riscv: Provide vector crypto implementation of AES-GCM mode.

To accelerate the performance of the AES-GCM mode, in this patch, we
have the specialized multi-block implementations for AES-128-GCM,
AES-192-GCM and AES-256-GCM.

Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)

1 files changed, 60 insertions, 13 deletions

diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.inc
index b4a6749d3f..883d5d918f 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.inc
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.inc
@@ -8,10 +8,13 @@
  */
 
 /*-
- * RISC-V 64 ZKND ZKNE support for AES GCM.
+ * RISC-V 64 support for AES GCM.
  * This file is included by cipher_aes_gcm_hw.c
  */
 
+/*-
+ * RISC-V 64 ZKND and ZKNE support for AES GCM.
+ */
 static int rv64i_zknd_zkne_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
                                        size_t keylen)
 {
@@ -33,21 +36,25 @@ static const PROV_GCM_HW rv64i_zknd_zkne_gcm = {
 
 /*-
  * RISC-V RV64 ZVKNED support for AES GCM.
- * This file is included by cipher_aes_gcm_hw.c
  */
-
 static int rv64i_zvkned_gcm_initkey(PROV_GCM_CTX *ctx, const unsigned char *key,
                                     size_t keylen)
 {
     PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
     AES_KEY *ks = &actx->ks.ks;
-    /* Zvkned only supports 128 and 256 bit keys for key schedule generation. */
+
+    /*
+     * Zvkned only supports 128 and 256 bit keys for key schedule generation.
+     * For AES-192 case, we could fallback to `AES_set_encrypt_key`.
+     */
     if (keylen * 8 == 128 || keylen * 8 == 256) {
         GCM_HW_SET_KEY_CTR_FN(ks, rv64i_zvkned_set_encrypt_key,
                               rv64i_zvkned_encrypt, NULL);
     } else {
-        GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key, rv64i_zvkned_encrypt, NULL);
+        GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key,
+                              rv64i_zvkned_encrypt, NULL);
     }
+
     return 1;
 }
 
@@ -60,12 +67,52 @@ static const PROV_GCM_HW rv64i_zvkned_gcm = {
     ossl_gcm_one_shot
 };
 
-const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits)
-{
-    if (RISCV_HAS_ZVKNED() && riscv_vlen() >= 128)
-        return &rv64i_zvkned_gcm;
-    else if (RISCV_HAS_ZKND_AND_ZKNE())
-        return &rv64i_zknd_zkne_gcm;
-    else
-        return &aes_gcm;
+/*-
+ * RISC-V RV64 ZVBB, ZVKG and ZVKNED support for AES GCM.
+ */
+static int rv64i_zvbb_zvkg_zvkned_gcm_initkey(PROV_GCM_CTX *ctx,
+                                              const unsigned char *key,
+                                              size_t keylen) {
+    PROV_AES_GCM_CTX *actx = (PROV_AES_GCM_CTX *)ctx;
+    AES_KEY *ks = &actx->ks.ks;
+
+    /*
+     * Zvkned only supports 128 and 256 bit keys for key schedule generation.
+     * For AES-192 case, we could fallback to `AES_set_encrypt_key`.
+     */
+    if (keylen * 8 == 128 || keylen * 8 == 256) {
+        GCM_HW_SET_KEY_CTR_FN(ks, rv64i_zvkned_set_encrypt_key,
+                              rv64i_zvkned_encrypt,
+                              rv64i_zvbb_zvkned_ctr32_encrypt_blocks);
+    } else {
+        GCM_HW_SET_KEY_CTR_FN(ks, AES_set_encrypt_key,
+                              rv64i_zvkned_encrypt,
+                              rv64i_zvbb_zvkned_ctr32_encrypt_blocks);
+    }
+
+    return 1;
+}
+
+static const PROV_GCM_HW rv64i_zvbb_zvkg_zvkned_gcm = {
+    rv64i_zvbb_zvkg_zvkned_gcm_initkey,
+    ossl_gcm_setiv,
+    ossl_gcm_aad_update,
+    generic_aes_gcm_cipher_update,
+    ossl_gcm_cipher_final,
+    ossl_gcm_one_shot
+};
+
+const PROV_GCM_HW *ossl_prov_aes_hw_gcm(size_t keybits) {
+    if (RISCV_HAS_ZVKNED()) {
+      if (RISCV_HAS_ZVBB() && RISCV_HAS_ZVKG() && riscv_vlen() >= 128) {
+        return &rv64i_zvbb_zvkg_zvkned_gcm;
+      }
+      return &rv64i_zvkned_gcm;
+    }
+
+    if (RISCV_HAS_ZKND_AND_ZKNE()) {
+      return &rv64i_zknd_zkne_gcm;
+    }
+
+    return &aes_gcm;
 }