /* WOLFSSL_AES_XTS */ + +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) WOLFSSL_LOCAL void AES_set_key_AARCH64(const byte* userKey, int keylen, byte* key, int dir); @@ -979,7 +1044,7 @@ WOLFSSL_LOCAL void AES_GCM_decrypt_final_AARCH64_EOR3(byte* tag, const byte* authTag, word32 tbytes, word32 nbytes, word32 abytes, byte* h, byte* initCtr, int* res); #endif -#endif +#endif /* WOLFSSL_AESGCM_STREAM */ #ifdef WOLFSSL_AES_XTS WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(const byte* in, byte* out, @@ -987,31 +1052,9 @@ WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(const byte* in, byte* out, WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH64(const byte* in, byte* out, word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr); #endif /* WOLFSSL_AES_XTS */ -#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#endif /* __aarch64__ && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) -#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) -WOLFSSL_LOCAL void AES_set_key_AARCH32(const byte* userKey, int keylen, - byte* key, int dir); - -WOLFSSL_LOCAL void AES_encrypt_AARCH32(const byte* inBlock, byte* outBlock, - byte* key, int nr); -WOLFSSL_LOCAL void AES_decrypt_AARCH32(const byte* inBlock, byte* outBlock, - byte* key, int nr); -WOLFSSL_LOCAL void AES_encrypt_blocks_AARCH32(const byte* in, byte* out, - word32 sz, byte* key, int nr); -#endif - -#ifdef WOLFSSL_AES_XTS -WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(const byte* in, byte* out, - word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr); -WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH64(const byte* in, byte* out, - word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr); -#endif /* WOLFSSL_AES_XTS */ -#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ - -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) -#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) WOLFSSL_LOCAL void AES_set_key_AARCH32(const byte* userKey, int keylen, byte* key, int dir); @@ -1049,30 +1092,8 @@ WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH32(const byte* in, byte* out, WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH32(const byte* in, byte* out, word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr); #endif /* WOLFSSL_AES_XTS */ -#else -WOLFSSL_LOCAL void AES_set_encrypt_key(const unsigned char* key, word32 len, - unsigned char* ks); -WOLFSSL_LOCAL void AES_invert_key(unsigned char* ks, word32 rounds); -WOLFSSL_LOCAL void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr); -WOLFSSL_LOCAL void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr); -WOLFSSL_LOCAL void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); -WOLFSSL_LOCAL void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); -WOLFSSL_LOCAL void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); -#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) -/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved. - */ -WOLFSSL_LOCAL void GCM_gmult_len(byte* x, const byte** m, - const unsigned char* data, unsigned long len); -#endif -WOLFSSL_LOCAL void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); -#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ -#endif +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#endif /* WOLFSSL_ARMASM */ #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index 855555536..326ed4a52 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -66,8 +66,9 @@ #define WC_HMAC_INNER_HASH_KEYED_DEV 2 enum { - HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */ - + HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum. Note that this + * minimum also applies to the salt length for + * HKDF. */ IPAD = 0x36, OPAD = 0x5C, diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 513ba98ff..e8fbc52b6 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -95,8 +95,8 @@ #elif defined(__WATCOMC__) /* Watcom macro needs to expand to something, here just a comment: */ #define WC_DEPRECATED(msg) /* null expansion */ - #elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ - defined(_WIN32_WCE) + #elif (defined(_MSC_VER) && _MSC_VER >= 1400) || defined(__MINGW32__) || \ + defined(__CYGWIN__) || defined(_WIN32_WCE) #define WC_DEPRECATED(msg) __declspec(deprecated(msg)) #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \ defined(__IAR_SYSTEMS_ICC__) diff --git a/wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs b/wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs index 5c7d54dc2..dfb5c0a09 100644 --- a/wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs +++ b/wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs @@ -124,8 +124,8 @@ impl ECCPoint { /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); /// let ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); /// let mut der = [0u8; 128]; - /// let size = ecc_point.export_der_compressed(&mut der, curve_id).expect("Error with export_der_compressed()"); - /// ECCPoint::import_der_ex(&der[0..size], curve_id, 1, None).expect("Error with import_der_ex()"); + /// let size = ecc_point.export_der(&mut der, curve_id).expect("Error with export_der()"); + /// ECCPoint::import_der_ex(&der[0..size], curve_id, 0, None).expect("Error with import_der_ex()"); /// } /// ``` #[cfg(ecc_import)] @@ -227,7 +227,6 @@ impl ECCPoint { /// let ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); /// let mut der = [0u8; 128]; /// let size = ecc_point.export_der_compressed(&mut der, curve_id).expect("Error with export_der_compressed()"); - /// ECCPoint::import_der_ex(&der[0..size], curve_id, 1, None).expect("Error with import_der_ex()"); /// } /// ``` #[cfg(all(ecc_export, ecc_comp_key))] diff --git a/wrapper/rust/wolfssl/tests/test_ecc.rs b/wrapper/rust/wolfssl/tests/test_ecc.rs index 91e2fe206..29868b9af 100644 --- a/wrapper/rust/wolfssl/tests/test_ecc.rs +++ b/wrapper/rust/wolfssl/tests/test_ecc.rs @@ -312,7 +312,6 @@ fn test_ecc_point_import_compressed() { let mut ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); let mut der = [0u8; 128]; let size = ecc_point.export_der_compressed(&mut der, curve_id).expect("Error with export_der_compressed()"); - ECCPoint::import_der_ex(&der[0..size], curve_id, 1, None).expect("Error with import_der_ex()"); ecc_point.forcezero(); }