riscv: Use the optimized rvv AES-128/192/256-CBC.

Replace old CBC implementation with optimized AES-128/192/256-CBC in
this patch.

Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)

diff --git a/include/crypto/aes_platform.h b/include/crypto/aes_platform.h
index 2c34fd71717e29ab0f3e5c67da64e844d8597cf7..d76ea937bbcb101290ad264d026a58d53ca6f318 100644 (file)
--- a/include/crypto/aes_platform.h
+++ b/include/crypto/aes_platform.h
@@ -454,6 +454,13 @@ void rv64i_zvkned_encrypt(const unsigned char *in, unsigned char *out,
 void rv64i_zvkned_decrypt(const unsigned char *in, unsigned char *out,
                           const AES_KEY *key);
 
+void rv64i_zvkned_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t length, const AES_KEY *key,
+                              unsigned char *ivec, const int enc);
+
+void rv64i_zvkned_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                              size_t length, const AES_KEY *key,
+                              unsigned char *ivec, const int enc);
 # elif defined(OPENSSL_CPUID_OBJ) && defined(__riscv) && __riscv_xlen == 32
 /* RISC-V 32 support */
 #  include "riscv_arch.h"

diff --git a/providers/implementations/ciphers/cipher_aes_hw_rv64i.inc b/providers/implementations/ciphers/cipher_aes_hw_rv64i.inc
index 2761905ee064f729d57975427bfe2e5496c8c11a..c7e1c035c71b2f9bcfb9e0312ee249bb20c8f40a 100644 (file)
--- a/providers/implementations/ciphers/cipher_aes_hw_rv64i.inc
+++ b/providers/implementations/ciphers/cipher_aes_hw_rv64i.inc
@@ -71,31 +71,34 @@ static int cipher_hw_rv64i_zvkned_initkey(PROV_CIPHER_CTX *dat,
 
     dat->ks = ks;
 
-    /* Zvkned only supports 128 and 256 bit keys for key schedule generation. */
+    /*
+     * Zvkned only supports 128 and 256 bit keys for key schedule generation.
+     * For AES-192 case, we could fallback to `AES_set_encrypt_key`.
+     * All Zvkned-based implementations use the same `encrypt-key` scheduling
+     * for both encryption and decryption.
+     */
     if (keylen * 8 == 128 || keylen * 8 == 256) {
-        if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
-            && !dat->enc) {
-            ret = rv64i_zvkned_set_decrypt_key(key, keylen * 8, ks);
-            dat->block = (block128_f) rv64i_zvkned_decrypt;
-            dat->stream.cbc = NULL;
-        } else {
-            ret = rv64i_zvkned_set_encrypt_key(key, keylen * 8, ks);
-            dat->block = (block128_f) rv64i_zvkned_encrypt;
-            dat->stream.cbc = NULL;
-        }
+        ret = rv64i_zvkned_set_encrypt_key(key, keylen * 8, ks);
     } else {
-        if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE)
-            && !dat->enc) {
-            ret = AES_set_encrypt_key(key, keylen * 8, ks);
-            dat->block = (block128_f) rv64i_zvkned_decrypt;
-            dat->stream.cbc = NULL;
+        ret = AES_set_encrypt_key(key, keylen * 8, ks);
+    }
+
+    if (dat->mode == EVP_CIPH_CBC_MODE) {
+        if (dat->enc) {
+            dat->stream.cbc = (cbc128_f) rv64i_zvkned_cbc_encrypt;
         } else {
-            ret = AES_set_encrypt_key(key, keylen * 8, ks);
-            dat->block = (block128_f) rv64i_zvkned_encrypt;
-            dat->stream.cbc = NULL;
+            dat->stream.cbc = (cbc128_f) rv64i_zvkned_cbc_decrypt;
         }
     }
 
+    /* Zvkned supports aes-128/192/256 encryption and decryption. */
+    if ((dat->mode == EVP_CIPH_ECB_MODE || dat->mode == EVP_CIPH_CBC_MODE) &&
+        !dat->enc) {
+        dat->block = (block128_f) rv64i_zvkned_decrypt;
+    } else {
+        dat->block = (block128_f) rv64i_zvkned_encrypt;
+    }
+
     if (ret < 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SETUP_FAILED);
         return 0;