Revert "Aarch64 no harware crypto assembly AES"

2026-01-26 17:42:49 +01:00 · 2025-12-11 15:39:39 -07:00
parent 38d5dc6c7a
commit c2a4a32cd7
8 changed files with 270 additions and 28421 deletions
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -663,7 +663,6 @@ WOLFSSL_ALLOW_TLS_SHA1
 WOLFSSL_ALTERNATIVE_DOWNGRADE
 WOLFSSL_ALT_NAMES_NO_REV
 WOLFSSL_ARM_ARCH_NEON_64BIT
-WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP
 WOLFSSL_ASCON_UNROLL
 WOLFSSL_ASNC_CRYPT
 WOLFSSL_ASN_EXTRA
--- a/tests/api/test_aes.c
+++ b/tests/api/test_aes.c
@@ -289,7 +289,7 @@ int test_wc_AesEncryptDecryptDirect(void)

 #if !defined(NO_AES) && defined(HAVE_AES_ECB)
 /* Assembly code doing 8 iterations at a time. */
-#define ECB_LEN     (15 * WC_AES_BLOCK_SIZE)
+#define ECB_LEN     (9 * WC_AES_BLOCK_SIZE)

 static int test_wc_AesEcbEncryptDecrypt_BadArgs(Aes* aes, byte* key,
    word32 keyLen)
@@ -1993,7 +1993,7 @@ int test_wc_AesCtrSetKey(void)

 #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
 /* Assembly code doing 8 iterations at a time. */
-#define CTR_LEN     (15 * WC_AES_BLOCK_SIZE)
+#define CTR_LEN     (9 * WC_AES_BLOCK_SIZE)

 static int test_wc_AesCtrEncrypt_BadArgs(Aes* aes, byte* key,
    word32 keyLen, byte* iv)
@@ -2237,18 +2237,6 @@ int test_wc_AesCtrEncryptDecrypt(void)
        0x86, 0x8f, 0x83, 0xff, 0x3d, 0xbe, 0x6e, 0xfa,
        0xd2, 0x2b, 0x3e, 0x70, 0x21, 0x1c, 0xe8, 0x7b,
        0xe4, 0x01, 0x2c, 0xd0, 0x82, 0xe2, 0x7a, 0x4a,
-        0xcf, 0x67, 0x82, 0x1c, 0x80, 0x79, 0x85, 0x5e,
-        0xe5, 0xf9, 0x3a, 0x0d, 0x1a, 0xa7, 0x89, 0x29,
-        0xee, 0xe7, 0x2b, 0xd6, 0x29, 0xac, 0xfa, 0xca,
-        0xc8, 0xcb, 0x4e, 0x6c, 0x1f, 0x30, 0x5e, 0x95,
-        0xa5, 0xa2, 0x17, 0xe2, 0x93, 0xd3, 0xe6, 0xbe,
-        0x91, 0x37, 0x84, 0x01, 0xdb, 0x44, 0x4c, 0x60,
-        0x1c, 0x2c, 0x64, 0x7d, 0xb7, 0x73, 0x12, 0x11,
-        0xc2, 0x6a, 0xfd, 0xac, 0x6d, 0x85, 0xd8, 0xeb,
-        0x0e, 0x70, 0xd3, 0x82, 0x93, 0x65, 0xff, 0x18,
-        0x4e, 0x22, 0x07, 0x8a, 0xf6, 0xfd, 0x36, 0x9d,
-        0x5c, 0x15, 0x1c, 0x84, 0x69, 0x13, 0x68, 0x78,
-        0xf1, 0x04, 0x02, 0x66, 0xec, 0x37, 0xcc, 0x0d,
    };
 #elif defined(WOLFSSL_AES_192)
    byte expected24[CTR_LEN] = {
@@ -2270,18 +2258,6 @@ int test_wc_AesCtrEncryptDecrypt(void)
        0x8d, 0x3b, 0xa9, 0x17, 0x4c, 0x2a, 0xc7, 0x97,
        0x99, 0xb7, 0xaf, 0x86, 0x17, 0xf9, 0xe4, 0x2c,
        0x5a, 0x4d, 0x6d, 0x7f, 0xfe, 0xb8, 0xaa, 0x9b,
-        0xf8, 0xb6, 0xcb, 0x6f, 0x2f, 0xa4, 0x57, 0x61,
-        0x88, 0x6c, 0x94, 0xaa, 0xf7, 0x97, 0xcf, 0xcd,
-        0x19, 0x29, 0x9e, 0xf3, 0x30, 0xb8, 0xaa, 0x56,
-        0x49, 0xcb, 0xf0, 0x56, 0xdd, 0xac, 0x4b, 0x41,
-        0x00, 0xb3, 0x19, 0xdd, 0xef, 0x69, 0xd0, 0x9c,
-        0xd1, 0x67, 0x48, 0x62, 0x9f, 0x56, 0x21, 0x2d,
-        0x05, 0xb3, 0x4d, 0x0b, 0xac, 0xb6, 0x63, 0xf4,
-        0x44, 0xfc, 0x43, 0xc0, 0xa9, 0x8c, 0x37, 0xd6,
-        0xc3, 0x8c, 0xa4, 0x42, 0x68, 0x08, 0x2c, 0x1e,
-        0xe7, 0xcc, 0xe4, 0x1f, 0x82, 0x9a, 0xe0, 0xfb,
-        0x18, 0x84, 0x55, 0xaf, 0x02, 0xcc, 0x55, 0x13,
-        0x7e, 0xc7, 0x05, 0xb8, 0xb9, 0x5e, 0x90, 0xc3,
    };
 #else
    byte expected32[CTR_LEN] = {
@@ -2303,18 +2279,6 @@ int test_wc_AesCtrEncryptDecrypt(void)
        0xf1, 0x7b, 0x2b, 0x87, 0xe4, 0xcd, 0x93, 0x22,
        0x07, 0xdc, 0x35, 0x46, 0x8a, 0x1d, 0xf5, 0xe4,
        0x23, 0x01, 0x67, 0x00, 0x66, 0x7b, 0xd6, 0x56,
-        0x0d, 0x57, 0x4f, 0x6f, 0x45, 0x82, 0x91, 0x58,
-        0x81, 0x37, 0xcc, 0xb4, 0xa4, 0xa3, 0x3c, 0x57,
-        0x42, 0x05, 0x95, 0xa3, 0x04, 0x1f, 0xfd, 0x32,
-        0xb7, 0xc8, 0xbb, 0x14, 0xe7, 0xf1, 0xc1, 0x1f,
-        0xe9, 0x33, 0x6a, 0xb0, 0x10, 0x0d, 0xfb, 0x91,
-        0x88, 0xca, 0x20, 0x29, 0xeb, 0xcd, 0x9c, 0x71,
-        0x07, 0xfd, 0x3f, 0x6b, 0x1f, 0xb3, 0x76, 0xb7,
-        0x6b, 0xa1, 0xad, 0xbe, 0xd3, 0x45, 0xb5, 0xe9,
-        0x04, 0x9a, 0xfd, 0x6a, 0x85, 0xa2, 0xbc, 0x4e,
-        0xca, 0xdb, 0x84, 0xbc, 0x0e, 0x0c, 0x96, 0x65,
-        0xc9, 0x95, 0x2b, 0xcb, 0x98, 0x8c, 0xd2, 0x78,
-        0x85, 0x7e, 0x1a, 0xa2, 0x6a, 0x73, 0x90, 0x80,
    };
 #endif
    byte    iv[]   = "1234567890abcdef";
@@ -3443,275 +3407,6 @@ int test_wc_AesCcmEncryptDecrypt(void)
    return EXPECT_RESULT();
 } /* END test_wc_AesCcmEncryptDecrypt */

-/*******************************************************************************
- * AES-XTS
- ******************************************************************************/
-
-/*
- * test function for wc_AesXtsSetKey()
- */
-int test_wc_AesXtsSetKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(WOLFSSL_AES_XTS)
-    XtsAes aes;
-#ifdef WOLFSSL_AES_128
-    byte key16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-    };
-#endif
-#if defined(WOLFSSL_AES_192) && !defined(HAVE_FIPS)
-    byte key24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#endif
-#ifdef WOLFSSL_AES_256
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-#endif
-    byte badKey16[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
-    };
-    byte badKey24[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
-    };
-    byte badKey32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
-    };
-    byte* key;
-    word32 keyLen;
-
-#ifdef WOLFSSL_AES_128
-    key = key16;
-    keyLen = sizeof(key16)/sizeof(byte);
-#elif defined(WOLFSSL_AES_192)
-    key = key24;
-    keyLen = sizeof(key24)/sizeof(byte);
-#else
-    key = key32;
-    keyLen = sizeof(key32)/sizeof(byte);
-#endif
-
-#ifdef WOLFSSL_AES_128
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, key16, sizeof(key16)/sizeof(byte),
-        AES_ENCRYPTION, NULL, INVALID_DEVID), 0);
-    wc_AesXtsFree(&aes);
-#endif
-#if defined(WOLFSSL_AES_192) && !defined(HAVE_FIPS)
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, key24, sizeof(key24)/sizeof(byte),
-        AES_ENCRYPTION, NULL, INVALID_DEVID), 0);
-    wc_AesXtsFree(&aes);
-#endif
-#ifdef WOLFSSL_AES_256
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte),
-        AES_ENCRYPTION, NULL, INVALID_DEVID), 0);
-    wc_AesXtsFree(&aes);
-#endif
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_AesXtsSetKey(NULL, NULL, keyLen, AES_ENCRYPTION, NULL,
-        INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_AesXtsSetKey(NULL, key, keyLen, AES_ENCRYPTION, NULL,
-        INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, NULL, keyLen, AES_ENCRYPTION, NULL,
-        INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte),
-        AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte),
-        AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte),
-        AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, key, keyLen, -2, NULL, INVALID_DEVID),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_AesXtsSetKey */
-
-int test_wc_AesXtsEncryptDecrypt_Sizes(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(WOLFSSL_AES_XTS) && \
-    defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG) && \
-    !defined(WOLFSSL_KCAPI)
-    #define XTS_LEN     (WC_AES_BLOCK_SIZE * 16)
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    byte tweak[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-    };
-    XtsAes aes;
-    word32 tweakLen = (word32)sizeof(tweak)/sizeof(byte);
-    int sz;
-    WC_DECLARE_VAR(plain, byte, XTS_LEN, NULL);
-    WC_DECLARE_VAR(cipher, byte, XTS_LEN, NULL);
-#ifdef HAVE_AES_DECRYPT
-    WC_DECLARE_VAR(decrypted, byte, XTS_LEN, NULL);
-#endif
-
-    WC_ALLOC_VAR(plain, byte, XTS_LEN, NULL);
-    WC_ALLOC_VAR(cipher, byte, XTS_LEN, NULL);
-#ifdef HAVE_AES_DECRYPT
-    WC_ALLOC_VAR(decrypted, byte, XTS_LEN, NULL);
-#endif
-
-#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
-    ExpectNotNull(plain);
-    ExpectNotNull(cipher);
-#ifdef HAVE_AES_DECRYPT
-    ExpectNotNull(decrypted);
-#endif
-#endif
-
-    XMEMSET(&aes, 0, sizeof(Aes));
-    XMEMSET(plain, 0xa5, XTS_LEN);
-
-    for (sz = WC_AES_BLOCK_SIZE; sz <= XTS_LEN; sz *= 2) {
-        ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte),
-            AES_ENCRYPTION, NULL, INVALID_DEVID), 0);
-        XMEMSET(cipher, 0, XTS_LEN);
-        ExpectIntEQ(wc_AesXtsEncrypt(&aes, cipher, plain, sz, tweak, tweakLen),
-            0);
-        wc_AesXtsFree(&aes);
-
-#ifdef HAVE_AES_DECRYPT
-        ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte),
-            AES_DECRYPTION, NULL, INVALID_DEVID), 0);
-        XMEMSET(decrypted, 0xff, XTS_LEN);
-        ExpectIntEQ(wc_AesXtsDecrypt(&aes, decrypted, cipher, sz, tweak,
-            tweakLen), 0);
-        ExpectBufEQ(decrypted, plain, sz);
-        wc_AesXtsFree(&aes);
-#endif
-    }
-
-    WC_FREE_VAR(plain, NULL);
-    WC_FREE_VAR(cipher, NULL);
-#ifdef HAVE_AES_DECRYPT
-    WC_FREE_VAR(decrypted, NULL);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-/*
- * test function for wc_AesXtsEncrypt and wc_AesXtsDecrypt
- */
-int test_wc_AesXtsEncryptDecrypt(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(WOLFSSL_AES_XTS) && \
-    defined(WOLFSSL_AES_256)
-    XtsAes  aes;
-    byte key32[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
-    };
-    byte vector[] = { /* Now is the time for all w/o trailing 0 */
-        0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
-        0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
-        0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
-    };
-    byte tweak[] = {
-        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-        0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
-    };
-    word32 tweakLen = (word32)sizeof(tweak)/sizeof(byte);
-    byte enc[sizeof(vector)];
-    byte resultT[WC_AES_BLOCK_SIZE];
-    byte dec[sizeof(vector)];
-
-    /* Init stack variables. */
-    XMEMSET(&aes, 0, sizeof(Aes));
-    XMEMSET(enc, 0, sizeof(vector));
-    XMEMSET(dec, 0, sizeof(vector));
-    XMEMSET(resultT, 0, WC_AES_BLOCK_SIZE);
-
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte),
-        AES_ENCRYPTION, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesXtsEncrypt(&aes, enc, vector, sizeof(vector), tweak,
-        tweakLen), 0);
-    wc_AesXtsFree(&aes);
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte),
-        AES_DECRYPTION, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesXtsDecrypt(&aes, dec, enc, sizeof(vector), tweak,
-        tweakLen), 0);
-    ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0);
-    wc_AesXtsFree(&aes);
-
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte),
-        AES_ENCRYPTION, NULL, INVALID_DEVID), 0);
-    /* Test bad args for wc_AesXtsEncrypt and wc_AesXtsDecrypt */
-    ExpectIntEQ(wc_AesXtsEncrypt(NULL, enc, vector, sizeof(vector), tweak,
-        tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_AesXtsEncrypt(&aes, NULL, vector, sizeof(vector), tweak,
-        tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_AesXtsEncrypt(&aes, enc, NULL, sizeof(vector), tweak,
-        tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    wc_AesXtsFree(&aes);
-    /* END wc_AesXtsEncrypt */
-
-#ifdef HAVE_AES_DECRYPT
-    ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte),
-        AES_DECRYPTION, NULL, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_AesXtsDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte),
-        tweak, tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_AesXtsDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte),
-        tweak, tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_AesXtsDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte),
-        tweak, tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    wc_AesXtsFree(&aes);
-#endif /* HAVE_AES_DECRYPT */
-#endif
-
-    return EXPECT_RESULT();
-} /* END test_wc_AesXtsEncryptDecrypt */
-
 #if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)

--- a/tests/api/test_aes.h
+++ b/tests/api/test_aes.h
@@ -41,9 +41,6 @@ int test_wc_AesGcmMixedEncDecLongIV(void);
 int test_wc_AesGcmStream(void);
 int test_wc_AesCcmSetKey(void);
 int test_wc_AesCcmEncryptDecrypt(void);
-int test_wc_AesXtsSetKey(void);
-int test_wc_AesXtsEncryptDecrypt_Sizes(void);
-int test_wc_AesXtsEncryptDecrypt(void);
 #if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
 int test_wc_AesEaxVectors(void);
@@ -71,10 +68,7 @@ int test_wc_GmacUpdate(void);
    TEST_DECL_GROUP("aes", test_wc_AesGcmMixedEncDecLongIV),    \
    TEST_DECL_GROUP("aes", test_wc_AesGcmStream),               \
    TEST_DECL_GROUP("aes", test_wc_AesCcmSetKey),               \
-    TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt),       \
-    TEST_DECL_GROUP("aes", test_wc_AesXtsSetKey),               \
-    TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_Sizes), \
-    TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt)
+    TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt)

 #if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
    (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -1038,7 +1038,7 @@ static const bench_alg bench_cipher_opt[] = {
 #ifdef HAVE_AESGCM
    { "-aes-gmac",           BENCH_AES_GMAC          },
 #endif
-#if defined(HAVE_AES_ECB) || (defined(HAVE_FIPS) && defined(WOLFSSL_AES_DIRECT))
+#ifdef WOLFSSL_AES_DIRECT
    { "-aes-ecb",            BENCH_AES_ECB           },
 #endif
 #ifdef WOLFSSL_AES_XTS
@@ -3844,7 +3844,7 @@ static void* benchmarks_do(void* args)
    #endif
    }
 #endif
-#if defined(HAVE_AES_ECB) || (defined(HAVE_FIPS) && defined(WOLFSSL_AES_DIRECT))
+#ifdef HAVE_AES_ECB
    if (bench_all || (bench_cipher_algs & BENCH_AES_ECB)) {
    #ifndef NO_SW_BENCH
        bench_aesecb(0);
@@ -5604,7 +5604,7 @@ void bench_gmac(int useDeviceID)
 #endif /* HAVE_AESGCM */


-#if defined(HAVE_AES_ECB) || (defined(HAVE_FIPS) && defined(WOLFSSL_AES_DIRECT))
+#ifdef HAVE_AES_ECB
 static void bench_aesecb_internal(int useDeviceID,
                                  const byte* key, word32 keySz,
                                  const char* encLabel, const char* decLabel)
@@ -5773,7 +5773,7 @@ void bench_aesecb(int useDeviceID)
                 "AES-256-ECB-enc", "AES-256-ECB-dec");
 #endif
 }
-#endif /* HAVE_AES_ECB || (HAVE_FIPS && WOLFSSL_AES_DIRECT) */
+#endif /* HAVE_AES_ECB */

 #ifdef WOLFSSL_AES_CFB
 static void bench_aescfb_internal(const byte* key,
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
--- a/wolfcrypt/src/port/arm/armv8-aes-asm.S
+++ b/wolfcrypt/src/port/arm/armv8-aes-asm.S
--- a/wolfcrypt/src/port/arm/armv8-aes-asm_c.c
+++ b/wolfcrypt/src/port/arm/armv8-aes-asm_c.c
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -888,74 +888,9 @@ WOLFSSL_API int wc_AesCtsDecryptFinal(Aes* aes, byte* out, word32* outSz);

 #endif

-#if defined(WOLFSSL_ARMASM)
-#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
-WOLFSSL_LOCAL void AES_set_encrypt_key(const unsigned char* key, word32 len,
-    unsigned char* ks);
-WOLFSSL_LOCAL void AES_invert_key(unsigned char* ks, word32 rounds);
-WOLFSSL_LOCAL void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
-    unsigned long len, const unsigned char* ks, int nr);
-WOLFSSL_LOCAL void AES_ECB_decrypt(const unsigned char* in, unsigned char* out,
-    unsigned long len, const unsigned char* ks, int nr);
-WOLFSSL_LOCAL void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
-    unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
-WOLFSSL_LOCAL void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
-    unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
-WOLFSSL_LOCAL void AES_CTR_encrypt(const unsigned char* in, unsigned char* out,
-    unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
-#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
-/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved.
- */
-WOLFSSL_LOCAL void GCM_gmult_len(byte* x, const byte** m,
-    const unsigned char* data, unsigned long len);
-#endif
-WOLFSSL_LOCAL void AES_GCM_encrypt(const unsigned char* in, unsigned char* out,
-    unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
+#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
+    !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)

-#if defined(WOLFSSL_AES_XTS) && defined(__aarch64__)
-WOLFSSL_LOCAL void AES_XTS_encrypt(const byte* in, byte* out, word32 sz,
-    const byte* i, byte* key, byte* key2, byte* tmp, int nr);
-WOLFSSL_LOCAL void AES_XTS_decrypt(const byte* in, byte* out, word32 sz,
-    const byte* i, byte* key, byte* key2, byte* tmp, int nr);
-#endif
-#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */
-
-#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON)
-WOLFSSL_LOCAL void AES_set_encrypt_key_NEON(const unsigned char* key,
-    word32 len, unsigned char* ks);
-WOLFSSL_LOCAL void AES_invert_key_NEON(unsigned char* ks, word32 rounds);
-WOLFSSL_LOCAL void AES_ECB_encrypt_NEON(const unsigned char* in,
-    unsigned char* out, unsigned long len, const unsigned char* ks, int nr);
-WOLFSSL_LOCAL void AES_ECB_decrypt_NEON(const unsigned char* in,
-    unsigned char* out, unsigned long len, const unsigned char* ks, int nr);
-WOLFSSL_LOCAL void AES_CBC_encrypt_NEON(const unsigned char* in,
-    unsigned char* out, unsigned long len, const unsigned char* ks, int nr,
-    unsigned char* iv);
-WOLFSSL_LOCAL void AES_CBC_decrypt_NEON(const unsigned char* in,
-    unsigned char* out, unsigned long len, const unsigned char* ks, int nr,
-    unsigned char* iv);
-WOLFSSL_LOCAL void AES_CTR_encrypt_NEON(const unsigned char* in,
-    unsigned char* out, unsigned long len, const unsigned char* ks, int nr,
-    unsigned char* ctr);
-#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
-/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved.
- */
-WOLFSSL_LOCAL void GCM_gmult_len_NEON(byte* x, const byte* h,
-    const unsigned char* data, unsigned long len);
-#endif
-WOLFSSL_LOCAL void AES_GCM_encrypt_NEON(const unsigned char* in,
-    unsigned char* out, unsigned long len, const unsigned char* ks, int nr,
-    unsigned char* ctr);
-#endif
-
-#ifdef WOLFSSL_AES_XTS
-WOLFSSL_LOCAL void AES_XTS_encrypt_NEON(const byte* in, byte* out, word32 sz,
-    const byte* i, byte* key, byte* key2, byte* tmp, int nr);
-WOLFSSL_LOCAL void AES_XTS_decrypt_NEON(const byte* in, byte* out, word32 sz,
-    const byte* i, byte* key, byte* key2, byte* tmp, int nr);
-#endif /* WOLFSSL_AES_XTS */
-
-#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
 WOLFSSL_LOCAL void AES_set_key_AARCH64(const byte* userKey, int keylen,
    byte* key, int dir);

@@ -1044,7 +979,7 @@ WOLFSSL_LOCAL void AES_GCM_decrypt_final_AARCH64_EOR3(byte* tag,
    const byte* authTag, word32 tbytes, word32 nbytes, word32 abytes, byte* h,
    byte* initCtr, int* res);
 #endif
-#endif /* WOLFSSL_AESGCM_STREAM */
+#endif

 #ifdef WOLFSSL_AES_XTS
 WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(const byte* in, byte* out,
@@ -1052,9 +987,31 @@ WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(const byte* in, byte* out,
 WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH64(const byte* in, byte* out,
    word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr);
 #endif /* WOLFSSL_AES_XTS */
-#endif /* __aarch64__ && !WOLFSSL_ARMASM_NO_HW_CRYPTO */
+#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */

-#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
+WOLFSSL_LOCAL void AES_set_key_AARCH32(const byte* userKey, int keylen,
+    byte* key, int dir);
+
+WOLFSSL_LOCAL void AES_encrypt_AARCH32(const byte* inBlock, byte* outBlock,
+    byte* key, int nr);
+WOLFSSL_LOCAL void AES_decrypt_AARCH32(const byte* inBlock, byte* outBlock,
+    byte* key, int nr);
+WOLFSSL_LOCAL void AES_encrypt_blocks_AARCH32(const byte* in, byte* out,
+    word32 sz, byte* key, int nr);
+#endif
+
+#ifdef WOLFSSL_AES_XTS
+WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(const byte* in, byte* out,
+    word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr);
+WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH64(const byte* in, byte* out,
+    word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr);
+#endif /* WOLFSSL_AES_XTS */
+#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */
+
+#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM)
+#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
 WOLFSSL_LOCAL void AES_set_key_AARCH32(const byte* userKey, int keylen,
    byte* key, int dir);

@@ -1092,8 +1049,30 @@ WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH32(const byte* in, byte* out,
 WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH32(const byte* in, byte* out,
    word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr);
 #endif /* WOLFSSL_AES_XTS */
-#endif /* !__aarch64__ && !WOLFSSL_ARMASM_NO_HW_CRYPTO */
-#endif /* WOLFSSL_ARMASM */
+#else
+WOLFSSL_LOCAL void AES_set_encrypt_key(const unsigned char* key, word32 len,
+    unsigned char* ks);
+WOLFSSL_LOCAL void AES_invert_key(unsigned char* ks, word32 rounds);
+WOLFSSL_LOCAL void AES_ECB_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr);
+WOLFSSL_LOCAL void AES_ECB_decrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr);
+WOLFSSL_LOCAL void AES_CBC_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
+WOLFSSL_LOCAL void AES_CBC_decrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* iv);
+WOLFSSL_LOCAL void AES_CTR_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
+#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT)
+/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved.
+ */
+WOLFSSL_LOCAL void GCM_gmult_len(byte* x, const byte** m,
+    const unsigned char* data, unsigned long len);
+#endif
+WOLFSSL_LOCAL void AES_GCM_encrypt(const unsigned char* in, unsigned char* out,
+    unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr);
+#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */
+#endif

 #ifdef __cplusplus
    } /* extern "C" */