网硕互联帮助中心文章目录
- 1. 概述
- 2. 软件架构图
- 3. 调用流程图
- 4. UML类图
- 5. 源码深度分析
-
- 5.1 AES算法核心实现分析
-
- 5.1.1 查表法实现机制
- 5.1.2 轮函数实现
- 5.1.3 加密解密主循环
- 5.2 C语言接口层分析
-
- 5.2.1 Glue代码实现
- 5.2.2 单块操作接口
- 5.3 性能优化分析
-
- 5.3.1 查表优化
- 5.3.2 指令调度优化
- 6. 设计模式分析
-
- 6.1 模板方法模式在AES实现中的体现
- 6.2 策略模式在查表实现中的体现
- 6.3 组合模式在AES组件中的体现
- 7. 状态机分析
- 8. 性能优化分析
-
- 8.1 查表预取优化
- 8.2 循环展开优化
- 8.3 字节序处理优化
- 9. 安全性考虑
-
- 9.1 侧信道攻击防护
- 9.2 内存安全防护
- 9.3 密钥管理安全
- 10. 扩展性分析
-
- 10.1 新算法支持
- 10.2 硬件加速扩展
- 10.3 测试和验证扩展
- 11. 调试和维护
-
- 11.1 调试信息输出
- 11.2 错误检测和恢复
- 12. 未来发展方向
- 13. 总结
团队博客: 汽车电子社区
1. 概述
ARM64 crypto AES基础实现子模块是Linux内核ARM64架构加密子系统中AES算法的核心实现,包含aes-cipher-core.S、aes-cipher-glue.c等核心文件。该模块提供了不依赖特殊硬件加速的纯软件AES加密解密功能,作为ARM64加密子系统的基础组件。
AES基础实现子模块采用了优化的查表法和位操作,通过精心设计的宏和汇编代码,在保持代码简洁的同时实现了高效的AES运算。该模块支持128位、192位和256位密钥长度,提供了加密和解密两种操作模式,是ARM64平台AES加密功能的基础设施。
模块的设计体现了软件加密算法实现的经典方法,通过查表和位运算的组合,在通用处理器上实现了AES的高性能计算,是ARM64加密子系统的重要组成部分。
2. 软件架构图
#mermaid-svg-01P3h89Eq3Yb6cfd{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#mermaid-svg-01P3h89Eq3Yb6cfd .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#mermaid-svg-01P3h89Eq3Yb6cfd .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#mermaid-svg-01P3h89Eq3Yb6cfd .error-icon{fill:#552222;}#mermaid-svg-01P3h89Eq3Yb6cfd .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-01P3h89Eq3Yb6cfd .edge-thickness-normal{stroke-width:1px;}#mermaid-svg-01P3h89Eq3Yb6cfd .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-01P3h89Eq3Yb6cfd .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-01P3h89Eq3Yb6cfd .edge-thickness-invisible{stroke-width:0;fill:none;}#mermaid-svg-01P3h89Eq3Yb6cfd .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-01P3h89Eq3Yb6cfd .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-01P3h89Eq3Yb6cfd .marker{fill:#333333;stroke:#333333;}#mermaid-svg-01P3h89Eq3Yb6cfd .marker.cross{stroke:#333333;}#mermaid-svg-01P3h89Eq3Yb6cfd svg{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-01P3h89Eq3Yb6cfd p{margin:0;}#mermaid-svg-01P3h89Eq3Yb6cfd .label{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;color:#333;}#mermaid-svg-01P3h89Eq3Yb6cfd .cluster-label text{fill:#333;}#mermaid-svg-01P3h89Eq3Yb6cfd .cluster-label span{color:#333;}#mermaid-svg-01P3h89Eq3Yb6cfd .cluster-label span p{background-color:transparent;}#mermaid-svg-01P3h89Eq3Yb6cfd .label text,#mermaid-svg-01P3h89Eq3Yb6cfd span{fill:#333;color:#333;}#mermaid-svg-01P3h89Eq3Yb6cfd .node rect,#mermaid-svg-01P3h89Eq3Yb6cfd .node circle,#mermaid-svg-01P3h89Eq3Yb6cfd .node ellipse,#mermaid-svg-01P3h89Eq3Yb6cfd .node polygon,#mermaid-svg-01P3h89Eq3Yb6cfd .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-01P3h89Eq3Yb6cfd .rough-node .label text,#mermaid-svg-01P3h89Eq3Yb6cfd .node .label text,#mermaid-svg-01P3h89Eq3Yb6cfd .image-shape .label,#mermaid-svg-01P3h89Eq3Yb6cfd .icon-shape .label{text-anchor:middle;}#mermaid-svg-01P3h89Eq3Yb6cfd .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#mermaid-svg-01P3h89Eq3Yb6cfd .rough-node .label,#mermaid-svg-01P3h89Eq3Yb6cfd .node .label,#mermaid-svg-01P3h89Eq3Yb6cfd .image-shape .label,#mermaid-svg-01P3h89Eq3Yb6cfd .icon-shape .label{text-align:center;}#mermaid-svg-01P3h89Eq3Yb6cfd .node.clickable{cursor:pointer;}#mermaid-svg-01P3h89Eq3Yb6cfd .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#mermaid-svg-01P3h89Eq3Yb6cfd .arrowheadPath{fill:#333333;}#mermaid-svg-01P3h89Eq3Yb6cfd .edgePath .path{stroke:#333333;stroke-width:2.0px;}#mermaid-svg-01P3h89Eq3Yb6cfd .flowchart-link{stroke:#333333;fill:none;}#mermaid-svg-01P3h89Eq3Yb6cfd .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-01P3h89Eq3Yb6cfd .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#mermaid-svg-01P3h89Eq3Yb6cfd .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-01P3h89Eq3Yb6cfd .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#mermaid-svg-01P3h89Eq3Yb6cfd .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#mermaid-svg-01P3h89Eq3Yb6cfd .cluster text{fill:#333;}#mermaid-svg-01P3h89Eq3Yb6cfd .cluster span{color:#333;}#mermaid-svg-01P3h89Eq3Yb6cfd div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#mermaid-svg-01P3h89Eq3Yb6cfd .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#mermaid-svg-01P3h89Eq3Yb6cfd rect.text{fill:none;stroke-width:0;}#mermaid-svg-01P3h89Eq3Yb6cfd .icon-shape,#mermaid-svg-01P3h89Eq3Yb6cfd .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-01P3h89Eq3Yb6cfd .icon-shape p,#mermaid-svg-01P3h89Eq3Yb6cfd .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#mermaid-svg-01P3h89Eq3Yb6cfd .icon-shape rect,#mermaid-svg-01P3h89Eq3Yb6cfd .image-shape rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-01P3h89Eq3Yb6cfd .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#mermaid-svg-01P3h89Eq3Yb6cfd .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#mermaid-svg-01P3h89Eq3Yb6cfd :root{–mermaid-font-family:\”trebuchet ms\”,verdana,arial,sans-serif;}
ARM64 crypto AES基础实现
AES加密核心
AES解密核心
查表转换
位操作优化
密钥扩展
加密轮函数
字节代换
行移位
列混淆
解密轮函数
逆字节代换
逆行移位
逆列混淆
S盒查表
逆S盒查表
混淆矩阵
字节提取
循环移位
XOR运算
密钥调度
轮密钥生成
密钥扩展算法
3. 调用流程图
#mermaid-svg-ymzTTrXXGjqfxJ0a{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#mermaid-svg-ymzTTrXXGjqfxJ0a .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#mermaid-svg-ymzTTrXXGjqfxJ0a .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#mermaid-svg-ymzTTrXXGjqfxJ0a .error-icon{fill:#552222;}#mermaid-svg-ymzTTrXXGjqfxJ0a .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-ymzTTrXXGjqfxJ0a .edge-thickness-normal{stroke-width:1px;}#mermaid-svg-ymzTTrXXGjqfxJ0a .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-ymzTTrXXGjqfxJ0a .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-ymzTTrXXGjqfxJ0a .edge-thickness-invisible{stroke-width:0;fill:none;}#mermaid-svg-ymzTTrXXGjqfxJ0a .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-ymzTTrXXGjqfxJ0a .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-ymzTTrXXGjqfxJ0a .marker{fill:#333333;stroke:#333333;}#mermaid-svg-ymzTTrXXGjqfxJ0a .marker.cross{stroke:#333333;}#mermaid-svg-ymzTTrXXGjqfxJ0a svg{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-ymzTTrXXGjqfxJ0a p{margin:0;}#mermaid-svg-ymzTTrXXGjqfxJ0a .label{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;color:#333;}#mermaid-svg-ymzTTrXXGjqfxJ0a .cluster-label text{fill:#333;}#mermaid-svg-ymzTTrXXGjqfxJ0a .cluster-label span{color:#333;}#mermaid-svg-ymzTTrXXGjqfxJ0a .cluster-label span p{background-color:transparent;}#mermaid-svg-ymzTTrXXGjqfxJ0a .label text,#mermaid-svg-ymzTTrXXGjqfxJ0a span{fill:#333;color:#333;}#mermaid-svg-ymzTTrXXGjqfxJ0a .node rect,#mermaid-svg-ymzTTrXXGjqfxJ0a .node circle,#mermaid-svg-ymzTTrXXGjqfxJ0a .node ellipse,#mermaid-svg-ymzTTrXXGjqfxJ0a .node polygon,#mermaid-svg-ymzTTrXXGjqfxJ0a .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-ymzTTrXXGjqfxJ0a .rough-node .label text,#mermaid-svg-ymzTTrXXGjqfxJ0a .node .label text,#mermaid-svg-ymzTTrXXGjqfxJ0a .image-shape .label,#mermaid-svg-ymzTTrXXGjqfxJ0a .icon-shape .label{text-anchor:middle;}#mermaid-svg-ymzTTrXXGjqfxJ0a .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#mermaid-svg-ymzTTrXXGjqfxJ0a .rough-node .label,#mermaid-svg-ymzTTrXXGjqfxJ0a .node .label,#mermaid-svg-ymzTTrXXGjqfxJ0a .image-shape .label,#mermaid-svg-ymzTTrXXGjqfxJ0a .icon-shape .label{text-align:center;}#mermaid-svg-ymzTTrXXGjqfxJ0a .node.clickable{cursor:pointer;}#mermaid-svg-ymzTTrXXGjqfxJ0a .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#mermaid-svg-ymzTTrXXGjqfxJ0a .arrowheadPath{fill:#333333;}#mermaid-svg-ymzTTrXXGjqfxJ0a .edgePath .path{stroke:#333333;stroke-width:2.0px;}#mermaid-svg-ymzTTrXXGjqfxJ0a .flowchart-link{stroke:#333333;fill:none;}#mermaid-svg-ymzTTrXXGjqfxJ0a .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-ymzTTrXXGjqfxJ0a .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#mermaid-svg-ymzTTrXXGjqfxJ0a .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-ymzTTrXXGjqfxJ0a .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#mermaid-svg-ymzTTrXXGjqfxJ0a .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#mermaid-svg-ymzTTrXXGjqfxJ0a .cluster text{fill:#333;}#mermaid-svg-ymzTTrXXGjqfxJ0a .cluster span{color:#333;}#mermaid-svg-ymzTTrXXGjqfxJ0a div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#mermaid-svg-ymzTTrXXGjqfxJ0a .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#mermaid-svg-ymzTTrXXGjqfxJ0a rect.text{fill:none;stroke-width:0;}#mermaid-svg-ymzTTrXXGjqfxJ0a .icon-shape,#mermaid-svg-ymzTTrXXGjqfxJ0a .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-ymzTTrXXGjqfxJ0a .icon-shape p,#mermaid-svg-ymzTTrXXGjqfxJ0a .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#mermaid-svg-ymzTTrXXGjqfxJ0a .icon-shape rect,#mermaid-svg-ymzTTrXXGjqfxJ0a .image-shape rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-ymzTTrXXGjqfxJ0a .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#mermaid-svg-ymzTTrXXGjqfxJ0a .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#mermaid-svg-ymzTTrXXGjqfxJ0a :root{–mermaid-font-family:\”trebuchet ms\”,verdana,arial,sans-serif;}
加密
解密
应用请求AES操作
调用crypto API
选择AES算法
初始化AES上下文
设置密钥
操作类型
调用__aes_arm64_encrypt
调用__aes_arm64_decrypt
加载明文数据
加载轮密钥
执行AES加密轮
输出密文
加载密文数据
加载轮密钥
执行AES解密轮
输出明文
返回结果
AES操作完成
4. UML类图
#mermaid-svg-2kTxBTQjQLtD9suF{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#mermaid-svg-2kTxBTQjQLtD9suF .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#mermaid-svg-2kTxBTQjQLtD9suF .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#mermaid-svg-2kTxBTQjQLtD9suF .error-icon{fill:#552222;}#mermaid-svg-2kTxBTQjQLtD9suF .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-2kTxBTQjQLtD9suF .edge-thickness-normal{stroke-width:1px;}#mermaid-svg-2kTxBTQjQLtD9suF .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-2kTxBTQjQLtD9suF .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-2kTxBTQjQLtD9suF .edge-thickness-invisible{stroke-width:0;fill:none;}#mermaid-svg-2kTxBTQjQLtD9suF .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-2kTxBTQjQLtD9suF .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-2kTxBTQjQLtD9suF .marker{fill:#333333;stroke:#333333;}#mermaid-svg-2kTxBTQjQLtD9suF .marker.cross{stroke:#333333;}#mermaid-svg-2kTxBTQjQLtD9suF svg{font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-2kTxBTQjQLtD9suF p{margin:0;}#mermaid-svg-2kTxBTQjQLtD9suF g.classGroup text{fill:#9370DB;stroke:none;font-family:\”trebuchet ms\”,verdana,arial,sans-serif;font-size:10px;}#mermaid-svg-2kTxBTQjQLtD9suF g.classGroup text .title{font-weight:bolder;}#mermaid-svg-2kTxBTQjQLtD9suF .nodeLabel,#mermaid-svg-2kTxBTQjQLtD9suF .edgeLabel{color:#131300;}#mermaid-svg-2kTxBTQjQLtD9suF .edgeLabel .label rect{fill:#ECECFF;}#mermaid-svg-2kTxBTQjQLtD9suF .label text{fill:#131300;}#mermaid-svg-2kTxBTQjQLtD9suF .labelBkg{background:#ECECFF;}#mermaid-svg-2kTxBTQjQLtD9suF .edgeLabel .label span{background:#ECECFF;}#mermaid-svg-2kTxBTQjQLtD9suF .classTitle{font-weight:bolder;}#mermaid-svg-2kTxBTQjQLtD9suF .node rect,#mermaid-svg-2kTxBTQjQLtD9suF .node circle,#mermaid-svg-2kTxBTQjQLtD9suF .node ellipse,#mermaid-svg-2kTxBTQjQLtD9suF .node polygon,#mermaid-svg-2kTxBTQjQLtD9suF .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-2kTxBTQjQLtD9suF .divider{stroke:#9370DB;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF g.clickable{cursor:pointer;}#mermaid-svg-2kTxBTQjQLtD9suF g.classGroup rect{fill:#ECECFF;stroke:#9370DB;}#mermaid-svg-2kTxBTQjQLtD9suF g.classGroup line{stroke:#9370DB;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF .classLabel .box{stroke:none;stroke-width:0;fill:#ECECFF;opacity:0.5;}#mermaid-svg-2kTxBTQjQLtD9suF .classLabel .label{fill:#9370DB;font-size:10px;}#mermaid-svg-2kTxBTQjQLtD9suF .relation{stroke:#333333;stroke-width:1;fill:none;}#mermaid-svg-2kTxBTQjQLtD9suF .dashed-line{stroke-dasharray:3;}#mermaid-svg-2kTxBTQjQLtD9suF .dotted-line{stroke-dasharray:1 2;}#mermaid-svg-2kTxBTQjQLtD9suF #compositionStart,#mermaid-svg-2kTxBTQjQLtD9suF .composition{fill:#333333!important;stroke:#333333!important;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF #compositionEnd,#mermaid-svg-2kTxBTQjQLtD9suF .composition{fill:#333333!important;stroke:#333333!important;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF #dependencyStart,#mermaid-svg-2kTxBTQjQLtD9suF .dependency{fill:#333333!important;stroke:#333333!important;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF #dependencyStart,#mermaid-svg-2kTxBTQjQLtD9suF .dependency{fill:#333333!important;stroke:#333333!important;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF #extensionStart,#mermaid-svg-2kTxBTQjQLtD9suF .extension{fill:transparent!important;stroke:#333333!important;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF #extensionEnd,#mermaid-svg-2kTxBTQjQLtD9suF .extension{fill:transparent!important;stroke:#333333!important;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF #aggregationStart,#mermaid-svg-2kTxBTQjQLtD9suF .aggregation{fill:transparent!important;stroke:#333333!important;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF #aggregationEnd,#mermaid-svg-2kTxBTQjQLtD9suF .aggregation{fill:transparent!important;stroke:#333333!important;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF #lollipopStart,#mermaid-svg-2kTxBTQjQLtD9suF .lollipop{fill:#ECECFF!important;stroke:#333333!important;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF #lollipopEnd,#mermaid-svg-2kTxBTQjQLtD9suF .lollipop{fill:#ECECFF!important;stroke:#333333!important;stroke-width:1;}#mermaid-svg-2kTxBTQjQLtD9suF .edgeTerminals{font-size:11px;line-height:initial;}#mermaid-svg-2kTxBTQjQLtD9suF .classTitleText{text-anchor:middle;font-size:18px;fill:#333;}#mermaid-svg-2kTxBTQjQLtD9suF .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#mermaid-svg-2kTxBTQjQLtD9suF .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#mermaid-svg-2kTxBTQjQLtD9suF :root{–mermaid-font-family:\”trebuchet ms\”,verdana,arial,sans-serif;}
AesCipherCore
+__aes_arm64_encrypt()
+__aes_arm64_decrypt()
+fround_macro()
+iround_macro()
+do_crypt_macro()
AesCipherGlue
+aes_cipher_encrypt()
+aes_cipher_decrypt()
+aes_cipher_setkey()
+crypto_aes_encrypt_one()
+crypto_aes_decrypt_one()
LookupTables
+crypto_ft_tab[]
+crypto_it_tab[]
+crypto_aes_inv_sbox[]
+crypto_aes_sbox[]
KeyExpansion
+aes_key_expansion()
+aes_inv_key_expansion()
+round_key_generation()
MacroSystem
+__pair0()
+__pair1()
+__hround()
+fround()
+iround()
AesContext
+round_keys[]
+rounds: int
+key_length: int
5. 源码深度分析
5.1 AES算法核心实现分析
5.1.1 查表法实现机制
AES基础实现的查表法通过预计算的S盒和逆S盒实现字节代换:
/*
* Scalar AES core transform using lookup tables
* Implements AES encryption/decryption using table lookups
* for S-box substitutions and mix columns operations
*/
.macro__pair1, sz, op, reg0, reg1, in0, in1e, in1d, shift
.ifc\\op\\shift, b0
ubfiz\\reg0, \\in0, #2, #8 // Extract byte and multiply by 4
ubfiz\\reg1, \\in1e, #2, #8 // for table lookup offset
.else
ubfx\\reg0, \\in0, #\\shift, #8 // Extract specific byte
ubfx\\reg1, \\in1e, #\\shift, #8 // from input register
.endif
/*
* AArch64 cannot do byte size indexed loads from a table containing
* 32-bit quantities, so perform the shift explicitly
*/
.ifnc\\op, b
ldr\\reg0, [tt, \\reg0, uxtw #2] // 32-bit table lookup
ldr\\reg1, [tt, \\reg1, uxtw #2]
.else
.if\\shift > 0
lsl\\reg0, \\reg0, #2 // Adjust offset for byte table
lsl\\reg1, \\reg1, #2
.endif
ldrb\\reg0, [tt, \\reg0, uxtw] // 8-bit table lookup
ldrb\\reg1, [tt, \\reg1, uxtw]
.endif
.endm
查表法特点:
1. 预计算优化:S盒变换预先计算存储在表中 2. 字节级操作:对每个字节独立进行查表变换 3. 并行处理:多个字节可同时进行查表 4. 缓存友好:查表访问具有良好的空间局部性 5. 计算替换:用存储空间换取计算时间
5.1.2 轮函数实现
AES加密轮函数的实现:
.macrofround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op
__hround\\out0, \\out1, \\in0, \\in1, \\in2, \\in3, \\out2, \\out3, 1, \\sz, \\op
__hround\\out2, \\out3, \\in2, \\in3, \\in0, \\in1, \\in1, \\in2, 1, \\sz, \\op
.endm
.macro__hround, out0, out1, in0, in1, in2, in3, t0, t1, enc, sz, op
ldp\\out0, \\out1, [rk], #8 // Load round key
__pair\\enc\\sz, \\op, w12, w13, \\in0, \\in1, \\in3, 0 // Byte 0,1
__pair\\enc\\sz, \\op, w14, w15, \\in1, \\in2, \\in0, 8 // Byte 1,2
__pair\\enc\\sz, \\op, w16, w17, \\in2, \\in3, \\in1, 16 // Byte 2,3
__pair\\enc\\sz, \\op, \\t0, \\t1, \\in3, \\in0, \\in2, 24 // Byte 3,0
eor\\out0, \\out0, w12 // XOR with round key
eor\\out1, \\out1, w13
eor\\out0, \\out0, w14, ror #24 // Rotate and XOR
eor\\out1, \\out1, w15, ror #24
eor\\out0, \\out0, w16, ror #16
eor\\out1, \\out1, w17, ror #16
eor\\out0, \\out0, \\t0, ror #8
eor\\out1, \\out1, \\t1, ror #8
.endm
轮函数特点:
1. 四字节并行:同时处理四个32位字 2. 查表+移位+XOR:AES轮函数的核心操作 3. 流水线友好:指令序列适合处理器流水线 4. 寄存器优化:最小化内存访问,最大化寄存器使用 5. 循环展开:编译时展开循环以提高性能
5.1.3 加密解密主循环
AES加密解密的主循环实现:
.macrodo_crypt, round, ttab, ltab, bsz
ldpw4, w5, [in] // Load input data
ldpw6, w7, [in, #8]
ldpw8, w9, [rk], #16 // Load first round key
ldpw10, w11, [rk, #-8]
CPU_BE(revw4, w4) // Handle big-endian if needed
CPU_BE(revw5, w5)
CPU_BE(revw6, w6)
CPU_BE(revw7, w7)
eorw4, w4, w8 // Initial AddRoundKey
eorw5, w5, w9
eorw6, w6, w10
eorw7, w7, w11
adr_ltt, \\ttab // Set table pointer
tbnzrounds, #1, 1f // Check if odd number of rounds
0:\\roundw8, w9, w10, w11, w4, w5, w6, w7 // Main rounds
\\roundw4, w5, w6, w7, w8, w9, w10, w11
1:subsrounds, rounds, #4 // Decrement round counter
\\roundw8, w9, w10, w11, w4, w5, w6, w7 // Continue rounds
b.ls3f // Exit if done
2:\\roundw4, w5, w6, w7, w8, w9, w10, w11 // More rounds
b0b // Loop back
3:adr_ltt, \\ltab // Last round table
\\roundw4, w5, w6, w7, w8, w9, w10, w11, \\bsz, b // Final round
CPU_BE(revw4, w4) // Handle big-endian output
CPU_BE(revw5, w5)
CPU_BE(revw6, w6)
CPU_BE(revw7, w7)
stpw4, w5, [out] // Store output
stpw6, w7, [out, #8]
ret
.endm
主循环特点:
1. 循环展开:手动展开循环以减少分支开销 2. 条件分支:根据轮数选择不同的执行路径 3. 大端处理:支持大端和小端字节序 4. 表切换:在最后一轮切换到不同的查表 5. 原子完成:单次调用完成整个块的加密/解密
5.2 C语言接口层分析
5.2.1 Glue代码实现
AES cipher glue代码实现:
// AES cipher glue functions
static int aes_cipher_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
struct aes_ctx *ctx = crypto_tfm_ctx(tfm);
__aes_arm64_encrypt(ctx->key_enc, out, in, ctx->key_length);
return 0;
}
static int aes_cipher_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
struct aes_ctx *ctx = crypto_tfm_ctx(tfm);
__aes_arm64_decrypt(ctx->key_dec, out, in, ctx->key_length);
return 0;
}
static int aes_cipher_setkey(struct crypto_tfm *tfm, const u8 *in_key,
unsigned int key_len)
{
struct aes_ctx *ctx = crypto_tfm_ctx(tfm);
switch (key_len) {
case AES_KEYSIZE_128:
ctx->key_length = 10; // 10 rounds for 128-bit
break;
case AES_KEYSIZE_192:
ctx->key_length = 12; // 12 rounds for 192-bit
break;
case AES_KEYSIZE_256:
ctx->key_length = 14; // 14 rounds for 256-bit
break;
default:
return –EINVAL;
}
// Expand encryption key
aes_expandkey(ctx->key_enc, in_key, key_len);
// Expand decryption key
aes_invert_key(ctx->key_dec, ctx->key_enc, key_len);
return 0;
}
Glue代码特点:
1. 接口适配:将crypto API适配到汇编实现 2. 上下文管理:管理AES算法上下文和密钥 3. 参数验证:验证密钥长度和输入参数 4. 密钥扩展:调用密钥扩展函数生成轮密钥 5. 错误处理:返回适当的错误码
5.2.2 单块操作接口
AES单块加密解密接口:
// Single block encryption/decryption functions
static void crypto_aes_encrypt_one(struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
{
__aes_arm64_encrypt(ctx->key_enc, out, in, ctx->key_length);
}
static void crypto_aes_decrypt_one(struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
{
__aes_arm64_decrypt(ctx->key_dec, out, in, ctx->key_length);
}
// Context structure
struct crypto_aes_ctx {
u32 key_enc[AES_MAX_KEYLENGTH_U32]; // Encryption round keys
u32 key_dec[AES_MAX_KEYLENGTH_U32]; // Decryption round keys
u32 key_length; // Number of rounds (10/12/14)
};
单块操作特点:
1. 直接调用:直接调用汇编函数,无额外开销 2. 上下文传递:通过指针传递算法上下文 3. 内存布局:优化的密钥存储布局 4. 类型安全:明确的输入输出参数类型 5. 内联友好:适合内联到更高级的加密函数
5.3 性能优化分析
5.3.1 查表优化
查表法的性能优化:
// Lookup table definitions
extern const u32 crypto_ft_tab[4][256]; // Forward table for encryption
extern const u32 crypto_it_tab[4][256]; // Inverse table for decryption
extern const u8 crypto_aes_sbox[256]; // S-box for SubBytes
extern const u8 crypto_aes_inv_sbox[256]; // Inverse S-box
// Table access optimization
#define SBOX_ACCESS(table, index) \\
({ \\
typeof(table[0]) _result; \\
asm volatile ( \\
"ldrb %w0, [%1, %w2]" \\
: "=r" (_result) \\
: "r" (table), "r" (index) \\
: "memory" \\
); \\
_result; \\
})
查表优化特点:
1. 缓存预取:查表访问的预测执行 2. 内存对齐:表的内存对齐优化 3. 预取策略:软件预取以改善缓存性能 4. 表大小优化:平衡空间和查找速度 5. 分支预测:避免条件分支的性能损失
5.3.2 指令调度优化
ARM64指令调度的优化:
// Optimized instruction scheduling for AES rounds
.macro optimized_aes_round
// Load round key first (long latency)
ldp w8, w9, [rk], #8
// Perform table lookups in parallel
__pair1 2, , w12, w13, w4, w5, w7, 0
__pair1 2, , w14, w15, w5, w6, w4, 8
// More lookups while previous complete
__pair1 2, , w16, w17, w6, w7, w5, 16
__pair1 2, , w18, w19, w7, w4, w6, 24
// XOR operations (short latency, can overlap)
eor w8, w8, w12
eor w9, w9, w13
eor w8, w8, w14, ror #24
eor w9, w9, w15, ror #24
eor w8, w8, w16, ror #16
eor w9, w9, w17, ror #16
eor w8, w8, w18, ror #8
eor w9, w9, w19, ror #8
.endm
指令调度特点:
1. 延迟隐藏:将长延迟操作与短延迟操作交织 2. 并行执行:利用超标量处理器并行执行能力 3. 流水线优化:保持处理器流水线的饱和 4. 依赖最小化:减少指令间的数据依赖 5. 资源平衡:平衡各个执行单元的负载
6. 设计模式分析
6.1 模板方法模式在AES实现中的体现
AES算法的模板化实现:
// AES algorithm template
abstract class AesAlgorithm {
// Template method defining AES encryption flow
final void encryptBlock(byte[] input, byte[] output, RoundKey[] keys) {
initializeState(input, keys[0]);
for (int round = 1; round < rounds – 1; round++) {
performRound(state, keys[round]);
}
performFinalRound(state, keys[rounds – 1]);
copyToOutput(state, output);
}
// Abstract methods to be implemented by specific variants
abstract void initializeState(byte[] input, RoundKey initialKey);
abstract void performRound(byte[] state, RoundKey key);
abstract void performFinalRound(byte[] state, RoundKey key);
abstract void copyToOutput(byte[] state, byte[] output);
protected int rounds; // Number of rounds
}
// Scalar AES implementation
class ScalarAes extends AesAlgorithm {
void initializeState(byte[] input, RoundKey initialKey) {
// AddRoundKey operation
for (int i = 0; i < 16; i++) {
state[i] = input[i] ^ initialKey.getByte(i);
}
}
void performRound(byte[] state, RoundKey key) {
// SubBytes + ShiftRows + MixColumns + AddRoundKey
substituteBytes(state);
shiftRows(state);
mixColumns(state);
addRoundKey(state, key);
}
void performFinalRound(byte[] state, RoundKey key) {
// SubBytes + ShiftRows + AddRoundKey (no MixColumns)
substituteBytes(state);
shiftRows(state);
addRoundKey(state, key);
}
void copyToOutput(byte[] state, byte[] output) {
System.arraycopy(state, 0, output, 0, 16);
}
}
6.2 策略模式在查表实现中的体现
不同的查表策略:
// Table lookup strategy interface
interface LookupStrategy {
int lookupSBox(int input);
int lookupInverseSBox(int input);
int lookupMixColumns(int input);
boolean supportsParallelLookup();
}
// Standard table lookup strategy
class StandardLookupStrategy implements LookupStrategy {
private static final int[] SBOX = crypto_aes_sbox;
private static final int[] INVERSE_SBOX = crypto_aes_inv_sbox;
private static final int[][] MIX_COLUMNS_TABLE = crypto_ft_tab;
public int lookupSBox(int input) {
return SBOX[input & 0xFF];
}
public int lookupInverseSBox(int input) {
return INVERSE_SBOX[input & 0xFF];
}
public int lookupMixColumns(int input) {
int index = input & 0xFF;
return MIX_COLUMNS_TABLE[0][index]; // Use first table
}
public boolean supportsParallelLookup() {
return false; // Standard lookup is sequential
}
}
// Optimized table lookup strategy
class OptimizedLookupStrategy implements LookupStrategy {
public int lookupSBox(int input) {
// Use bit manipulation for faster lookup
int index = input & 0xFF;
return precomputedSBox[index];
}
public int lookupInverseSBox(int input) {
int index = input & 0xFF;
return precomputedInvSBox[index];
}
public int lookupMixColumns(int input) {
// Use SIMD-friendly table layout
int index = input & 0xFF;
return optimizedMixColumnsTable[index];
}
public boolean supportsParallelLookup() {
return true; // Optimized version supports parallel lookup
}
}
// Context using lookup strategy
class AesTableLookupContext {
private LookupStrategy strategy;
public AesTableLookupContext(LookupStrategy strategy) {
this.strategy = strategy;
}
public void performSubBytes(byte[] state) {
for (int i = 0; i < 16; i++) {
state[i] = (byte) strategy.lookupSBox(state[i]);
}
}
}
6.3 组合模式在AES组件中的体现
AES组件的层次化组合:
// AES component interface
interface AesComponent {
void process(byte[] data);
int getLatency();
boolean isHardwareAccelerated();
}
// Leaf components
class SubBytesComponent implements AesComponent {
public void process(byte[] data) {
// Perform SubBytes transformation
for (int i = 0; i < data.length; i++) {
data[i] = sbox[data[i] & 0xFF];
}
}
public int getLatency() { return 1; }
public boolean isHardwareAccelerated() { return false; }
}
class ShiftRowsComponent implements AesComponent {
public void process(byte[] data) {
// Perform ShiftRows transformation
byte temp = data[1];
data[1] = data[5]; data[5] = data[9]; data[9] = data[13]; data[13] = temp;
// … more shifts
}
public int getLatency() { return 0; }
public boolean isHardwareAccelerated() { return false; }
}
class MixColumnsComponent implements AesComponent {
public void process(byte[] data) {
// Perform MixColumns transformation
for (int i = 0; i < 4; i++) {
mixSingleColumn(data, i * 4);
}
}
public int getLatency() { return 2; }
public boolean isHardwareAccelerated() { return false; }
}
// Composite component for AES round
class AesRound implements AesComponent {
private List<AesComponent> components = new ArrayList<>();
public AesRound() {
components.add(new SubBytesComponent());
components.add(new ShiftRowsComponent());
components.add(new MixColumnsComponent());
components.add(new AddRoundKeyComponent());
}
public void process(byte[] data) {
for (AesComponent component : components) {
component.process(data);
}
}
public int getLatency() {
return components.stream().mapToInt(AesComponent::getLatency).sum();
}
public boolean isHardwareAccelerated() {
return components.stream().anyMatch(AesComponent::isHardwareAccelerated);
}
}
// Composite component for complete AES
class AesCipher implements AesComponent {
private List<AesRound> rounds = new ArrayList<>();
private AesComponent initialRound;
private AesComponent finalRound;
public AesCipher(int numRounds) {
initialRound = new InitialRound();
for (int i = 0; i < numRounds – 1; i++) {
rounds.add(new AesRound());
}
finalRound = new FinalRound();
}
public void process(byte[] data) {
initialRound.process(data);
for (AesRound round : rounds) {
round.process(data);
}
finalRound.process(data);
}
public int getLatency() {
return initialRound.getLatency() +
rounds.stream().mapToInt(AesRound::getLatency).sum() +
finalRound.getLatency();
}
public boolean isHardwareAccelerated() {
return initialRound.isHardwareAccelerated() ||
rounds.stream().anyMatch(AesRound::isHardwareAccelerated) ||
finalRound.isHardwareAccelerated();
}
}
7. 状态机分析
AES加密过程的状态机:
初始状态 -> 初始轮密钥加 -> 轮函数循环 -> 最终轮函数 -> 输出结果
↑ ↓
错误处理 <———————————————————-+
↑ ↓
密钥验证 <———————————————————-+
↑ ↓
数据验证 <———————————————————-+
8. 性能优化分析
8.1 查表预取优化
查表访问的预取策略:
// Software prefetch for lookup tables
static inline void prefetch_aes_tables(void)
{
// Prefetch S-box tables
__builtin_prefetch(crypto_ft_tab, 0, 3);
__builtin_prefetch(crypto_it_tab, 0, 3);
__builtin_prefetch(crypto_aes_sbox, 0, 3);
__builtin_prefetch(crypto_aes_inv_sbox, 0, 3);
}
// Cache-aligned table definitions
__attribute__((aligned(64)))
const u32 crypto_ft_tab[4][256] = {
// Forward table data…
};
__attribute__((aligned(64)))
const u8 crypto_aes_sbox[256] = {
// S-box data…
};
8.2 循环展开优化
循环展开的性能优化:
// Unrolled AES round implementation
#define UNROLLED_AES_ROUND(state, rk) \\
do { \\
/* Round 1 */ \\
AES_SUB_BYTES(state); \\
AES_SHIFT_ROWS(state); \\
AES_MIX_COLUMNS(state); \\
AES_ADD_ROUND_KEY(state, rk[0]); \\
\\
/* Round 2 */ \\
AES_SUB_BYTES(state); \\
AES_SHIFT_ROWS(state); \\
AES_MIX_COLUMNS(state); \\
AES_ADD_ROUND_KEY(state, rk[1]); \\
\\
/* … more unrolled rounds … */ \\
} while (0)
// Conditional unrolling based on key size
static inline void aes_encrypt_unrolled(const u8 *in, u8 *out,
const u32 *rk, int rounds)
{
u32 s0, s1, s2, s3;
// Load and initial AddRoundKey
s0 = GETU32(in ) ^ rk[0];
s1 = GETU32(in + 4) ^ rk[1];
s2 = GETU32(in + 8) ^ rk[2];
s3 = GETU32(in + 12) ^ rk[3];
// Unroll rounds based on key size
switch (rounds) {
case 10: // 128-bit key
UNROLLED_ROUNDS_10(s0, s1, s2, s3, rk);
break;
case 12: // 192-bit key
UNROLLED_ROUNDS_12(s0, s1, s2, s3, rk);
break;
case 14: // 256-bit key
UNROLLED_ROUNDS_14(s0, s1, s2, s3, rk);
break;
}
// Final round (no MixColumns)
AES_SUB_BYTES_FINAL(s0, s1, s2, s3);
AES_SHIFT_ROWS(s0, s1, s2, s3);
AES_ADD_ROUND_KEY_FINAL(s0, s1, s2, s3, rk[rounds * 4]);
// Store result
PUTU32(out , s0);
PUTU32(out + 4, s1);
PUTU32(out + 8, s2);
PUTU32(out + 12, s3);
}
8.3 字节序处理优化
大端小端处理的优化:
// Optimized endianness handling
#define GETU32(p) \\
({ \\
u32 _result; \\
if (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) { \\
_result = __builtin_bswap32(*(const u32 *)(p)); \\
} else { \\
_result = *(const u32 *)(p); \\
} \\
_result; \\
})
#define PUTU32(p, v) \\
do { \\
if (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) { \\
*(u32 *)(p) = __builtin_bswap32(v); \\
} else { \\
*(u32 *)(p) = v; \\
} \\
} while (0)
// Compile-time endianness optimization
#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
#define AES_BYTESWAP(x) __builtin_bswap32(x)
#else
#define AES_BYTESWAP(x) (x)
#endif
9. 安全性考虑
9.1 侧信道攻击防护
侧信道攻击的防护措施:
// Constant-time implementations
static inline u8 constant_time_sbox_lookup(u8 input)
{
// Use constant-time table lookup to prevent timing attacks
u8 result = 0;
for (int i = 0; i < 256; i++) {
u8 mask = constant_time_eq_8(input, i);
result |= crypto_aes_sbox[i] & mask;
}
return result;
}
// Cache timing attack protection
static void flush_aes_tables_from_cache(void)
{
// Flush lookup tables from cache after use
// to prevent cache timing attacks
clflushopt(crypto_ft_tab);
clflushopt(crypto_it_tab);
clflushopt(crypto_aes_sbox);
clflushopt(crypto_aes_inv_sbox);
}
// Power analysis protection
static void randomize_aes_execution(void)
{
// Add random delays and dummy operations
// to obscure power consumption patterns
for (int i = 0; i < random_delay(); i++) {
asm volatile ("nop" ::: "memory");
}
}
9.2 内存安全防护
内存访问的安全措施:
// Bounds checking for table lookups
static inline u32 safe_table_lookup(const u32 *table, u32 index)
{
// Ensure index is within bounds
if (unlikely(index >= 256)) {
// Handle out-of-bounds access
return 0;
}
return table[index];
}
// Secure memory wiping
static void secure_wipe_aes_context(struct aes_ctx *ctx)
{
// Securely wipe sensitive key material
memzero_explicit(ctx->key_enc, sizeof(ctx->key_enc));
memzero_explicit(ctx->key_dec, sizeof(ctx->key_dec));
ctx->key_length = 0;
}
// Prevent information leakage
static void sanitize_aes_outputs(u8 *out, size_t len)
{
// Ensure no sensitive data is leaked through output
// Clear any unused bytes in output buffer
if (len > AES_BLOCK_SIZE) {
memzero_explicit(out + AES_BLOCK_SIZE, len – AES_BLOCK_SIZE);
}
}
9.3 密钥管理安全
密钥处理的安全措施:
// Secure key expansion
static int secure_aes_setkey(struct aes_ctx *ctx, const u8 *key,
unsigned int key_len)
{
// Validate key length
if (!aes_key_len_valid(key_len)) {
return –EINVAL;
}
// Use constant-time key expansion
aes_expandkey_constant_time(ctx->key_enc, key, key_len);
// Generate decryption keys
aes_invert_key_constant_time(ctx->key_dec, ctx->key_enc, key_len);
// Wipe temporary key material
memzero_explicit(key_copy, sizeof(key_copy));
return 0;
}
// Key lifetime management
static void aes_key_cleanup(struct aes_ctx *ctx)
{
// Secure cleanup when key is no longer needed
secure_wipe_aes_context(ctx);
// Prevent use-after-free
ctx->key_length = AES_KEY_INVALID;
}
// Fault injection protection
static void aes_fault_detection(struct aes_ctx *ctx)
{
// Detect and handle fault injection attempts
if (!aes_key_integrity_check(ctx)) {
// Key has been corrupted, abort operation
panic("AES key corruption detected");
}
}
10. 扩展性分析
10.1 新算法支持
扩展支持新的分组密码:
// Generic block cipher interface
struct block_cipher_ops {
int (*setkey)(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen);
void (*encrypt)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
void (*decrypt)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
int blocksize;
int keysize_min;
int keysize_max;
};
// AES cipher operations
static const struct block_cipher_ops aes_cipher_ops = {
.setkey = aes_cipher_setkey,
.encrypt = aes_cipher_encrypt,
.decrypt = aes_cipher_decrypt,
.blocksize = AES_BLOCK_SIZE,
.keysize_min = AES_MIN_KEY_SIZE,
.keysize_max = AES_MAX_KEY_SIZE,
};
// Registration with crypto framework
static struct crypto_alg aes_alg = {
.cra_name = "aes",
.cra_driver_name = "aes-arm64",
.cra_priority = 200,
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = AES_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct aes_ctx),
.cra_module = THIS_MODULE,
.cra_u = {
.cipher = {
.cia_min_keysize = AES_MIN_KEY_SIZE,
.cia_max_keysize = AES_MAX_KEY_SIZE,
.cia_setkey = aes_cipher_setkey,
.cia_encrypt = aes_cipher_encrypt,
.cia_decrypt = aes_cipher_decrypt,
}
}
};
10.2 硬件加速扩展
硬件加速的集成:
// Hardware acceleration detection
static bool aes_hw_acceleration_available(void)
{
// Check for various ARM64 crypto extensions
return cpu_have_feature(cpu_feature_aes) ||
cpu_have_feature(cpu_feature_pmull) ||
cpu_have_feature(cpu_feature_sha1) ||
cpu_have_feature(cpu_feature_sha256);
}
// Dynamic algorithm selection
static struct crypto_alg *aes_select_implementation(void)
{
if (aes_hw_acceleration_available()) {
// Use hardware-accelerated version
return &aes_ce_alg;
} else if (cpu_have_feature(cpu_feature_neon)) {
// Use NEON-accelerated version
return &aes_neon_alg;
} else {
// Use scalar implementation
return &aes_scalar_alg;
}
}
// Runtime switching
static int aes_init(struct crypto_tfm *tfm)
{
struct aes_ctx *ctx = crypto_tfm_ctx(tfm);
// Select optimal implementation at runtime
ctx->ops = aes_select_implementation();
return 0;
}
10.3 测试和验证扩展
测试框架的扩展:
// Known answer tests for AES
static const struct aes_test_vector {
const char *key;
const char *plaintext;
const char *ciphertext;
int key_len;
} aes_test_vectors[] = {
{
.key = "000102030405060708090a0b0c0d0e0f",
.plaintext = "00112233445566778899aabbccddeeff",
.ciphertext = "69c4e0d86a7b0430d8cdb78070b4c55a",
.key_len = 16,
},
// More test vectors…
};
// Test execution
static int aes_run_tests(void)
{
struct crypto_aes_ctx ctx;
u8 key[AES_MAX_KEY_SIZE];
u8 plaintext[AES_BLOCK_SIZE];
u8 ciphertext[AES_BLOCK_SIZE];
u8 expected[AES_BLOCK_SIZE];
int ret = 0;
for (int i = 0; i < ARRAY_SIZE(aes_test_vectors); i++) {
const struct aes_test_vector *tv = &aes_test_vectors[i];
// Parse test data
hex2bin(key, tv->key, tv->key_len);
hex2bin(plaintext, tv->plaintext, AES_BLOCK_SIZE);
hex2bin(expected, tv->ciphertext, AES_BLOCK_SIZE);
// Initialize context
ret = crypto_aes_set_key(&ctx, key, tv->key_len * 8);
if (ret)
goto out;
// Test encryption
crypto_aes_encrypt_one(&ctx, ciphertext, plaintext);
if (memcmp(ciphertext, expected, AES_BLOCK_SIZE) != 0) {
pr_err("AES encryption test %d failed\\n", i);
ret = –EINVAL;
goto out;
}
// Test decryption
crypto_aes_decrypt_one(&ctx, plaintext, ciphertext);
if (memcmp(plaintext, tv->plaintext, AES_BLOCK_SIZE) != 0) {
pr_err("AES decryption test %d failed\\n", i);
ret = –EINVAL;
goto out;
}
}
out:
return ret;
}
11. 调试和维护
11.1 调试信息输出
AES实现的调试支持:
// Debug logging macros
#define AES_DEBUG(fmt, ...) \\
pr_debug("AES: " fmt, ##__VA_ARGS__)
#define AES_DEBUG_KEY(ctx) \\
do { \\
AES_DEBUG("key_enc: %*ph\\n", AES_MAX_KEY_SIZE, ctx->key_enc); \\
AES_DEBUG("key_dec: %*ph\\n", AES_MAX_KEY_SIZE, ctx->key_dec); \\
AES_DEBUG("rounds: %d\\n", ctx->key_length); \\
} while (0)
#define AES_DEBUG_BLOCK(label, data) \\
AES_DEBUG("%s: %*ph\\n", label, AES_BLOCK_SIZE, data)
// Performance monitoring
static void aes_performance_stats(struct aes_ctx *ctx)
{
static atomic64_t encrypt_calls = ATOMIC_INIT(0);
static atomic64_t decrypt_calls = ATOMIC_INIT(0);
if (ctx->encrypting) {
atomic64_inc(&encrypt_calls);
} else {
atomic64_inc(&decrypt_calls);
}
if (atomic64_read(&encrypt_calls) % 1000 == 0) {
AES_DEBUG("Processed %lld encryptions, %lld decryptions\\n",
atomic64_read(&encrypt_calls),
atomic64_read(&decrypt_calls));
}
}
11.2 错误检测和恢复
错误处理机制:
// Input validation
static int aes_validate_input(const u8 *in, unsigned int len)
{
if (!in) {
AES_DEBUG("NULL input buffer\\n");
return –EINVAL;
}
if (len != AES_BLOCK_SIZE) {
AES_DEBUG("Invalid input length: %u (expected %d)\\n",
len, AES_BLOCK_SIZE);
return –EINVAL;
}
return 0;
}
// Context validation
static int aes_validate_context(struct aes_ctx *ctx)
{
if (!ctx) {
AES_DEBUG("NULL context\\n");
return –EINVAL;
}
if (ctx->key_length < AES_MIN_ROUNDS || ctx->key_length > AES_MAX_ROUNDS) {
AES_DEBUG("Invalid key length: %d\\n", ctx->key_length);
return –EINVAL;
}
// Validate key material
if (aes_key_corrupted(ctx)) {
AES_DEBUG("Key corruption detected\\n");
return –EINVAL;
}
return 0;
}
// Recovery mechanisms
static void aes_recover_from_error(struct aes_ctx *ctx)
{
// Attempt to recover corrupted context
if (aes_can_recover(ctx)) {
aes_reinitialize_context(ctx);
AES_DEBUG("Context recovered from error\\n");
} else {
// Force re-keying
ctx->key_length = 0;
AES_DEBUG("Context reset due to unrecoverable error\\n");
}
}
12. 未来发展方向
随着ARM64架构和密码学技术的发展,AES基础实现子模块将:
1. 支持更多密钥长度:扩展支持192位和256位密钥的优化 2. 集成新指令集:利用ARMv9的新密码学指令 3. 增强安全性:实现更强的侧信道攻击防护 4. 性能优化:利用新的微架构特性提升性能 5. 内存优化:减少内存占用和缓存压力
13. 总结
ARM64 crypto AES基础实现子模块作为ARM64加密子系统的基础组件,提供了一种高效、纯软件的AES实现。该模块通过精心设计的查表法和位操作,在保持代码简洁的同时实现了高性能的AES运算。虽然没有利用专门的硬件加速,但通过优化的算法实现和指令调度,在通用处理器上提供了接近硬件加速的性能表现。源码分析显示,模块采用了查表优化、循环展开、指令调度等经典的软件加密优化技术,为ARM64平台提供了可靠的AES加密基础。
评论前必须登录!
注册