[ovs-dev] [PATCH] Replace DIY AES with openssl if openssl is available

anton.ivanov at cambridgegreys.com anton.ivanov at cambridgegreys.com
Wed Aug 18 14:30:51 UTC 2021 

From: Anton Ivanov <anton.ivanov at cambridgegreys.com>

This allows to leverage the openssl implementation which can use
hardware crypto on supported platforms.

UUID generation speed is improved by ~ 12% on an AMD Ryzen with
support for AES instructions.

Signed-off-by: Anton Ivanov <anton.ivanov at cambridgegreys.com>
---
 lib/aes128.c | 34 ++++++++++++++++++++++++++++++++++
 lib/aes128.h | 16 ++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/lib/aes128.c b/lib/aes128.c
index 98447d14b..207925b58 100644
--- a/lib/aes128.c
+++ b/lib/aes128.c
@@ -28,6 +28,39 @@
 
 #include "util.h"
 
+#ifdef HAVE_OPENSSL
+
+
+
+#include <openssl/conf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include "entropy.h"
+#include "openvswitch/vlog.h"
+
+VLOG_DEFINE_THIS_MODULE(aes);
+
+void aes128_schedule(struct aes128 *aes, const uint8_t key[16])
+{
+    uint8_t iv[16];
+    aes->ctx = EVP_CIPHER_CTX_new();
+    memset(iv, 0, sizeof iv);
+    if (EVP_EncryptInit_ex(aes->ctx, EVP_aes_128_cbc(), NULL, key, iv) != 1) {
+        VLOG_FATAL("Encryption init failed");
+    }
+}
+
+void aes128_encrypt(const struct aes128 *aes, const void *plain, void *cipher)
+{
+    int len;
+    if (1 != EVP_EncryptUpdate(aes->ctx, cipher, &len, plain, 16)) {
+        VLOG_FATAL("Encryption failed");
+    }
+}
+
+#else
+
 static const uint32_t Te0[256] = {
     0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
     0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
@@ -507,3 +540,4 @@ aes128_encrypt(const struct aes128 *aes, const void *input_, void *output_)
           ^ rk[3]);
     put_u32(output + 12, s3);
 }
+#endif
diff --git a/lib/aes128.h b/lib/aes128.h
index f0f55d7cf..efa71c764 100644
--- a/lib/aes128.h
+++ b/lib/aes128.h
@@ -25,12 +25,28 @@
 #ifndef AES128_H
 #define AES128_H
 
+#include <config.h>
 #include <stdint.h>
 
+#ifdef HAVE_OPENSSL
+
+#include <openssl/conf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+
+struct aes128 {
+    EVP_CIPHER_CTX *ctx;
+};
+
+#else
+
 struct aes128 {
     uint32_t rk[128/8 + 28];
 };
 
+#endif
+
 void aes128_schedule(struct aes128 *, const uint8_t key[16]);
 void aes128_encrypt(const struct aes128 *, const void *, void *);
 
-- 
2.20.1

More information about the dev mailing list