[crypto] Replace AES implementation

Replace the AES implementation from AXTLS with a dedicated iPXE implementation which is slightly smaller and around 1000% faster. This implementation has been verified using the existing self-tests based on the NIST AES test vectors. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-24 15:23:42 +03:00 · 2015-07-25 00:16:32 +01:00
parent cbb07f0ef7
commit 09824eca31
5 changed files with 836 additions and 635 deletions
--- a/src/include/ipxe/aes.h
+++ b/src/include/ipxe/aes.h
@@ -1,30 +1,49 @@
 #ifndef _IPXE_AES_H
 #define _IPXE_AES_H

-FILE_LICENCE ( GPL2_OR_LATER );
+/** @file
+ *
+ * AES algorithm
+ *
+ */

-struct cipher_algorithm;
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );

-/** Basic AES blocksize */
+#include <ipxe/crypto.h>
+
+/** AES blocksize */
 #define AES_BLOCKSIZE 16

-#include "crypto/axtls/crypto.h"
+/** Maximum number of AES rounds */
+#define AES_MAX_ROUNDS 15
+
+/** AES matrix */
+union aes_matrix {
+	/** Viewed as an array of bytes */
+	uint8_t byte[16];
+	/** Viewed as an array of four-byte columns */
+	uint32_t column[4];
+} __attribute__ (( packed ));
+
+/** AES round keys */
+struct aes_round_keys {
+	/** Round keys */
+	union aes_matrix key[AES_MAX_ROUNDS];
+};

 /** AES context */
 struct aes_context {
-	/** AES context for AXTLS */
-	AES_CTX axtls_ctx;
-	/** Cipher is being used for decrypting */
-	int decrypting;
+	/** Encryption keys */
+	struct aes_round_keys encrypt;
+	/** Decryption keys */
+	struct aes_round_keys decrypt;
+	/** Number of rounds */
+	unsigned int rounds;
 };

 /** AES context size */
 #define AES_CTX_SIZE sizeof ( struct aes_context )

-/* AXTLS functions */
-extern void axtls_aes_encrypt ( const AES_CTX *ctx, uint32_t *data );
-extern void axtls_aes_decrypt ( const AES_CTX *ctx, uint32_t *data );
-
 extern struct cipher_algorithm aes_algorithm;
 extern struct cipher_algorithm aes_ecb_algorithm;
 extern struct cipher_algorithm aes_cbc_algorithm;
--- a/src/include/ipxe/errfile.h
+++ b/src/include/ipxe/errfile.h
@@ -264,7 +264,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #define ERRFILE_imgmgmt		      ( ERRFILE_OTHER | 0x00050000 )
 #define ERRFILE_pxe_tftp	      ( ERRFILE_OTHER | 0x00060000 )
 #define ERRFILE_pxe_udp		      ( ERRFILE_OTHER | 0x00070000 )
-#define ERRFILE_axtls_aes	      ( ERRFILE_OTHER | 0x00080000 )
+#define ERRFILE_aes	 	      ( ERRFILE_OTHER | 0x00080000 )
 #define ERRFILE_cipher		      ( ERRFILE_OTHER | 0x00090000 )
 #define ERRFILE_image_cmd	      ( ERRFILE_OTHER | 0x000a0000 )
 #define ERRFILE_uri_test	      ( ERRFILE_OTHER | 0x000b0000 )