RIOT-OS/RIOT
RIOT-OS/RIOT
1
0
Fork 0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2025-01-17 04:52:59 +01:00
Code Releases Activity

sys/crypto: configure AES via pseudomodules.

Browse Source 
USEMODULE += crypto_aes_precalculated enables the precalculated T tables (the old
code).
USEMODULE += crypto_aes_unroll causes loops to be unrolled.
This commit is contained in:
Juan Carrano 2018-10-16 18:12:39 +02:00
parent 05fe168a1e
commit 3393dafe82
4 changed files with 28 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
makefiles/pseudomodules.inc.mk
View File

@ -127,4 +127,9 @@ PSEUDOMODULES += skald_eddystone
# define optimized read function of DS18 driver as a pseudo module
PSEUDOMODULES += ds18_optimized
# By using this pseudomodule, T tables will be precalculated.
PSEUDOMODULES += crypto_aes_precalculated
# This pseudomodule causes a loop in AES to be unrolled (more flash, less CPU)
PSEUDOMODULES += crypto_aes_unroll
# Packages may also add modules to PSEUDOMODULES in their `Makefile.include`.

32
sys/crypto/aes.c
View File

@ -119,13 +119,13 @@ static const u32 Te0[256] = {
0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
};
#if defined(AES_CALCULATE_TABLES)
#ifndef MODULE_CRYPTO_AES_PRECALCULATED
#define Te0(n) (Te0[n])
#define Te1(n) ((Te0[n] >> 8) | (Te0[n] << 24))
#define Te2(n) ((Te0[n] >> 16) | (Te0[n] << 16))
#define Te3(n) ((Te0[n] >> 24) | (Te0[n] << 8))
#define Te4(n) (((Te0[n] & 0x00FFFF00) >> 8) | ((Te0[n] & 0x00FFFF00) << 8))
#else
#else /* MODULE_CRYPTO_AES_PRECALCULATED */
#define Te0(n) (Te0[n])
#define Te1(n) (Te1[n])
#define Te2(n) (Te2[n])
@ -397,7 +397,7 @@ static const u32 Te4[256] = {
0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
};
#endif /* AES_CALCULATE_TABLES */
#endif /* MODULE_CRYPTO_AES_PRECALCULATED */
static const u32 Td0[256] = {
0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
@ -466,7 +466,7 @@ static const u32 Td0[256] = {
0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
};
#if defined(AES_CALCULATE_TABLES)
#ifndef MODULE_CRYPTO_AES_PRECALCULATED
#define Td0(n) (Td0[n])
#define Td1(n) ((Td0[n] >> 8) | (Td0[n] << 24))
#define Td2(n) ((Td0[n] >> 16) | (Td0[n] << 16))
@ -779,7 +779,7 @@ static const u32 Td4[256] = {
0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
};
#endif /* AES_CALCULATE_TABLES */
#endif /* MODULE_CRYPTO_AES_PRECALCULATED */
/* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
static const u32 rcon[] = {
@ -975,7 +975,7 @@ static int aes_set_decrypt_key(const unsigned char *userKey, const int bits,
**/
for (i = 1; i < (key->rounds); i++) {
rk += 4;
#ifdef FULL_UNROLL
#ifdef MODULE_CRYPTO_AES_UNROLL
rk[0] =
Td0(Te4((rk[0] >> 24) ) & 0xff) ^
Td1(Te4((rk[0] >> 16) & 0xff) & 0xff) ^
@ -1030,9 +1030,9 @@ int aes_encrypt(const cipher_context_t *context, const uint8_t *plainBlock,
const u32 *rk;
u32 s0, s1, s2, s3, t0, t1, t2, t3;
#ifndef FULL_UNROLL
#ifndef MODULE_CRYPTO_AES_UNROLL
int r;
#endif /* ?FULL_UNROLL */
#endif /* ?MODULE_CRYPTO_AES_UNROLL */
rk = key->rd_key;
@ -1044,7 +1044,7 @@ int aes_encrypt(const cipher_context_t *context, const uint8_t *plainBlock,
s1 = GETU32(plainBlock + 4) ^ rk[1];
s2 = GETU32(plainBlock + 8) ^ rk[2];
s3 = GETU32(plainBlock + 12) ^ rk[3];
#ifdef FULL_UNROLL
#ifdef MODULE_CRYPTO_AES_UNROLL
/* round 1: */
t0 = Te0(s0 >> 24) ^ Te1((s1 >> 16) & 0xff) ^ Te2((s2 >> 8) & 0xff) ^
Te3(s3 & 0xff) ^ rk[ 4];
@ -1170,7 +1170,7 @@ int aes_encrypt(const cipher_context_t *context, const uint8_t *plainBlock,
}
rk += key->rounds << 2;
#else /* !FULL_UNROLL */
#else /* !MODULE_CRYPTO_AES_UNROLL */
/*
* Nr - 1 full rounds:
*/
@ -1234,7 +1234,7 @@ int aes_encrypt(const cipher_context_t *context, const uint8_t *plainBlock,
rk[3];
}
#endif /* ?FULL_UNROLL */
#endif /* ?MODULE_CRYPTO_AES_UNROLL */
/*
* apply last round and
* map cipher state to byte array block:
@ -1290,9 +1290,9 @@ int aes_decrypt(const cipher_context_t *context, const uint8_t *cipherBlock,
const u32 *rk;
u32 s0, s1, s2, s3, t0, t1, t2, t3;
#ifndef FULL_UNROLL
#ifndef MODULE_CRYPTO_AES_UNROLL
int r;
#endif /* ?FULL_UNROLL */
#endif /* ?MODULE_CRYPTO_AES_UNROLL */
rk = key->rd_key;
@ -1304,7 +1304,7 @@ int aes_decrypt(const cipher_context_t *context, const uint8_t *cipherBlock,
s1 = GETU32(cipherBlock + 4) ^ rk[1];
s2 = GETU32(cipherBlock + 8) ^ rk[2];
s3 = GETU32(cipherBlock + 12) ^ rk[3];
#ifdef FULL_UNROLL
#ifdef MODULE_CRYPTO_AES_UNROLL
/* round 1: */
t0 = Td0(s0 >> 24) ^ Td1((s3 >> 16) & 0xff) ^ Td2((s2 >> 8) & 0xff) ^
Td3(s1 & 0xff) ^ rk[ 4];
@ -1430,7 +1430,7 @@ int aes_decrypt(const cipher_context_t *context, const uint8_t *cipherBlock,
}
rk += key->rounds << 2;
#else /* !FULL_UNROLL */
#else /* !MODULE_CRYPTO_AES_UNROLL */
/*
* Nr - 1 full rounds:
*/
@ -1494,7 +1494,7 @@ int aes_decrypt(const cipher_context_t *context, const uint8_t *cipherBlock,
rk[3];
}
#endif /* ?FULL_UNROLL */
#endif /* ?MODULE_CRYPTO_AES_UNROLL */
/*
* apply last round and
* map cipher state to byte array block:

7
sys/crypto/doc.txt
View File

@ -47,6 +47,13 @@
*
* @endcode
*
* Some aspects of the AES implementation can be fine tuned by pseudo-modules:
* * crypto_aes_precalculated: Use pre-calculated T-tables. This improved
* speed at the expense of increased program size. The default is to
* calculate most tables on the fly.
* * crypto_aes_unroll: enable manually-unrolled loops. The default is to not
* have them unrolled.
*
* If you need to encrypt data of arbitrary size take a look at the different
* operation modes like: CBC, CTR or CCM.
*

5
sys/include/crypto/aes.h
View File

@ -37,11 +37,6 @@ typedef uint32_t u32;
typedef uint16_t u16;
typedef uint8_t u8;
/* This controls AES table calculation on the fly */
#define AES_CALCULATE_TABLES
/* This controls loop-unrolling in aes_core.c */
#undef FULL_UNROLL
# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \