Reword hardware support for AES-GCM.
This is currently called "aesni", but a following change will add
support on Aarch64. This change thus makes the naming more generic.
Change-Id: I6acb135a91e61570ea250f2f4133b47f11cd51ad
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55865
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/modes/gcm.c b/crypto/fipsmodule/modes/gcm.c
index 1a77ec0..a268bff 100644
--- a/crypto/fipsmodule/modes/gcm.c
+++ b/crypto/fipsmodule/modes/gcm.c
@@ -132,6 +132,20 @@
(*gcm_ghash_p)((ctx)->Xi.u, (ctx)->gcm_key.Htable, in, len)
#endif // GCM_FUNCREF
+#if defined(HW_GCM) && defined(OPENSSL_X86_64)
+static size_t hw_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len,
+ const AES_KEY *key, uint8_t ivec[16],
+ uint64_t *Xi) {
+ return aesni_gcm_encrypt(in, out, len, key, ivec, Xi);
+}
+
+static size_t hw_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,
+ const AES_KEY *key, uint8_t ivec[16],
+ uint64_t *Xi) {
+ return aesni_gcm_decrypt(in, out, len, key, ivec, Xi);
+}
+#endif // HW_GCM && X86_64
+
void CRYPTO_ghash_init(gmult_func *out_mult, ghash_func *out_hash,
u128 *out_key, u128 out_table[16], int *out_is_avx,
const uint8_t gcm_key[16]) {
@@ -217,7 +231,7 @@
CRYPTO_ghash_init(&gcm_key->gmult, &gcm_key->ghash, &gcm_key->H,
gcm_key->Htable, &is_avx, ghash_key);
- gcm_key->use_aesni_gcm_crypt = (is_avx && block_is_hwaes) ? 1 : 0;
+ gcm_key->use_hw_gcm_crypt = (is_avx && block_is_hwaes) ? 1 : 0;
}
void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const AES_KEY *key,
@@ -544,12 +558,12 @@
}
}
-#if defined(AESNI_GCM)
+#if defined(HW_GCM)
// Check |len| to work around a C language bug. See https://crbug.com/1019588.
- if (ctx->gcm_key.use_aesni_gcm_crypt && len > 0) {
- // |aesni_gcm_encrypt| may not process all the input given to it. It may
+ if (ctx->gcm_key.use_hw_gcm_crypt && len > 0) {
+ // |hw_gcm_encrypt| may not process all the input given to it. It may
// not process *any* of its input if it is deemed too small.
- size_t bulk = aesni_gcm_encrypt(in, out, len, key, ctx->Yi.c, ctx->Xi.u);
+ size_t bulk = hw_gcm_encrypt(in, out, len, key, ctx->Yi.c, ctx->Xi.u);
in += bulk;
out += bulk;
len -= bulk;
@@ -632,12 +646,12 @@
}
}
-#if defined(AESNI_GCM)
+#if defined(HW_GCM)
// Check |len| to work around a C language bug. See https://crbug.com/1019588.
- if (ctx->gcm_key.use_aesni_gcm_crypt && len > 0) {
- // |aesni_gcm_decrypt| may not process all the input given to it. It may
+ if (ctx->gcm_key.use_hw_gcm_crypt && len > 0) {
+ // |hw_gcm_decrypt| may not process all the input given to it. It may
// not process *any* of its input if it is deemed too small.
- size_t bulk = aesni_gcm_decrypt(in, out, len, key, ctx->Yi.c, ctx->Xi.u);
+ size_t bulk = hw_gcm_decrypt(in, out, len, key, ctx->Yi.c, ctx->Xi.u);
in += bulk;
out += bulk;
len -= bulk;
diff --git a/crypto/fipsmodule/modes/internal.h b/crypto/fipsmodule/modes/internal.h
index 0164aac..3cdface 100644
--- a/crypto/fipsmodule/modes/internal.h
+++ b/crypto/fipsmodule/modes/internal.h
@@ -136,9 +136,9 @@
block128_f block;
- // use_aesni_gcm_crypt is true if this context should use the assembly
- // functions |aesni_gcm_encrypt| and |aesni_gcm_decrypt| to process data.
- unsigned use_aesni_gcm_crypt:1;
+ // use_hw_gcm_crypt is true if this context should use platform-specific
+ // assembly to process GCM data.
+ unsigned use_hw_gcm_crypt:1;
} GCM128_KEY;
// GCM128_CONTEXT contains state for a single GCM operation. The structure
@@ -267,7 +267,7 @@
void gcm_ghash_avx(uint64_t Xi[2], const u128 Htable[16], const uint8_t *in,
size_t len);
-#define AESNI_GCM
+#define HW_GCM
size_t aesni_gcm_encrypt(const uint8_t *in, uint8_t *out, size_t len,
const AES_KEY *key, uint8_t ivec[16], uint64_t *Xi);
size_t aesni_gcm_decrypt(const uint8_t *in, uint8_t *out, size_t len,