libsec: AES-NI support for amd64

Add assembler versions for aes_encrypt/aes_decrypt and the key
setup using AES-NI instruction set. This makes aes_encrypt and
aes_decrypt into function pointers which get initialized by
the first call to setupAESstate().

Note that the expanded round key words are *NOT* stored in big
endian order as with the portable implementation. For that reason
the AESstate.ekey and AESstate.dkey fields have been changed to
void* forcing an error when someone is accessing the roundkey
words. One offender was aesXCBmac, which doesnt appear to be
used and the code looks horrible so it has been deleted.

The AES-NI implementation is for amd64 only as it requires the
kernel to save/restore the FPU state across syscalls and
pagefaults.

2 files changed, 2 insertions, 1 deletions

diff --git a/sys/src/ape/lib/sec/amd64/mkfile b/sys/src/ape/lib/sec/amd64/mkfile
index 41f49d2ae..f11c532a6 100644
--- a/sys/src/ape/lib/sec/amd64/mkfile
+++ b/sys/src/ape/lib/sec/amd64/mkfile
@@ -5,6 +5,7 @@ LIB=/$objtype/lib/ape/libsec.a
 FILES=\
 	md5block\
 	sha1block\
+	aesni\
 
 HFILES=/sys/include/ape/libsec.h
 
diff --git a/sys/src/ape/lib/sec/port/mkfile b/sys/src/ape/lib/sec/port/mkfile
index d87e859f2..b25156cba 100644
--- a/sys/src/ape/lib/sec/port/mkfile
+++ b/sys/src/ape/lib/sec/port/mkfile
@@ -4,7 +4,7 @@ APE=/sys/src/ape
 LIB=/$objtype/lib/ape/libsec.a
 
 CFILES = des.c desmodes.c desECB.c desCBC.c des3ECB.c des3CBC.c\
-	aes.c aesCBC.c aesCFB.c aesOFB.c aesXCBmac.c aes_gcm.c \
+	aes.c aesni.c aesCBC.c aesCFB.c aesOFB.c aes_gcm.c \
 	blowfish.c \
 	hmac.c md5.c md5block.c md4.c sha1.c sha1block.c\
 	sha2_64.c sha2_128.c sha2block64.c sha2block128.c\