Drop support for VIA Padlock
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 37a9724..493af30 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -53,7 +53,6 @@
memory_buffer_alloc.c
nist_kw.c
oid.c
- padlock.c
pem.c
pk.c
pk_ecc.c
diff --git a/library/Makefile b/library/Makefile
index 388fcea..e0eefd8 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -145,7 +145,6 @@
memory_buffer_alloc.o \
nist_kw.o \
oid.o \
- padlock.o \
pem.o \
pk.o \
pk_ecc.o \
diff --git a/library/aes.c b/library/aes.c
index b1a5c3e..aaea70b 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -30,21 +30,6 @@
#endif
#endif
-#if defined(MBEDTLS_ARCH_IS_X86)
-#if defined(MBEDTLS_PADLOCK_C)
-#if !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
-#endif
-#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
-#error "MBEDTLS_AES_USE_HARDWARE_ONLY cannot be defined when " \
- "MBEDTLS_PADLOCK_C is set"
-#endif
-#endif
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C)
-#include "padlock.h"
-#endif
#if defined(MBEDTLS_AESNI_C)
#include "aesni.h"
#endif
@@ -67,10 +52,6 @@
#if !defined(MBEDTLS_AES_ALT)
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
-static int aes_padlock_ace = -1;
-#endif
-
#if defined(MBEDTLS_AES_ROM_TABLES)
/*
* Forward S-box
@@ -527,8 +508,7 @@
* Note that the offset is in units of elements of buf, i.e. 32-bit words,
* i.e. an offset of 1 means 4 bytes and so on.
*/
-#if (defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)) || \
- (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
+#if (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
#define MAY_NEED_TO_ALIGN
#endif
@@ -537,15 +517,6 @@
#if defined(MAY_NEED_TO_ALIGN)
int align_16_bytes = 0;
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
- if (aes_padlock_ace == -1) {
- aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
- }
- if (aes_padlock_ace) {
- align_16_bytes = 1;
- }
-#endif
-
#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
align_16_bytes = 1;
@@ -1000,12 +971,13 @@
}
#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
-/* VIA Padlock and our intrinsics-based implementation of AESNI require
- * the round keys to be aligned on a 16-byte boundary. We take care of this
- * before creating them, but the AES context may have moved (this can happen
- * if the library is called from a language with managed memory), and in later
- * calls it might have a different alignment with respect to 16-byte memory.
- * So we may need to realign.
+/*
+ * Our intrinsics-based implementation of AESNI require the round keys to be
+ * aligned on a 16-byte boundary. We take care of this before creating them,
+ * but the AES context may have moved (this can happen if the library is
+ * called from a language with managed memory), and in later calls it might
+ * have a different alignment with respect to 16-byte memory. So we may need
+ * to realign.
*/
MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
{
@@ -1046,12 +1018,6 @@
}
#endif
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
- if (aes_padlock_ace > 0) {
- return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
- }
-#endif
-
#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
if (mode == MBEDTLS_AES_DECRYPT) {
@@ -1092,18 +1058,6 @@
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
}
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
- if (aes_padlock_ace > 0) {
- if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) {
- return 0;
- }
-
- // If padlock data misaligned, we just fall back to
- // unaccelerated mode
- //
- }
-#endif
-
const unsigned char *ivp = iv;
if (mode == MBEDTLS_AES_DECRYPT) {
@@ -1860,11 +1814,6 @@
mbedtls_printf(" AES note: using AESNI.\n");
} else
#endif
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
- if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
- mbedtls_printf(" AES note: using VIA Padlock.\n");
- } else
-#endif
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" AES note: using AESCE.\n");
diff --git a/library/padlock.c b/library/padlock.c
deleted file mode 100644
index 1f00691..0000000
--- a/library/padlock.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * VIA PadLock support functions
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-/*
- * This implementation is based on the VIA PadLock Programming Guide:
- *
- * http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/
- * programming_guide.pdf
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PADLOCK_C)
-
-#include "padlock.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
-
-/*
- * PadLock detection routine
- */
-int mbedtls_padlock_has_support(int feature)
-{
- static int flags = -1;
- int ebx = 0, edx = 0;
-
- if (flags == -1) {
- asm ("movl %%ebx, %0 \n\t"
- "movl $0xC0000000, %%eax \n\t"
- "cpuid \n\t"
- "cmpl $0xC0000001, %%eax \n\t"
- "movl $0, %%edx \n\t"
- "jb 1f \n\t"
- "movl $0xC0000001, %%eax \n\t"
- "cpuid \n\t"
- "1: \n\t"
- "movl %%edx, %1 \n\t"
- "movl %2, %%ebx \n\t"
- : "=m" (ebx), "=m" (edx)
- : "m" (ebx)
- : "eax", "ecx", "edx");
-
- flags = edx;
- }
-
- return flags & feature;
-}
-
-/*
- * PadLock AES-ECB block en(de)cryption
- */
-int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16])
-{
- int ebx = 0;
- uint32_t *rk;
- uint32_t *blk;
- uint32_t *ctrl;
- unsigned char buf[256];
-
- rk = ctx->buf + ctx->rk_offset;
-
- if (((long) rk & 15) != 0) {
- return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
- }
-
- blk = MBEDTLS_PADLOCK_ALIGN16(buf);
- memcpy(blk, input, 16);
-
- ctrl = blk + 4;
- *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode^1) - 10) << 9);
-
- asm ("pushfl \n\t"
- "popfl \n\t"
- "movl %%ebx, %0 \n\t"
- "movl $1, %%ecx \n\t"
- "movl %2, %%edx \n\t"
- "movl %3, %%ebx \n\t"
- "movl %4, %%esi \n\t"
- "movl %4, %%edi \n\t"
- ".byte 0xf3,0x0f,0xa7,0xc8 \n\t"
- "movl %1, %%ebx \n\t"
- : "=m" (ebx)
- : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
- : "memory", "ecx", "edx", "esi", "edi");
-
- memcpy(output, blk, 16);
-
- return 0;
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * PadLock AES-CBC buffer en(de)cryption
- */
-int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output)
-{
- int ebx = 0;
- size_t count;
- uint32_t *rk;
- uint32_t *iw;
- uint32_t *ctrl;
- unsigned char buf[256];
-
- rk = ctx->buf + ctx->rk_offset;
-
- if (((long) input & 15) != 0 ||
- ((long) output & 15) != 0 ||
- ((long) rk & 15) != 0) {
- return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
- }
-
- iw = MBEDTLS_PADLOCK_ALIGN16(buf);
- memcpy(iw, iv, 16);
-
- ctrl = iw + 4;
- *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9);
-
- count = (length + 15) >> 4;
-
- asm ("pushfl \n\t"
- "popfl \n\t"
- "movl %%ebx, %0 \n\t"
- "movl %2, %%ecx \n\t"
- "movl %3, %%edx \n\t"
- "movl %4, %%ebx \n\t"
- "movl %5, %%esi \n\t"
- "movl %6, %%edi \n\t"
- "movl %7, %%eax \n\t"
- ".byte 0xf3,0x0f,0xa7,0xd0 \n\t"
- "movl %1, %%ebx \n\t"
- : "=m" (ebx)
- : "m" (ebx), "m" (count), "m" (ctrl),
- "m" (rk), "m" (input), "m" (output), "m" (iw)
- : "memory", "eax", "ecx", "edx", "esi", "edi");
-
- memcpy(iv, iw, 16);
-
- return 0;
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
-
-#endif /* MBEDTLS_PADLOCK_C */
diff --git a/library/padlock.h b/library/padlock.h
deleted file mode 100644
index 92d72af..0000000
--- a/library/padlock.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/**
- * \file padlock.h
- *
- * \brief VIA PadLock ACE for HW encryption/decryption supported by some
- * processors
- *
- * \warning These functions are only for internal use by other library
- * functions; you must not call them directly.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_PADLOCK_H
-#define MBEDTLS_PADLOCK_H
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/aes.h"
-
-#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */
-
-#if defined(__has_feature)
-#if __has_feature(address_sanitizer)
-#define MBEDTLS_HAVE_ASAN
-#endif
-#endif
-
-/*
- * - `padlock` is implements with GNUC assembly for x86 target.
- * - Some versions of ASan result in errors about not enough registers.
- */
-#if defined(MBEDTLS_PADLOCK_C) && \
- defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \
- defined(MBEDTLS_HAVE_ASM) && \
- !defined(MBEDTLS_HAVE_ASAN)
-
-#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
-
-#include <stdint.h>
-
-#define MBEDTLS_PADLOCK_RNG 0x000C
-#define MBEDTLS_PADLOCK_ACE 0x00C0
-#define MBEDTLS_PADLOCK_PHE 0x0C00
-#define MBEDTLS_PADLOCK_PMM 0x3000
-
-#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15))
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Internal PadLock detection routine
- *
- * \note This function is only for internal use by other library
- * functions; you must not call it directly.
- *
- * \param feature The feature to detect
- *
- * \return non-zero if CPU has support for the feature, 0 otherwise
- */
-int mbedtls_padlock_has_support(int feature);
-
-/**
- * \brief Internal PadLock AES-ECB block en(de)cryption
- *
- * \note This function is only for internal use by other library
- * functions; you must not call it directly.
- *
- * \param ctx AES context
- * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param input 16-byte input block
- * \param output 16-byte output block
- *
- * \return 0 if success, 1 if operation failed
- */
-int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16]);
-
-/**
- * \brief Internal PadLock AES-CBC buffer en(de)cryption
- *
- * \note This function is only for internal use by other library
- * functions; you must not call it directly.
- *
- * \param ctx AES context
- * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param length length of the input data
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
- *
- * \return 0 if success, 1 if operation failed
- */
-int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HAVE_X86 */
-
-#endif /* padlock.h */