Rewrite aes_nohw.c to aes_nohw.rs.

Cargo.toml

@@ -46,7 +46,6 @@ include = [
     "crypto/curve25519/curve25519_64_adx.c",
     "crypto/curve25519/curve25519_tables.h",
     "crypto/curve25519/internal.h",
-    "crypto/fipsmodule/aes/aes_nohw.c",
     "crypto/fipsmodule/aes/asm/aesni-x86.pl",
     "crypto/fipsmodule/aes/asm/aesni-x86_64.pl",
     "crypto/fipsmodule/aes/asm/aesv8-armx.pl",
@@ -106,7 +105,6 @@ include = [
     "crypto/cipher_extra/asm/chacha20_poly1305_armv8.pl",
     "crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl",
     "examples/**/*.rs",
-    "include/ring-core/aes.h",
     "include/ring-core/arm_arch.h",
     "include/ring-core/asm_base.h",
     "include/ring-core/base.h",

build.rs

@@ -53,7 +53,6 @@ const WASM32: &str = "wasm32";
 #[rustfmt::skip]
 const RING_SRCS: &[(&[&str], &str)] = &[
     (&[], "crypto/curve25519/curve25519.c"),
-    (&[], "crypto/fipsmodule/aes/aes_nohw.c"),
     (&[], "crypto/fipsmodule/bn/montgomery.c"),
     (&[], "crypto/fipsmodule/bn/montgomery_inv.c"),
     (&[], "crypto/fipsmodule/ec/ecp_nistz.c"),
@@ -869,9 +868,6 @@ fn prefix_all_symbols(pp: char, prefix_prefix: &str, prefix: &str) -> String {
         "aes_hw_ctr32_encrypt_blocks",
         "aes_hw_encrypt",
         "aes_hw_set_encrypt_key",
-        "aes_nohw_ctr32_encrypt_blocks",
-        "aes_nohw_encrypt",
-        "aes_nohw_set_encrypt_key",
         "aesni_gcm_decrypt",
         "aesni_gcm_encrypt",
         "bn_from_montgomery_in_place",

crypto/internal.h

@@ -378,18 +378,6 @@ static inline crypto_word_t constant_time_declassify_w(crypto_word_t v) {
 static inline uint32_t CRYPTO_bswap4(uint32_t x) {
   return __builtin_bswap32(x);
 }
-
-static inline uint64_t CRYPTO_bswap8(uint64_t x) {
-  return __builtin_bswap64(x);
-}
-#elif defined(_MSC_VER)
-#pragma warning(push, 3)
-#include <stdlib.h>
-#pragma warning(pop)
-#pragma intrinsic(_byteswap_ulong)
-static inline uint32_t CRYPTO_bswap4(uint32_t x) {
-  return _byteswap_ulong(x);
-}
 #endif
 
 #if !defined(RING_CORE_NOSTDLIBINC)
@@ -457,23 +445,6 @@ static inline void CRYPTO_store_u32_le(void *out, uint32_t v) {
   OPENSSL_memcpy(out, &v, sizeof(v));
 }
 
-static inline uint32_t CRYPTO_load_u32_be(const void *in) {
-  uint32_t v;
-  OPENSSL_memcpy(&v, in, sizeof(v));
-#if !defined(RING_BIG_ENDIAN)
-  return CRYPTO_bswap4(v);
-#else
-  return v;
-#endif
-}
-
-static inline void CRYPTO_store_u32_be(void *out, uint32_t v) {
-#if !defined(RING_BIG_ENDIAN)
-  v = CRYPTO_bswap4(v);
-#endif
-  OPENSSL_memcpy(out, &v, sizeof(v));
-}
-
 // Runtime CPU feature support
 
 #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)

src/aead/aes.rs

@@ -12,6 +12,8 @@
 // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
+mod aes_nohw;
+
 use super::{nonce::Nonce, quic::Sample};
 use crate::{
     bits::BitLength,
@@ -177,7 +179,7 @@ impl Key {
         cpu_features: cpu::Features,
     ) -> Result<Self, error::Unspecified> {
         let mut key = AES_KEY {
-            rd_key: [0u32; 4 * (MAX_ROUNDS + 1)],
+            rd_key: [[0u32; 4]; MAX_ROUNDS + 1],
             rounds: 0,
         };
 
@@ -203,9 +205,7 @@ impl Key {
 
             // SAFETY: `aes_nohw_set_encrypt_key` satisfies the `set_encrypt_key!`
             // contract.
-            Implementation::NOHW => unsafe {
-                set_encrypt_key!(aes_nohw_set_encrypt_key, bytes, &mut key, cpu_features)?;
-            },
+            Implementation::NOHW => aes_nohw::set_encrypt_key(&mut key, bytes),
         };
 
         Ok(Self { inner: key })
@@ -225,7 +225,11 @@ impl Key {
             ))]
             Implementation::VPAES_BSAES => encrypt_block!(vpaes_encrypt, a, self),
 
-            Implementation::NOHW => encrypt_block!(aes_nohw_encrypt, a, self),
+            Implementation::NOHW => {
+                let mut in_out = a;
+                aes_nohw::encrypt_block(&self.inner, &mut in_out);
+                in_out
+            }
         }
     }
 
@@ -327,16 +331,7 @@ impl Key {
             //    above, as required by `aes_nohw_ctr32_encrypt_blocks`.
             //  * `aes_nohw_ctr32_encrypt_blocks` satisfies the contract for
             //    `ctr32_encrypt_blocks`.
-            Implementation::NOHW => unsafe {
-                ctr32_encrypt_blocks!(
-                    aes_nohw_ctr32_encrypt_blocks,
-                    in_out,
-                    src,
-                    &self.inner,
-                    ctr,
-                    cpu_features
-                )
-            },
+            Implementation::NOHW => aes_nohw::ctr32_encrypt_within(&self.inner, in_out, src, ctr),
         }
     }
 
@@ -358,15 +353,13 @@ impl Key {
     }
 }
 
-// Keep this in sync with AES_KEY in aes.h.
 #[repr(C)]
 #[derive(Clone)]
 pub(super) struct AES_KEY {
-    pub rd_key: [u32; 4 * (MAX_ROUNDS + 1)],
+    pub rd_key: [[u32; 4]; MAX_ROUNDS + 1],
     pub rounds: c::uint,
 }
 
-// Keep this in sync with `AES_MAXNR` in aes.h.
 const MAX_ROUNDS: usize = 14;
 
 pub const AES_128_KEY_LEN: usize = 128 / 8;
@@ -399,6 +392,10 @@ impl Counter {
         let new_value = old_value + increment_by;
         [*c0, *c1, *c2, *c3] = u32::to_be_bytes(new_value);
     }
+
+    pub(super) fn as_bytes_less_safe(&self) -> [u8; 16] {
+        self.0
+    }
 }
 
 /// The IV for a single block encryption.
@@ -510,7 +507,7 @@ unsafe fn bsaes_ctr32_encrypt_blocks_with_vpaes_key(
     }
 
     let mut bsaes_key = AES_KEY {
-        rd_key: [0u32; 4 * (MAX_ROUNDS + 1)],
+        rd_key: [[0u32; 4]; MAX_ROUNDS + 1],
         rounds: 0,
     };
     // SAFETY: