Revert MI AES-XTS code back to T-tables amid poor performance

Suffered by many, the revert tested by stsp@.

4 files changed, 17 insertions, 14 deletions

diff --git a/regress/sys/crypto/aesxts/Makefile b/regress/sys/crypto/aesxts/Makefile
index 4c47348d9c8..ddb6e9edfef 100644
--- a/regress/sys/crypto/aesxts/Makefile
+++ b/regress/sys/crypto/aesxts/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.5 2017/05/02 11:46:00 mikeb Exp $
+#       $OpenBSD: Makefile,v 1.6 2017/05/17 17:54:29 mikeb Exp $
 
 DIR=	${.CURDIR}/../../../../sys
 
@@ -21,7 +21,7 @@ REGRESS_TARGETS=	run-regress-${PROG}
 
 .PATH:  ${DIR}/crypto
 SRCS+=	cast.c ecb_enc.c ecb3_enc.c gmac.c aes.c set_key.c
-SRCS+=	chachapoly.c poly1305.c
+SRCS+=	rijndael.c chachapoly.c poly1305.c
 SRCS+=	xform.c
 
 run-regress-${PROG}: ${PROG}
diff --git a/regress/sys/crypto/aesxts/aes_xts.c b/regress/sys/crypto/aesxts/aes_xts.c
index 861d143bac6..7c987d01bba 100644
--- a/regress/sys/crypto/aesxts/aes_xts.c
+++ b/regress/sys/crypto/aesxts/aes_xts.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: aes_xts.c,v 1.3 2017/05/02 11:46:00 mikeb Exp $  */
+/*      $OpenBSD: aes_xts.c,v 1.4 2017/05/17 17:54:29 mikeb Exp $  */
 
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include <sys/types.h>
-#include <crypto/aes.h>
+#include <crypto/rijndael.h>
 #include <err.h>
 #include <fcntl.h>
 #include <stdio.h>
@@ -37,8 +37,8 @@
 #define	AES_XTS_BLOCKSIZE	16
 
 struct aes_xts_ctx {
-	AES_CTX key1;
-	AES_CTX key2;
+	rijndael_ctx key1;
+	rijndael_ctx key2;
 	u_int8_t tweak[AES_XTS_BLOCKSIZE];
 };
 
diff --git a/sys/crypto/aes.h b/sys/crypto/aes.h
index a670a2b522c..9718115fc65 100644
--- a/sys/crypto/aes.h
+++ b/sys/crypto/aes.h
@@ -26,7 +26,9 @@
 #ifndef _AES_H_
 #define _AES_H_
 
+#ifndef AES_MAXROUNDS
 #define AES_MAXROUNDS	(14)
+#endif
 
 typedef struct aes_ctx {
 	uint32_t sk[60];
diff --git a/sys/crypto/xform.c b/sys/crypto/xform.c
index 0579345f4f1..71e173b44fd 100644
--- a/sys/crypto/xform.c
+++ b/sys/crypto/xform.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: xform.c,v 1.56 2017/05/02 11:44:32 mikeb Exp $	*/
+/*	$OpenBSD: xform.c,v 1.57 2017/05/17 17:54:29 mikeb Exp $	*/
 /*
  * The authors of this code are John Ioannidis (ji@tla.org),
  * Angelos D. Keromytis (kermit@csd.uch.gr),
@@ -59,6 +59,7 @@
 #include <crypto/rmd160.h>
 #include <crypto/blf.h>
 #include <crypto/cast.h>
+#include <crypto/rijndael.h>
 #include <crypto/aes.h>
 #include <crypto/cryptodev.h>
 #include <crypto/xform.h>
@@ -121,8 +122,8 @@ struct aes_ctr_ctx {
 #define AES_XTS_ALPHA		0x87	/* GF(2^128) generator polynomial */
 
 struct aes_xts_ctx {
-	AES_CTX key1;
-	AES_CTX key2;
+	rijndael_ctx key1;
+	rijndael_ctx key2;
 	u_int8_t tweak[AES_XTS_BLOCKSIZE];
 };
 
@@ -496,7 +497,7 @@ aes_xts_reinit(caddr_t key, u_int8_t *iv)
 	/* Last 64 bits of IV are always zero */
 	bzero(ctx->tweak + AES_XTS_IVSIZE, AES_XTS_IVSIZE);
 
-	AES_Encrypt(&ctx->key2, ctx->tweak, ctx->tweak);
+	rijndael_encrypt(&ctx->key2, ctx->tweak, ctx->tweak);
 }
 
 void
@@ -509,9 +510,9 @@ aes_xts_crypt(struct aes_xts_ctx *ctx, u_int8_t *data, u_int do_encrypt)
 		block[i] = data[i] ^ ctx->tweak[i];
 
 	if (do_encrypt)
-		AES_Encrypt(&ctx->key1, block, data);
+		rijndael_encrypt(&ctx->key1, block, data);
 	else
-		AES_Decrypt(&ctx->key1, block, data);
+		rijndael_decrypt(&ctx->key1, block, data);
 
 	for (i = 0; i < AES_XTS_BLOCKSIZE; i++)
 		data[i] ^= ctx->tweak[i];
@@ -550,8 +551,8 @@ aes_xts_setkey(void *sched, u_int8_t *key, int len)
 
 	ctx = (struct aes_xts_ctx *)sched;
 
-	AES_Setkey(&ctx->key1, key, len / 2);
-	AES_Setkey(&ctx->key2, key + (len / 2), len / 2);
+	rijndael_set_key(&ctx->key1, key, len * 4);
+	rijndael_set_key(&ctx->key2, key + (len / 2), len * 4);
 
 	return 0;
 }