-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Import CRYPTOGAMS ASM code (from OpenSSL 3.0.0-beta1)
The CRYPTOGAMS code is suitably licensed for use in OpenConnect under LGPLv2.1, and gives us a 40% speedup to ESP AES-SHA1 encryption. However, not everything is in the standalone CRYPTOGAMS repository, so we have to import from OpenSSL itself for now, which means the licence is incompatible. Once dot-asm/cryptogams#7 is resolved, we can do this for real. But for now it's worth having it to experiment with. Really needs SHA256 too... Signed-off-by: David Woodhouse <[email protected]>
- Loading branch information
Showing
11 changed files
with
11,311 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
/* | ||
* OpenConnect (SSL + DTLS) VPN client | ||
* | ||
* Copyright © 2019 David Woodhouse | ||
* | ||
* Author: David Woodhouse <[email protected]> | ||
* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU Lesser General Public License | ||
* version 2.1, as published by the Free Software Foundation. | ||
* | ||
* This program is distributed in the hope that it will be useful, but | ||
* WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* Lesser General Public License for more details. | ||
*/ | ||
|
||
#include <config.h> | ||
|
||
#include <unistd.h> | ||
#include <string.h> | ||
#include <stdlib.h> | ||
#include <errno.h> | ||
|
||
#include "openconnect-internal.h" | ||
|
||
#include "aesni-esp.h" | ||
|
||
uint64_t OPENCONNECT_ia32cap_P[2]; | ||
|
||
int aesni_init_esp_ciphers(struct openconnect_info *vpninfo, | ||
struct esp *esp_out, struct esp *esp_in) | ||
{ | ||
if (!(OPENCONNECT_ia32cap_P[0] & (1<<10))) { | ||
uint64_t cap = OPENCONNECT_ia32_cpuid(OPENCONNECT_ia32cap_P); | ||
|
||
OPENCONNECT_ia32cap_P[0] = cap | (1<<10); | ||
|
||
vpn_progress(vpninfo, PRG_DEBUG, | ||
_("CPU capabilities: %08lx %08lx %08lx %08lx\n"), | ||
OPENCONNECT_ia32cap_P[0] & 0xffffffff, | ||
OPENCONNECT_ia32cap_P[0] >> 32, | ||
OPENCONNECT_ia32cap_P[1] & 0xffffffff, | ||
OPENCONNECT_ia32cap_P[1] >> 32); | ||
} | ||
|
||
return -EINVAL; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
/* | ||
* OpenConnect (SSL + DTLS) VPN client | ||
* | ||
* Copyright © 2019 David Woodhouse | ||
* | ||
* Author: David Woodhouse <[email protected]> | ||
* | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU Lesser General Public License | ||
* version 2.1, as published by the Free Software Foundation. | ||
* | ||
* This program is distributed in the hope that it will be useful, but | ||
* WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* Lesser General Public License for more details. | ||
*/ | ||
|
||
#ifndef __AESNI_ESP_H__ | ||
#define __AESNI_ESP_H__ | ||
|
||
/* ABI definitions for the CRYPTOGAMS routines */ | ||
|
||
#define AES_MAXKEYBITS 256 | ||
#define AES_MAXROUNDS 14 | ||
#define AES_BLOCK 16 | ||
|
||
struct aesni_key { | ||
uint32_t rd_key[4 * (AES_MAXROUNDS + 1)]; | ||
int rounds; | ||
}; | ||
|
||
/* Not literally AES-NI but we are only using this in the context of the | ||
stitched AES-NI + SHA1 routines. */ | ||
|
||
#define SHA1_BLOCK 64 | ||
|
||
struct aesni_sha1 { | ||
uint32_t h0, h1, h2, h3, h4; | ||
uint64_t N; /* The CRYPTOGAMS routines don't touch this */ | ||
}; | ||
|
||
|
||
int aesni_set_encrypt_key (const unsigned char *userKey, int bits, | ||
struct aesni_key *key); | ||
int aesni_set_decrypt_key (const unsigned char *userKey, int bits, | ||
struct aesni_key *key); | ||
|
||
void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, | ||
size_t length, const struct aesni_key *key, | ||
unsigned char *ivec, int enc); | ||
|
||
void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks, | ||
const struct aesni_key *key, unsigned char iv[16], | ||
const struct aesni_sha1 *ctx, const void *in0); | ||
|
||
void sha1_block_data_order(struct aesni_sha1 *ctx, const void *p, | ||
size_t n_blocks); | ||
|
||
uint64_t OPENCONNECT_ia32_cpuid(uint64_t *cap); | ||
|
||
#endif /* AESNI_ESP_H__ */ |
Oops, something went wrong.