2019-04-09 14:13:35 +01:00
|
|
|
// Copyright 2009 The Go Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
add basic support for ppc64le, riscv64 (#48)
This change set modifies build metadata to add support for ppc64le
(POWER9) and riscv64 (RISC-V). The arm64 and amd64 assembler
implementations are architecture specific and do not support ppc64le or
riscv64. On ppc64le or riscv64 a generic implementation is chosen. The
drbg/internal/aes/cipher_noasm.go file was written by @mixmasala and
myself.
The csidh and sidh tests are extremely slow (>30m) on RISC-V using the
sifive,u54-mc (HiFive Unleashed) development board. The test timeout is
set to infinity on RISC-V by the top level Makefile as at least one test
does not finish within the default 10 minutes on RISC-V. On RISC-V the
csidh test finishes after around 30 minutes, the sidh test finishes
after around 71 minutes.
These changes were tested with amd64 (Intel Core i7), arm64 (Raspberry
Pi 4b), ppc64le (Talos POWER9, PowerNV T2P9D01 REV 1.00), and riscv64
(HighFive Unleashed, rv64imafdc,sifive,u54-mc).
The kernel versions of those systems follows:
Linux rpi4 5.13.0-1009-raspi #10-Ubuntu SMP PREEMPT Mon Oct 25 13:58:43
UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
Linux i7 5.8.0-63-generic #71-Ubuntu SMP Tue Jul 13 15:59:12 UTC 2021
x86_64 x86_64 x86_64 GNU/Linux
Linux power9 5.11.0-34-generic #36-Ubuntu SMP Thu Aug 26 19:19:54 UTC
2021 ppc64le ppc64le ppc64le GNU/Linux
Linux risc-v-unleashed-000 5.11.0-1022-generic #23~20.04.1-Ubuntu SMP
Thu Oct 21 10:16:27 UTC 2021 riscv64 riscv64 riscv64 GNU/Linux
2023-03-13 23:12:45 +00:00
|
|
|
// +build noasm amd64 arm64 ppc64le riscv64
|
2019-04-09 14:13:35 +01:00
|
|
|
|
|
|
|
package aes
|
|
|
|
|
|
|
|
import (
|
|
|
|
"strconv"
|
|
|
|
)
|
|
|
|
|
|
|
|
// The AES block size in bytes.
|
|
|
|
const BlockSize = 16
|
|
|
|
|
|
|
|
// A cipher is an instance of AES encryption using a particular key.
|
|
|
|
type AES struct {
|
|
|
|
enc [32 + 28]uint32
|
|
|
|
dec [32 + 28]uint32
|
|
|
|
keyLen int
|
|
|
|
}
|
|
|
|
|
2019-04-09 23:50:21 +01:00
|
|
|
// AES interface
|
|
|
|
type IAES interface {
|
|
|
|
SetKey(key []byte) error
|
|
|
|
Encrypt(dst, src []byte)
|
|
|
|
Decrypt(dst, src []byte)
|
|
|
|
}
|
|
|
|
|
2019-04-09 14:13:35 +01:00
|
|
|
type KeySizeError int
|
|
|
|
|
|
|
|
func (k KeySizeError) Error() string {
|
|
|
|
return "crypto/aes: invalid key size " + strconv.Itoa(int(k))
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewCipher() *AES {
|
|
|
|
return new(AES)
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewCipher creates and returns a new cipher.Block.
|
|
|
|
// The key argument should be the AES key,
|
|
|
|
// either 16, 24, or 32 bytes to select
|
|
|
|
// AES-128, AES-192, or AES-256.
|
|
|
|
func (c *AES) SetKey(key []byte) error {
|
|
|
|
k := len(key)
|
|
|
|
|
|
|
|
switch k {
|
|
|
|
default:
|
|
|
|
return KeySizeError(k)
|
|
|
|
case 16, 24, 32:
|
|
|
|
break
|
|
|
|
}
|
|
|
|
for i, _ := range c.enc {
|
|
|
|
c.enc[i] = 0
|
|
|
|
}
|
|
|
|
for i, _ := range c.dec {
|
|
|
|
c.dec[i] = 0
|
|
|
|
}
|
|
|
|
c.keyLen = k
|
|
|
|
expandKeyGo(key, c.enc[:c.keyLen+28], c.dec[:c.keyLen+28])
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *AES) BlockSize() int { return BlockSize }
|
|
|
|
|
|
|
|
func (c *AES) Encrypt(dst, src []byte) {
|
|
|
|
if len(src) < BlockSize {
|
|
|
|
panic("crypto/aes: input not full block")
|
|
|
|
}
|
|
|
|
if len(dst) < BlockSize {
|
|
|
|
panic("crypto/aes: output not full block")
|
|
|
|
}
|
|
|
|
if InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
|
|
|
|
panic("crypto/aes: invalid buffer overlap")
|
|
|
|
}
|
|
|
|
encryptBlockGo(c.enc[:c.keyLen+28], dst, src)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *AES) Decrypt(dst, src []byte) {
|
|
|
|
if len(src) < BlockSize {
|
|
|
|
panic("crypto/aes: input not full block")
|
|
|
|
}
|
|
|
|
if len(dst) < BlockSize {
|
|
|
|
panic("crypto/aes: output not full block")
|
|
|
|
}
|
|
|
|
if InexactOverlap(dst[:BlockSize], src[:BlockSize]) {
|
|
|
|
panic("crypto/aes: invalid buffer overlap")
|
|
|
|
}
|
|
|
|
decryptBlockGo(c.dec[:c.keyLen+28], dst, src)
|
|
|
|
}
|