From 3393dafe828cde064d3bfd312016fbdaba840c41 Mon Sep 17 00:00:00 2001 From: Juan Carrano Date: Tue, 16 Oct 2018 18:12:39 +0200 Subject: [PATCH] sys/crypto: configure AES via pseudomodules. USEMODULE += crypto_aes_precalculated enables the precalculated T tables (the old code). USEMODULE += crypto_aes_unroll causes loops to be unrolled. --- makefiles/pseudomodules.inc.mk | 5 +++++ sys/crypto/aes.c | 32 ++++++++++++++++---------------- sys/crypto/doc.txt | 7 +++++++ sys/include/crypto/aes.h | 5 ----- 4 files changed, 28 insertions(+), 21 deletions(-) diff --git a/makefiles/pseudomodules.inc.mk b/makefiles/pseudomodules.inc.mk index 67b90547b1..6a4551ad06 100644 --- a/makefiles/pseudomodules.inc.mk +++ b/makefiles/pseudomodules.inc.mk @@ -127,4 +127,9 @@ PSEUDOMODULES += skald_eddystone # define optimized read function of DS18 driver as a pseudo module PSEUDOMODULES += ds18_optimized +# By using this pseudomodule, T tables will be precalculated. +PSEUDOMODULES += crypto_aes_precalculated +# This pseudomodule causes a loop in AES to be unrolled (more flash, less CPU) +PSEUDOMODULES += crypto_aes_unroll + # Packages may also add modules to PSEUDOMODULES in their `Makefile.include`. diff --git a/sys/crypto/aes.c b/sys/crypto/aes.c index 221bb9747e..c8809640c7 100644 --- a/sys/crypto/aes.c +++ b/sys/crypto/aes.c @@ -119,13 +119,13 @@ static const u32 Te0[256] = { 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, }; -#if defined(AES_CALCULATE_TABLES) +#ifndef MODULE_CRYPTO_AES_PRECALCULATED #define Te0(n) (Te0[n]) #define Te1(n) ((Te0[n] >> 8) | (Te0[n] << 24)) #define Te2(n) ((Te0[n] >> 16) | (Te0[n] << 16)) #define Te3(n) ((Te0[n] >> 24) | (Te0[n] << 8)) #define Te4(n) (((Te0[n] & 0x00FFFF00) >> 8) | ((Te0[n] & 0x00FFFF00) << 8)) -#else +#else /* MODULE_CRYPTO_AES_PRECALCULATED */ #define Te0(n) (Te0[n]) #define Te1(n) (Te1[n]) #define Te2(n) (Te2[n]) @@ -397,7 +397,7 @@ static const u32 Te4[256] = { 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, }; -#endif /* AES_CALCULATE_TABLES */ +#endif /* MODULE_CRYPTO_AES_PRECALCULATED */ static const u32 Td0[256] = { 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, @@ -466,7 +466,7 @@ static const u32 Td0[256] = { 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, }; -#if defined(AES_CALCULATE_TABLES) +#ifndef MODULE_CRYPTO_AES_PRECALCULATED #define Td0(n) (Td0[n]) #define Td1(n) ((Td0[n] >> 8) | (Td0[n] << 24)) #define Td2(n) ((Td0[n] >> 16) | (Td0[n] << 16)) @@ -779,7 +779,7 @@ static const u32 Td4[256] = { 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, }; -#endif /* AES_CALCULATE_TABLES */ +#endif /* MODULE_CRYPTO_AES_PRECALCULATED */ /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ static const u32 rcon[] = { @@ -975,7 +975,7 @@ static int aes_set_decrypt_key(const unsigned char *userKey, const int bits, **/ for (i = 1; i < (key->rounds); i++) { rk += 4; -#ifdef FULL_UNROLL +#ifdef MODULE_CRYPTO_AES_UNROLL rk[0] = Td0(Te4((rk[0] >> 24) ) & 0xff) ^ Td1(Te4((rk[0] >> 16) & 0xff) & 0xff) ^ @@ -1030,9 +1030,9 @@ int aes_encrypt(const cipher_context_t *context, const uint8_t *plainBlock, const u32 *rk; u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL +#ifndef MODULE_CRYPTO_AES_UNROLL int r; -#endif /* ?FULL_UNROLL */ +#endif /* ?MODULE_CRYPTO_AES_UNROLL */ rk = key->rd_key; @@ -1044,7 +1044,7 @@ int aes_encrypt(const cipher_context_t *context, const uint8_t *plainBlock, s1 = GETU32(plainBlock + 4) ^ rk[1]; s2 = GETU32(plainBlock + 8) ^ rk[2]; s3 = GETU32(plainBlock + 12) ^ rk[3]; -#ifdef FULL_UNROLL +#ifdef MODULE_CRYPTO_AES_UNROLL /* round 1: */ t0 = Te0(s0 >> 24) ^ Te1((s1 >> 16) & 0xff) ^ Te2((s2 >> 8) & 0xff) ^ Te3(s3 & 0xff) ^ rk[ 4]; @@ -1170,7 +1170,7 @@ int aes_encrypt(const cipher_context_t *context, const uint8_t *plainBlock, } rk += key->rounds << 2; -#else /* !FULL_UNROLL */ +#else /* !MODULE_CRYPTO_AES_UNROLL */ /* * Nr - 1 full rounds: */ @@ -1234,7 +1234,7 @@ int aes_encrypt(const cipher_context_t *context, const uint8_t *plainBlock, rk[3]; } -#endif /* ?FULL_UNROLL */ +#endif /* ?MODULE_CRYPTO_AES_UNROLL */ /* * apply last round and * map cipher state to byte array block: @@ -1290,9 +1290,9 @@ int aes_decrypt(const cipher_context_t *context, const uint8_t *cipherBlock, const u32 *rk; u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL +#ifndef MODULE_CRYPTO_AES_UNROLL int r; -#endif /* ?FULL_UNROLL */ +#endif /* ?MODULE_CRYPTO_AES_UNROLL */ rk = key->rd_key; @@ -1304,7 +1304,7 @@ int aes_decrypt(const cipher_context_t *context, const uint8_t *cipherBlock, s1 = GETU32(cipherBlock + 4) ^ rk[1]; s2 = GETU32(cipherBlock + 8) ^ rk[2]; s3 = GETU32(cipherBlock + 12) ^ rk[3]; -#ifdef FULL_UNROLL +#ifdef MODULE_CRYPTO_AES_UNROLL /* round 1: */ t0 = Td0(s0 >> 24) ^ Td1((s3 >> 16) & 0xff) ^ Td2((s2 >> 8) & 0xff) ^ Td3(s1 & 0xff) ^ rk[ 4]; @@ -1430,7 +1430,7 @@ int aes_decrypt(const cipher_context_t *context, const uint8_t *cipherBlock, } rk += key->rounds << 2; -#else /* !FULL_UNROLL */ +#else /* !MODULE_CRYPTO_AES_UNROLL */ /* * Nr - 1 full rounds: */ @@ -1494,7 +1494,7 @@ int aes_decrypt(const cipher_context_t *context, const uint8_t *cipherBlock, rk[3]; } -#endif /* ?FULL_UNROLL */ +#endif /* ?MODULE_CRYPTO_AES_UNROLL */ /* * apply last round and * map cipher state to byte array block: diff --git a/sys/crypto/doc.txt b/sys/crypto/doc.txt index d2caee80cf..707e238827 100644 --- a/sys/crypto/doc.txt +++ b/sys/crypto/doc.txt @@ -47,6 +47,13 @@ * * @endcode * + * Some aspects of the AES implementation can be fine tuned by pseudo-modules: + * * crypto_aes_precalculated: Use pre-calculated T-tables. This improved + * speed at the expense of increased program size. The default is to + * calculate most tables on the fly. + * * crypto_aes_unroll: enable manually-unrolled loops. The default is to not + * have them unrolled. + * * If you need to encrypt data of arbitrary size take a look at the different * operation modes like: CBC, CTR or CCM. * diff --git a/sys/include/crypto/aes.h b/sys/include/crypto/aes.h index 31b56ce7e6..b8756b10ce 100644 --- a/sys/include/crypto/aes.h +++ b/sys/include/crypto/aes.h @@ -37,11 +37,6 @@ typedef uint32_t u32; typedef uint16_t u16; typedef uint8_t u8; -/* This controls AES table calculation on the fly */ -#define AES_CALCULATE_TABLES - -/* This controls loop-unrolling in aes_core.c */ -#undef FULL_UNROLL # define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) # define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \