commit dfb6015ca79a9fee28f7fcb0af7e350a83574b83
author Markku-Juhani O. Saarinen <mjos@mjos.fi> Mon Nov 20 14:58:41 2017 +0000
committer Hanno Becker <hanno.becker@arm.com> Mon Sep 07 12:02:41 2020 +0100
tree 25a101ce38013fb56e7f63a173dbb95f8046d708
parent 853f9bd65e80f00e939ed72052e5c2e117dcac5c

Implements AES and GCM with ARMv8 Crypto Extensions

A compact patch that provides AES and GCM implementations that utilize the
ARMv8 Crypto Extensions. The config flag is MBEDTLS_ARMV8CE_AES_C, which
is disabled by default as we don't do runtime checking for the feature.
The new implementation lives in armv8ce_aes.c.

Provides similar functionality to https://github.com/ARMmbed/mbedtls/pull/432
Thanks to Barry O'Rourke and others for that contribtion.

Tested on a Cortex A53 device and QEMU. On a midrange phone the real AES-GCM
throughput increases about 4x, while raw AES speed is up to 10x faster.

When cross-compiling, you want to set something like:

  export CC='aarch64-linux-gnu-gcc'
  export CFLAGS='-Ofast -march=armv8-a+crypto'
  scripts/config.pl set MBEDTLS_ARMV8CE_AES_C

QEMU seems to also need

  export LDFLAGS='-static'

Then run normal make or cmake etc.

include/mbedtls/armv8ce_aes.h

diff --git a/include/mbedtls/armv8ce_aes.h b/include/mbedtls/armv8ce_aes.h
new file mode 100644
index 0000000..a58ddc0
--- /dev/null
+++ b/include/mbedtls/armv8ce_aes.h
@@ -0,0 +1,60 @@
+/**
+ * \file armv8ce_aes.h
+ *
+ * \brief ARMv8 Cryptography Extensions -- Optimized code for AES and GCM
+ *
+ *  Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef MBEDTLS_ARMV8CE_AES_H
+#define MBEDTLS_ARMV8CE_AES_H
+
+#include "aes.h"
+
+/**
+ * \brief          [ARMv8 Crypto Extensions] AES-ECB block en(de)cryption
+ *
+ * \param ctx      AES context
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
+ * \param input    16-byte input block
+ * \param output   16-byte output block
+ *
+ * \return         0 on success (cannot fail)
+ */
+
+int mbedtls_armv8ce_aes_crypt_ecb( mbedtls_aes_context *ctx,
+                                   int mode,
+                                   const unsigned char input[16],
+                                   unsigned char output[16] );
+
+/**
+ * \brief          [ARMv8 Crypto Extensions]  Multiply in GF(2^128) for GCM
+ *
+ * \param c        Result
+ * \param a        First operand
+ * \param b        Second operand
+ *
+ * \note           Both operands and result are bit strings interpreted as
+ *                 elements of GF(2^128) as per the GCM spec.
+ */
+
+void mbedtls_armv8ce_gcm_mult( unsigned char c[16],
+                               const unsigned char a[16],
+                               const unsigned char b[16] );
+
+#endif /* MBEDTLS_ARMV8CE_AES_H */