From 5f09d0ecc2ad6b7b90e358460ef82d17ae2abb15 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sun, 13 May 2007 12:57:59 +0000 Subject: [PATCH] AES IGE mode speedup. --- CHANGES | 3 ++ apps/speed.c | 64 +++++++++++++++++++++++++++++++-- crypto/aes/aes_ige.c | 85 ++++++++++++++++++++++++++++---------------- test/igetest.c | 17 +++++++++ 4 files changed, 135 insertions(+), 34 deletions(-) diff --git a/CHANGES b/CHANGES index ae84e24066..03b2c5a619 100644 --- a/CHANGES +++ b/CHANGES @@ -501,6 +501,9 @@ Changes between 0.9.8e and 0.9.8f [xx XXX xxxx] + *) AES IGE mode speedup. + [Dean Gaudet (Google)] + *) Add the Korean symmetric 128-bit cipher SEED (see http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and add SEED ciphersuites from RFC 4162: diff --git a/apps/speed.c b/apps/speed.c index 0a84c61aa0..4447f73c49 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -204,7 +204,7 @@ static void print_result(int alg,int run_no,int count,double time_used); static int do_multi(int multi); #endif -#define ALGOR_NUM 26 +#define ALGOR_NUM 29 #define SIZE_NUM 5 #define RSA_NUM 4 #define DSA_NUM 3 @@ -218,7 +218,8 @@ static const char *names[ALGOR_NUM]={ "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc", "aes-128 cbc","aes-192 cbc","aes-256 cbc", "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc", - "evp","sha256","sha512","whirlpool"}; + "evp","sha256","sha512","whirlpool", + "aes-128 ige","aes-192 ige","aes-256 ige"}; static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; static double rsa_results[RSA_NUM][2]; @@ -455,6 +456,9 @@ int MAIN(int argc, char **argv) #define D_SHA256 23 #define D_SHA512 24 #define D_WHIRLPOOL 25 +#define D_IGE_128_AES 26 +#define D_IGE_192_AES 27 +#define D_IGE_256_AES 28 double d=0.0; long c[ALGOR_NUM][SIZE_NUM]; #define R_DSA_512 0 @@ -799,7 +803,10 @@ int MAIN(int argc, char **argv) if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1; else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1; else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1; - else + else if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1; + else if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1; + else if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1; + else #endif #ifndef OPENSSL_NO_CAMELLIA if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1; @@ -1023,6 +1030,7 @@ int MAIN(int argc, char **argv) #endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc "); + BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige "); #endif #ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err,"\n"); @@ -1237,6 +1245,9 @@ int MAIN(int argc, char **argv) c[D_SHA256][0]=count; c[D_SHA512][0]=count; c[D_WHIRLPOOL][0]=count; + c[D_IGE_128_AES][0]=count; + c[D_IGE_192_AES][0]=count; + c[D_IGE_256_AES][0]=count; for (i=1; i= AES_BLOCK_SIZE) + while (len) { + load_block(tmp, in); /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */ /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */ - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] = in[n] ^ iv[n]; + for(n=0 ; n < N_WORDS; ++n) + tmp2.data[n] = tmp.data[n] ^ iv.data[n]; /* hexdump(stdout, "in ^ iv", out, AES_BLOCK_SIZE); */ - AES_encrypt(out, out, key); + AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key); /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */ /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */ - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] ^= iv2[n]; + for(n=0 ; n < N_WORDS; ++n) + tmp2.data[n] ^= iv2.data[n]; + store_block(out, tmp2); /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */ - iv = out; - memcpy(prev, in, AES_BLOCK_SIZE); - iv2 = prev; - len -= AES_BLOCK_SIZE; + iv = tmp2; + iv2 = tmp; + --len; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - memcpy(ivec, iv, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE); + memcpy(ivec, iv.data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); } else { - while (len >= AES_BLOCK_SIZE) + while (len) { - memcpy(tmp, in, AES_BLOCK_SIZE); - memcpy(tmp2, in, AES_BLOCK_SIZE); + load_block(tmp, in); + tmp2 = tmp; /* hexdump(stdout, "in", in, AES_BLOCK_SIZE); */ /* hexdump(stdout, "iv2", iv2, AES_BLOCK_SIZE); */ - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - tmp[n] ^= iv2[n]; + for(n=0 ; n < N_WORDS; ++n) + tmp.data[n] ^= iv2.data[n]; /* hexdump(stdout, "in ^ iv2", tmp, AES_BLOCK_SIZE); */ - AES_decrypt(tmp, out, key); + AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key); /* hexdump(stdout, "dec", out, AES_BLOCK_SIZE); */ - /* hexdump(stdout, "iv", ivec, AES_BLOCK_SIZE); */ - for(n=0 ; n < AES_BLOCK_SIZE ; ++n) - out[n] ^= ivec[n]; + /* hexdump(stdout, "iv", iv, AES_BLOCK_SIZE); */ + for(n=0 ; n < N_WORDS; ++n) + tmp.data[n] ^= iv.data[n]; + store_block(out, tmp); /* hexdump(stdout, "out", out, AES_BLOCK_SIZE); */ - memcpy(ivec, tmp2, AES_BLOCK_SIZE); - iv2 = out; - len -= AES_BLOCK_SIZE; + iv = tmp2; + iv2 = tmp; + --len; in += AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } - memcpy(ivec + AES_BLOCK_SIZE, iv2, AES_BLOCK_SIZE); + memcpy(ivec, iv.data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); } } diff --git a/test/igetest.c b/test/igetest.c index d93428f42b..17a4e4d208 100644 --- a/test/igetest.c +++ b/test/igetest.c @@ -218,6 +218,23 @@ static int run_test_vectors(void) hexdump(stdout, "expected", v->out, v->length); hexdump(stdout, "got", buf, v->length); + ++errs; + } + + // try with in == out + memcpy(iv, v->iv, sizeof iv); + memcpy(buf, v->in, v->length); + AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt); + + if(memcmp(v->out, buf, v->length)) + { + printf("IGE test vector %d failed (with in == out)\n", n); + hexdump(stdout, "key", v->key, sizeof v->key); + hexdump(stdout, "iv", v->iv, sizeof v->iv); + hexdump(stdout, "in", v->in, v->length); + hexdump(stdout, "expected", v->out, v->length); + hexdump(stdout, "got", buf, v->length); + ++errs; } } -- GitLab