On 8/18/21 4:30 PM, [email protected] wrote:
> From: Anton Ivanov <[email protected]>
>
> This allows to leverage the openssl implementation which can use
> hardware crypto on supported platforms.
>
> UUID generation speed is improved by ~ 12% on an AMD Ryzen with
> support for AES instructions.
>
> Signed-off-by: Anton Ivanov <[email protected]>
Hi, Anton.
Thanks for working on this. The problem with this implementation
is that we're loosing unit-tests for our own AES library.
I think, we still need to test it (i.e. by tests/aes128.at). And we
need to test that we're invoking openssl correctly in the same
testsuite. Would be great to avoid extra CI job for --disable-ssl
case.
Few comments inline.
Best regards, Ilya Maximets.
> ---
> lib/aes128.c | 34 ++++++++++++++++++++++++++++++++++
> lib/aes128.h | 16 ++++++++++++++++
> 2 files changed, 50 insertions(+)
>
> diff --git a/lib/aes128.c b/lib/aes128.c
> index 98447d14b..207925b58 100644
> --- a/lib/aes128.c
> +++ b/lib/aes128.c
> @@ -28,6 +28,39 @@
>
> #include "util.h"
>
> +#ifdef HAVE_OPENSSL
> +
> +
> +
Too much empty space.
> +#include <openssl/conf.h>
> +#include <openssl/evp.h>
> +#include <openssl/err.h>
> +#include <string.h>
> +#include "entropy.h"
> +#include "openvswitch/vlog.h"
> +
> +VLOG_DEFINE_THIS_MODULE(aes);
> +
> +void aes128_schedule(struct aes128 *aes, const uint8_t key[16])
> +{
> + uint8_t iv[16];
> + aes->ctx = EVP_CIPHER_CTX_new();
> + memset(iv, 0, sizeof iv);
> + if (EVP_EncryptInit_ex(aes->ctx, EVP_aes_128_cbc(), NULL, key, iv) != 1)
> {
> + VLOG_FATAL("Encryption init failed");
Would be great to have a better error message here, explaining
what happened in a bit more details.
> + }
> +}
> +
> +void aes128_encrypt(const struct aes128 *aes, const void *plain, void
> *cipher)
> +{
> + int len;
> + if (1 != EVP_EncryptUpdate(aes->ctx, cipher, &len, plain, 16)) {
> + VLOG_FATAL("Encryption failed");
Same here.
> + }
> +}
> +
> +#else
> +
> static const uint32_t Te0[256] = {
> 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
> 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
> @@ -507,3 +540,4 @@ aes128_encrypt(const struct aes128 *aes, const void
> *input_, void *output_)
> ^ rk[3]);
> put_u32(output + 12, s3);
> }
> +#endif
> diff --git a/lib/aes128.h b/lib/aes128.h
> index f0f55d7cf..efa71c764 100644
> --- a/lib/aes128.h
> +++ b/lib/aes128.h
> @@ -25,12 +25,28 @@
> #ifndef AES128_H
> #define AES128_H
>
> +#include <config.h>
Header files should not include config.h.
> #include <stdint.h>
>
> +#ifdef HAVE_OPENSSL
> +
> +#include <openssl/conf.h>
> +#include <openssl/evp.h>
> +#include <openssl/err.h>
> +#include <string.h>
> +
> +struct aes128 {
> + EVP_CIPHER_CTX *ctx;
> +};
> +
> +#else
> +
> struct aes128 {
> uint32_t rk[128/8 + 28];
> };
>
> +#endif
> +
> void aes128_schedule(struct aes128 *, const uint8_t key[16]);
> void aes128_encrypt(const struct aes128 *, const void *, void *);
>
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
