]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - arch/x86/crypto/aesni-intel_glue.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/git...
[mirror_ubuntu-artful-kernel.git] / arch / x86 / crypto / aesni-intel_glue.c
1 /*
2 * Support for Intel AES-NI instructions. This file contains glue
3 * code, the real AES implementation is in intel-aes_asm.S.
4 *
5 * Copyright (C) 2008, Intel Corp.
6 * Author: Huang Ying <ying.huang@intel.com>
7 *
8 * Added RFC4106 AES-GCM support for 128-bit keys under the AEAD
9 * interface for 64-bit kernels.
10 * Authors: Adrian Hoban <adrian.hoban@intel.com>
11 * Gabriele Paoloni <gabriele.paoloni@intel.com>
12 * Tadeusz Struk (tadeusz.struk@intel.com)
13 * Aidan O'Mahony (aidan.o.mahony@intel.com)
14 * Copyright (c) 2010, Intel Corporation.
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 */
21
22 #include <linux/hardirq.h>
23 #include <linux/types.h>
24 #include <linux/module.h>
25 #include <linux/err.h>
26 #include <crypto/algapi.h>
27 #include <crypto/aes.h>
28 #include <crypto/cryptd.h>
29 #include <crypto/ctr.h>
30 #include <crypto/b128ops.h>
31 #include <crypto/xts.h>
32 #include <asm/cpu_device_id.h>
33 #include <asm/fpu/api.h>
34 #include <asm/crypto/aes.h>
35 #include <crypto/scatterwalk.h>
36 #include <crypto/internal/aead.h>
37 #include <crypto/internal/simd.h>
38 #include <crypto/internal/skcipher.h>
39 #include <linux/workqueue.h>
40 #include <linux/spinlock.h>
41 #ifdef CONFIG_X86_64
42 #include <asm/crypto/glue_helper.h>
43 #endif
44
45
46 #define AESNI_ALIGN 16
47 #define AESNI_ALIGN_ATTR __attribute__ ((__aligned__(AESNI_ALIGN)))
48 #define AES_BLOCK_MASK (~(AES_BLOCK_SIZE - 1))
49 #define RFC4106_HASH_SUBKEY_SIZE 16
50 #define AESNI_ALIGN_EXTRA ((AESNI_ALIGN - 1) & ~(CRYPTO_MINALIGN - 1))
51 #define CRYPTO_AES_CTX_SIZE (sizeof(struct crypto_aes_ctx) + AESNI_ALIGN_EXTRA)
52 #define XTS_AES_CTX_SIZE (sizeof(struct aesni_xts_ctx) + AESNI_ALIGN_EXTRA)
53
54 /* This data is stored at the end of the crypto_tfm struct.
55 * It's a type of per "session" data storage location.
56 * This needs to be 16 byte aligned.
57 */
58 struct aesni_rfc4106_gcm_ctx {
59 u8 hash_subkey[16] AESNI_ALIGN_ATTR;
60 struct crypto_aes_ctx aes_key_expanded AESNI_ALIGN_ATTR;
61 u8 nonce[4];
62 };
63
64 struct generic_gcmaes_ctx {
65 u8 hash_subkey[16] AESNI_ALIGN_ATTR;
66 struct crypto_aes_ctx aes_key_expanded AESNI_ALIGN_ATTR;
67 };
68
69 struct aesni_xts_ctx {
70 u8 raw_tweak_ctx[sizeof(struct crypto_aes_ctx)] AESNI_ALIGN_ATTR;
71 u8 raw_crypt_ctx[sizeof(struct crypto_aes_ctx)] AESNI_ALIGN_ATTR;
72 };
73
74 asmlinkage int aesni_set_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
75 unsigned int key_len);
76 asmlinkage void aesni_enc(struct crypto_aes_ctx *ctx, u8 *out,
77 const u8 *in);
78 asmlinkage void aesni_dec(struct crypto_aes_ctx *ctx, u8 *out,
79 const u8 *in);
80 asmlinkage void aesni_ecb_enc(struct crypto_aes_ctx *ctx, u8 *out,
81 const u8 *in, unsigned int len);
82 asmlinkage void aesni_ecb_dec(struct crypto_aes_ctx *ctx, u8 *out,
83 const u8 *in, unsigned int len);
84 asmlinkage void aesni_cbc_enc(struct crypto_aes_ctx *ctx, u8 *out,
85 const u8 *in, unsigned int len, u8 *iv);
86 asmlinkage void aesni_cbc_dec(struct crypto_aes_ctx *ctx, u8 *out,
87 const u8 *in, unsigned int len, u8 *iv);
88
89 int crypto_fpu_init(void);
90 void crypto_fpu_exit(void);
91
92 #define AVX_GEN2_OPTSIZE 640
93 #define AVX_GEN4_OPTSIZE 4096
94
95 #ifdef CONFIG_X86_64
96
97 static void (*aesni_ctr_enc_tfm)(struct crypto_aes_ctx *ctx, u8 *out,
98 const u8 *in, unsigned int len, u8 *iv);
99 asmlinkage void aesni_ctr_enc(struct crypto_aes_ctx *ctx, u8 *out,
100 const u8 *in, unsigned int len, u8 *iv);
101
102 asmlinkage void aesni_xts_crypt8(struct crypto_aes_ctx *ctx, u8 *out,
103 const u8 *in, bool enc, u8 *iv);
104
105 /* asmlinkage void aesni_gcm_enc()
106 * void *ctx, AES Key schedule. Starts on a 16 byte boundary.
107 * u8 *out, Ciphertext output. Encrypt in-place is allowed.
108 * const u8 *in, Plaintext input
109 * unsigned long plaintext_len, Length of data in bytes for encryption.
110 * u8 *iv, Pre-counter block j0: 12 byte IV concatenated with 0x00000001.
111 * 16-byte aligned pointer.
112 * u8 *hash_subkey, the Hash sub key input. Data starts on a 16-byte boundary.
113 * const u8 *aad, Additional Authentication Data (AAD)
114 * unsigned long aad_len, Length of AAD in bytes.
115 * u8 *auth_tag, Authenticated Tag output.
116 * unsigned long auth_tag_len), Authenticated Tag Length in bytes.
117 * Valid values are 16 (most likely), 12 or 8.
118 */
119 asmlinkage void aesni_gcm_enc(void *ctx, u8 *out,
120 const u8 *in, unsigned long plaintext_len, u8 *iv,
121 u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
122 u8 *auth_tag, unsigned long auth_tag_len);
123
124 /* asmlinkage void aesni_gcm_dec()
125 * void *ctx, AES Key schedule. Starts on a 16 byte boundary.
126 * u8 *out, Plaintext output. Decrypt in-place is allowed.
127 * const u8 *in, Ciphertext input
128 * unsigned long ciphertext_len, Length of data in bytes for decryption.
129 * u8 *iv, Pre-counter block j0: 12 byte IV concatenated with 0x00000001.
130 * 16-byte aligned pointer.
131 * u8 *hash_subkey, the Hash sub key input. Data starts on a 16-byte boundary.
132 * const u8 *aad, Additional Authentication Data (AAD)
133 * unsigned long aad_len, Length of AAD in bytes. With RFC4106 this is going
134 * to be 8 or 12 bytes
135 * u8 *auth_tag, Authenticated Tag output.
136 * unsigned long auth_tag_len) Authenticated Tag Length in bytes.
137 * Valid values are 16 (most likely), 12 or 8.
138 */
139 asmlinkage void aesni_gcm_dec(void *ctx, u8 *out,
140 const u8 *in, unsigned long ciphertext_len, u8 *iv,
141 u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
142 u8 *auth_tag, unsigned long auth_tag_len);
143
144
145 #ifdef CONFIG_AS_AVX
146 asmlinkage void aes_ctr_enc_128_avx_by8(const u8 *in, u8 *iv,
147 void *keys, u8 *out, unsigned int num_bytes);
148 asmlinkage void aes_ctr_enc_192_avx_by8(const u8 *in, u8 *iv,
149 void *keys, u8 *out, unsigned int num_bytes);
150 asmlinkage void aes_ctr_enc_256_avx_by8(const u8 *in, u8 *iv,
151 void *keys, u8 *out, unsigned int num_bytes);
152 /*
153 * asmlinkage void aesni_gcm_precomp_avx_gen2()
154 * gcm_data *my_ctx_data, context data
155 * u8 *hash_subkey, the Hash sub key input. Data starts on a 16-byte boundary.
156 */
157 asmlinkage void aesni_gcm_precomp_avx_gen2(void *my_ctx_data, u8 *hash_subkey);
158
159 asmlinkage void aesni_gcm_enc_avx_gen2(void *ctx, u8 *out,
160 const u8 *in, unsigned long plaintext_len, u8 *iv,
161 const u8 *aad, unsigned long aad_len,
162 u8 *auth_tag, unsigned long auth_tag_len);
163
164 asmlinkage void aesni_gcm_dec_avx_gen2(void *ctx, u8 *out,
165 const u8 *in, unsigned long ciphertext_len, u8 *iv,
166 const u8 *aad, unsigned long aad_len,
167 u8 *auth_tag, unsigned long auth_tag_len);
168
169 static void aesni_gcm_enc_avx(void *ctx, u8 *out,
170 const u8 *in, unsigned long plaintext_len, u8 *iv,
171 u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
172 u8 *auth_tag, unsigned long auth_tag_len)
173 {
174 struct crypto_aes_ctx *aes_ctx = (struct crypto_aes_ctx*)ctx;
175 if ((plaintext_len < AVX_GEN2_OPTSIZE) || (aes_ctx-> key_length != AES_KEYSIZE_128)){
176 aesni_gcm_enc(ctx, out, in, plaintext_len, iv, hash_subkey, aad,
177 aad_len, auth_tag, auth_tag_len);
178 } else {
179 aesni_gcm_precomp_avx_gen2(ctx, hash_subkey);
180 aesni_gcm_enc_avx_gen2(ctx, out, in, plaintext_len, iv, aad,
181 aad_len, auth_tag, auth_tag_len);
182 }
183 }
184
185 static void aesni_gcm_dec_avx(void *ctx, u8 *out,
186 const u8 *in, unsigned long ciphertext_len, u8 *iv,
187 u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
188 u8 *auth_tag, unsigned long auth_tag_len)
189 {
190 struct crypto_aes_ctx *aes_ctx = (struct crypto_aes_ctx*)ctx;
191 if ((ciphertext_len < AVX_GEN2_OPTSIZE) || (aes_ctx-> key_length != AES_KEYSIZE_128)) {
192 aesni_gcm_dec(ctx, out, in, ciphertext_len, iv, hash_subkey, aad,
193 aad_len, auth_tag, auth_tag_len);
194 } else {
195 aesni_gcm_precomp_avx_gen2(ctx, hash_subkey);
196 aesni_gcm_dec_avx_gen2(ctx, out, in, ciphertext_len, iv, aad,
197 aad_len, auth_tag, auth_tag_len);
198 }
199 }
200 #endif
201
202 #ifdef CONFIG_AS_AVX2
203 /*
204 * asmlinkage void aesni_gcm_precomp_avx_gen4()
205 * gcm_data *my_ctx_data, context data
206 * u8 *hash_subkey, the Hash sub key input. Data starts on a 16-byte boundary.
207 */
208 asmlinkage void aesni_gcm_precomp_avx_gen4(void *my_ctx_data, u8 *hash_subkey);
209
210 asmlinkage void aesni_gcm_enc_avx_gen4(void *ctx, u8 *out,
211 const u8 *in, unsigned long plaintext_len, u8 *iv,
212 const u8 *aad, unsigned long aad_len,
213 u8 *auth_tag, unsigned long auth_tag_len);
214
215 asmlinkage void aesni_gcm_dec_avx_gen4(void *ctx, u8 *out,
216 const u8 *in, unsigned long ciphertext_len, u8 *iv,
217 const u8 *aad, unsigned long aad_len,
218 u8 *auth_tag, unsigned long auth_tag_len);
219
220 static void aesni_gcm_enc_avx2(void *ctx, u8 *out,
221 const u8 *in, unsigned long plaintext_len, u8 *iv,
222 u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
223 u8 *auth_tag, unsigned long auth_tag_len)
224 {
225 struct crypto_aes_ctx *aes_ctx = (struct crypto_aes_ctx*)ctx;
226 if ((plaintext_len < AVX_GEN2_OPTSIZE) || (aes_ctx-> key_length != AES_KEYSIZE_128)) {
227 aesni_gcm_enc(ctx, out, in, plaintext_len, iv, hash_subkey, aad,
228 aad_len, auth_tag, auth_tag_len);
229 } else if (plaintext_len < AVX_GEN4_OPTSIZE) {
230 aesni_gcm_precomp_avx_gen2(ctx, hash_subkey);
231 aesni_gcm_enc_avx_gen2(ctx, out, in, plaintext_len, iv, aad,
232 aad_len, auth_tag, auth_tag_len);
233 } else {
234 aesni_gcm_precomp_avx_gen4(ctx, hash_subkey);
235 aesni_gcm_enc_avx_gen4(ctx, out, in, plaintext_len, iv, aad,
236 aad_len, auth_tag, auth_tag_len);
237 }
238 }
239
240 static void aesni_gcm_dec_avx2(void *ctx, u8 *out,
241 const u8 *in, unsigned long ciphertext_len, u8 *iv,
242 u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
243 u8 *auth_tag, unsigned long auth_tag_len)
244 {
245 struct crypto_aes_ctx *aes_ctx = (struct crypto_aes_ctx*)ctx;
246 if ((ciphertext_len < AVX_GEN2_OPTSIZE) || (aes_ctx-> key_length != AES_KEYSIZE_128)) {
247 aesni_gcm_dec(ctx, out, in, ciphertext_len, iv, hash_subkey,
248 aad, aad_len, auth_tag, auth_tag_len);
249 } else if (ciphertext_len < AVX_GEN4_OPTSIZE) {
250 aesni_gcm_precomp_avx_gen2(ctx, hash_subkey);
251 aesni_gcm_dec_avx_gen2(ctx, out, in, ciphertext_len, iv, aad,
252 aad_len, auth_tag, auth_tag_len);
253 } else {
254 aesni_gcm_precomp_avx_gen4(ctx, hash_subkey);
255 aesni_gcm_dec_avx_gen4(ctx, out, in, ciphertext_len, iv, aad,
256 aad_len, auth_tag, auth_tag_len);
257 }
258 }
259 #endif
260
261 static void (*aesni_gcm_enc_tfm)(void *ctx, u8 *out,
262 const u8 *in, unsigned long plaintext_len, u8 *iv,
263 u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
264 u8 *auth_tag, unsigned long auth_tag_len);
265
266 static void (*aesni_gcm_dec_tfm)(void *ctx, u8 *out,
267 const u8 *in, unsigned long ciphertext_len, u8 *iv,
268 u8 *hash_subkey, const u8 *aad, unsigned long aad_len,
269 u8 *auth_tag, unsigned long auth_tag_len);
270
271 static inline struct
272 aesni_rfc4106_gcm_ctx *aesni_rfc4106_gcm_ctx_get(struct crypto_aead *tfm)
273 {
274 unsigned long align = AESNI_ALIGN;
275
276 if (align <= crypto_tfm_ctx_alignment())
277 align = 1;
278 return PTR_ALIGN(crypto_aead_ctx(tfm), align);
279 }
280
281 static inline struct
282 generic_gcmaes_ctx *generic_gcmaes_ctx_get(struct crypto_aead *tfm)
283 {
284 unsigned long align = AESNI_ALIGN;
285
286 if (align <= crypto_tfm_ctx_alignment())
287 align = 1;
288 return PTR_ALIGN(crypto_aead_ctx(tfm), align);
289 }
290 #endif
291
292 static inline struct crypto_aes_ctx *aes_ctx(void *raw_ctx)
293 {
294 unsigned long addr = (unsigned long)raw_ctx;
295 unsigned long align = AESNI_ALIGN;
296
297 if (align <= crypto_tfm_ctx_alignment())
298 align = 1;
299 return (struct crypto_aes_ctx *)ALIGN(addr, align);
300 }
301
302 static int aes_set_key_common(struct crypto_tfm *tfm, void *raw_ctx,
303 const u8 *in_key, unsigned int key_len)
304 {
305 struct crypto_aes_ctx *ctx = aes_ctx(raw_ctx);
306 u32 *flags = &tfm->crt_flags;
307 int err;
308
309 if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 &&
310 key_len != AES_KEYSIZE_256) {
311 *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
312 return -EINVAL;
313 }
314
315 if (!irq_fpu_usable())
316 err = crypto_aes_expand_key(ctx, in_key, key_len);
317 else {
318 kernel_fpu_begin();
319 err = aesni_set_key(ctx, in_key, key_len);
320 kernel_fpu_end();
321 }
322
323 return err;
324 }
325
326 static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
327 unsigned int key_len)
328 {
329 return aes_set_key_common(tfm, crypto_tfm_ctx(tfm), in_key, key_len);
330 }
331
332 static void aes_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
333 {
334 struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
335
336 if (!irq_fpu_usable())
337 crypto_aes_encrypt_x86(ctx, dst, src);
338 else {
339 kernel_fpu_begin();
340 aesni_enc(ctx, dst, src);
341 kernel_fpu_end();
342 }
343 }
344
345 static void aes_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
346 {
347 struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
348
349 if (!irq_fpu_usable())
350 crypto_aes_decrypt_x86(ctx, dst, src);
351 else {
352 kernel_fpu_begin();
353 aesni_dec(ctx, dst, src);
354 kernel_fpu_end();
355 }
356 }
357
358 static void __aes_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
359 {
360 struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
361
362 aesni_enc(ctx, dst, src);
363 }
364
365 static void __aes_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
366 {
367 struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
368
369 aesni_dec(ctx, dst, src);
370 }
371
372 static int aesni_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
373 unsigned int len)
374 {
375 return aes_set_key_common(crypto_skcipher_tfm(tfm),
376 crypto_skcipher_ctx(tfm), key, len);
377 }
378
379 static int ecb_encrypt(struct skcipher_request *req)
380 {
381 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
382 struct crypto_aes_ctx *ctx = aes_ctx(crypto_skcipher_ctx(tfm));
383 struct skcipher_walk walk;
384 unsigned int nbytes;
385 int err;
386
387 err = skcipher_walk_virt(&walk, req, true);
388
389 kernel_fpu_begin();
390 while ((nbytes = walk.nbytes)) {
391 aesni_ecb_enc(ctx, walk.dst.virt.addr, walk.src.virt.addr,
392 nbytes & AES_BLOCK_MASK);
393 nbytes &= AES_BLOCK_SIZE - 1;
394 err = skcipher_walk_done(&walk, nbytes);
395 }
396 kernel_fpu_end();
397
398 return err;
399 }
400
401 static int ecb_decrypt(struct skcipher_request *req)
402 {
403 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
404 struct crypto_aes_ctx *ctx = aes_ctx(crypto_skcipher_ctx(tfm));
405 struct skcipher_walk walk;
406 unsigned int nbytes;
407 int err;
408
409 err = skcipher_walk_virt(&walk, req, true);
410
411 kernel_fpu_begin();
412 while ((nbytes = walk.nbytes)) {
413 aesni_ecb_dec(ctx, walk.dst.virt.addr, walk.src.virt.addr,
414 nbytes & AES_BLOCK_MASK);
415 nbytes &= AES_BLOCK_SIZE - 1;
416 err = skcipher_walk_done(&walk, nbytes);
417 }
418 kernel_fpu_end();
419
420 return err;
421 }
422
423 static int cbc_encrypt(struct skcipher_request *req)
424 {
425 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
426 struct crypto_aes_ctx *ctx = aes_ctx(crypto_skcipher_ctx(tfm));
427 struct skcipher_walk walk;
428 unsigned int nbytes;
429 int err;
430
431 err = skcipher_walk_virt(&walk, req, true);
432
433 kernel_fpu_begin();
434 while ((nbytes = walk.nbytes)) {
435 aesni_cbc_enc(ctx, walk.dst.virt.addr, walk.src.virt.addr,
436 nbytes & AES_BLOCK_MASK, walk.iv);
437 nbytes &= AES_BLOCK_SIZE - 1;
438 err = skcipher_walk_done(&walk, nbytes);
439 }
440 kernel_fpu_end();
441
442 return err;
443 }
444
445 static int cbc_decrypt(struct skcipher_request *req)
446 {
447 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
448 struct crypto_aes_ctx *ctx = aes_ctx(crypto_skcipher_ctx(tfm));
449 struct skcipher_walk walk;
450 unsigned int nbytes;
451 int err;
452
453 err = skcipher_walk_virt(&walk, req, true);
454
455 kernel_fpu_begin();
456 while ((nbytes = walk.nbytes)) {
457 aesni_cbc_dec(ctx, walk.dst.virt.addr, walk.src.virt.addr,
458 nbytes & AES_BLOCK_MASK, walk.iv);
459 nbytes &= AES_BLOCK_SIZE - 1;
460 err = skcipher_walk_done(&walk, nbytes);
461 }
462 kernel_fpu_end();
463
464 return err;
465 }
466
467 #ifdef CONFIG_X86_64
468 static void ctr_crypt_final(struct crypto_aes_ctx *ctx,
469 struct skcipher_walk *walk)
470 {
471 u8 *ctrblk = walk->iv;
472 u8 keystream[AES_BLOCK_SIZE];
473 u8 *src = walk->src.virt.addr;
474 u8 *dst = walk->dst.virt.addr;
475 unsigned int nbytes = walk->nbytes;
476
477 aesni_enc(ctx, keystream, ctrblk);
478 crypto_xor(keystream, src, nbytes);
479 memcpy(dst, keystream, nbytes);
480 crypto_inc(ctrblk, AES_BLOCK_SIZE);
481 }
482
483 #ifdef CONFIG_AS_AVX
484 static void aesni_ctr_enc_avx_tfm(struct crypto_aes_ctx *ctx, u8 *out,
485 const u8 *in, unsigned int len, u8 *iv)
486 {
487 /*
488 * based on key length, override with the by8 version
489 * of ctr mode encryption/decryption for improved performance
490 * aes_set_key_common() ensures that key length is one of
491 * {128,192,256}
492 */
493 if (ctx->key_length == AES_KEYSIZE_128)
494 aes_ctr_enc_128_avx_by8(in, iv, (void *)ctx, out, len);
495 else if (ctx->key_length == AES_KEYSIZE_192)
496 aes_ctr_enc_192_avx_by8(in, iv, (void *)ctx, out, len);
497 else
498 aes_ctr_enc_256_avx_by8(in, iv, (void *)ctx, out, len);
499 }
500 #endif
501
502 static int ctr_crypt(struct skcipher_request *req)
503 {
504 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
505 struct crypto_aes_ctx *ctx = aes_ctx(crypto_skcipher_ctx(tfm));
506 struct skcipher_walk walk;
507 unsigned int nbytes;
508 int err;
509
510 err = skcipher_walk_virt(&walk, req, true);
511
512 kernel_fpu_begin();
513 while ((nbytes = walk.nbytes) >= AES_BLOCK_SIZE) {
514 aesni_ctr_enc_tfm(ctx, walk.dst.virt.addr, walk.src.virt.addr,
515 nbytes & AES_BLOCK_MASK, walk.iv);
516 nbytes &= AES_BLOCK_SIZE - 1;
517 err = skcipher_walk_done(&walk, nbytes);
518 }
519 if (walk.nbytes) {
520 ctr_crypt_final(ctx, &walk);
521 err = skcipher_walk_done(&walk, 0);
522 }
523 kernel_fpu_end();
524
525 return err;
526 }
527
528 static int xts_aesni_setkey(struct crypto_skcipher *tfm, const u8 *key,
529 unsigned int keylen)
530 {
531 struct aesni_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
532 int err;
533
534 err = xts_verify_key(tfm, key, keylen);
535 if (err)
536 return err;
537
538 keylen /= 2;
539
540 /* first half of xts-key is for crypt */
541 err = aes_set_key_common(crypto_skcipher_tfm(tfm), ctx->raw_crypt_ctx,
542 key, keylen);
543 if (err)
544 return err;
545
546 /* second half of xts-key is for tweak */
547 return aes_set_key_common(crypto_skcipher_tfm(tfm), ctx->raw_tweak_ctx,
548 key + keylen, keylen);
549 }
550
551
552 static void aesni_xts_tweak(void *ctx, u8 *out, const u8 *in)
553 {
554 aesni_enc(ctx, out, in);
555 }
556
557 static void aesni_xts_enc(void *ctx, u128 *dst, const u128 *src, le128 *iv)
558 {
559 glue_xts_crypt_128bit_one(ctx, dst, src, iv, GLUE_FUNC_CAST(aesni_enc));
560 }
561
562 static void aesni_xts_dec(void *ctx, u128 *dst, const u128 *src, le128 *iv)
563 {
564 glue_xts_crypt_128bit_one(ctx, dst, src, iv, GLUE_FUNC_CAST(aesni_dec));
565 }
566
567 static void aesni_xts_enc8(void *ctx, u128 *dst, const u128 *src, le128 *iv)
568 {
569 aesni_xts_crypt8(ctx, (u8 *)dst, (const u8 *)src, true, (u8 *)iv);
570 }
571
572 static void aesni_xts_dec8(void *ctx, u128 *dst, const u128 *src, le128 *iv)
573 {
574 aesni_xts_crypt8(ctx, (u8 *)dst, (const u8 *)src, false, (u8 *)iv);
575 }
576
577 static const struct common_glue_ctx aesni_enc_xts = {
578 .num_funcs = 2,
579 .fpu_blocks_limit = 1,
580
581 .funcs = { {
582 .num_blocks = 8,
583 .fn_u = { .xts = GLUE_XTS_FUNC_CAST(aesni_xts_enc8) }
584 }, {
585 .num_blocks = 1,
586 .fn_u = { .xts = GLUE_XTS_FUNC_CAST(aesni_xts_enc) }
587 } }
588 };
589
590 static const struct common_glue_ctx aesni_dec_xts = {
591 .num_funcs = 2,
592 .fpu_blocks_limit = 1,
593
594 .funcs = { {
595 .num_blocks = 8,
596 .fn_u = { .xts = GLUE_XTS_FUNC_CAST(aesni_xts_dec8) }
597 }, {
598 .num_blocks = 1,
599 .fn_u = { .xts = GLUE_XTS_FUNC_CAST(aesni_xts_dec) }
600 } }
601 };
602
603 static int xts_encrypt(struct skcipher_request *req)
604 {
605 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
606 struct aesni_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
607
608 return glue_xts_req_128bit(&aesni_enc_xts, req,
609 XTS_TWEAK_CAST(aesni_xts_tweak),
610 aes_ctx(ctx->raw_tweak_ctx),
611 aes_ctx(ctx->raw_crypt_ctx));
612 }
613
614 static int xts_decrypt(struct skcipher_request *req)
615 {
616 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
617 struct aesni_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
618
619 return glue_xts_req_128bit(&aesni_dec_xts, req,
620 XTS_TWEAK_CAST(aesni_xts_tweak),
621 aes_ctx(ctx->raw_tweak_ctx),
622 aes_ctx(ctx->raw_crypt_ctx));
623 }
624
625 static int rfc4106_init(struct crypto_aead *aead)
626 {
627 struct cryptd_aead *cryptd_tfm;
628 struct cryptd_aead **ctx = crypto_aead_ctx(aead);
629
630 cryptd_tfm = cryptd_alloc_aead("__driver-gcm-aes-aesni",
631 CRYPTO_ALG_INTERNAL,
632 CRYPTO_ALG_INTERNAL);
633 if (IS_ERR(cryptd_tfm))
634 return PTR_ERR(cryptd_tfm);
635
636 *ctx = cryptd_tfm;
637 crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base));
638 return 0;
639 }
640
641 static void rfc4106_exit(struct crypto_aead *aead)
642 {
643 struct cryptd_aead **ctx = crypto_aead_ctx(aead);
644
645 cryptd_free_aead(*ctx);
646 }
647
648 static int
649 rfc4106_set_hash_subkey(u8 *hash_subkey, const u8 *key, unsigned int key_len)
650 {
651 struct crypto_cipher *tfm;
652 int ret;
653
654 tfm = crypto_alloc_cipher("aes", 0, 0);
655 if (IS_ERR(tfm))
656 return PTR_ERR(tfm);
657
658 ret = crypto_cipher_setkey(tfm, key, key_len);
659 if (ret)
660 goto out_free_cipher;
661
662 /* Clear the data in the hash sub key container to zero.*/
663 /* We want to cipher all zeros to create the hash sub key. */
664 memset(hash_subkey, 0, RFC4106_HASH_SUBKEY_SIZE);
665
666 crypto_cipher_encrypt_one(tfm, hash_subkey, hash_subkey);
667
668 out_free_cipher:
669 crypto_free_cipher(tfm);
670 return ret;
671 }
672
673 static int common_rfc4106_set_key(struct crypto_aead *aead, const u8 *key,
674 unsigned int key_len)
675 {
676 struct aesni_rfc4106_gcm_ctx *ctx = aesni_rfc4106_gcm_ctx_get(aead);
677
678 if (key_len < 4) {
679 crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
680 return -EINVAL;
681 }
682 /*Account for 4 byte nonce at the end.*/
683 key_len -= 4;
684
685 memcpy(ctx->nonce, key + key_len, sizeof(ctx->nonce));
686
687 return aes_set_key_common(crypto_aead_tfm(aead),
688 &ctx->aes_key_expanded, key, key_len) ?:
689 rfc4106_set_hash_subkey(ctx->hash_subkey, key, key_len);
690 }
691
692 static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
693 unsigned int key_len)
694 {
695 struct cryptd_aead **ctx = crypto_aead_ctx(parent);
696 struct cryptd_aead *cryptd_tfm = *ctx;
697
698 return crypto_aead_setkey(&cryptd_tfm->base, key, key_len);
699 }
700
701 static int common_rfc4106_set_authsize(struct crypto_aead *aead,
702 unsigned int authsize)
703 {
704 switch (authsize) {
705 case 8:
706 case 12:
707 case 16:
708 break;
709 default:
710 return -EINVAL;
711 }
712
713 return 0;
714 }
715
716 /* This is the Integrity Check Value (aka the authentication tag length and can
717 * be 8, 12 or 16 bytes long. */
718 static int rfc4106_set_authsize(struct crypto_aead *parent,
719 unsigned int authsize)
720 {
721 struct cryptd_aead **ctx = crypto_aead_ctx(parent);
722 struct cryptd_aead *cryptd_tfm = *ctx;
723
724 return crypto_aead_setauthsize(&cryptd_tfm->base, authsize);
725 }
726
727 static int generic_gcmaes_set_authsize(struct crypto_aead *tfm,
728 unsigned int authsize)
729 {
730 switch (authsize) {
731 case 4:
732 case 8:
733 case 12:
734 case 13:
735 case 14:
736 case 15:
737 case 16:
738 break;
739 default:
740 return -EINVAL;
741 }
742
743 return 0;
744 }
745
746 static int gcmaes_encrypt(struct aead_request *req, unsigned int assoclen,
747 u8 *hash_subkey, u8 *iv, void *aes_ctx)
748 {
749 u8 one_entry_in_sg = 0;
750 u8 *src, *dst, *assoc;
751 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
752 unsigned long auth_tag_len = crypto_aead_authsize(tfm);
753 struct scatter_walk src_sg_walk;
754 struct scatter_walk dst_sg_walk = {};
755
756 if (sg_is_last(req->src) &&
757 (!PageHighMem(sg_page(req->src)) ||
758 req->src->offset + req->src->length <= PAGE_SIZE) &&
759 sg_is_last(req->dst) &&
760 (!PageHighMem(sg_page(req->dst)) ||
761 req->dst->offset + req->dst->length <= PAGE_SIZE)) {
762 one_entry_in_sg = 1;
763 scatterwalk_start(&src_sg_walk, req->src);
764 assoc = scatterwalk_map(&src_sg_walk);
765 src = assoc + req->assoclen;
766 dst = src;
767 if (unlikely(req->src != req->dst)) {
768 scatterwalk_start(&dst_sg_walk, req->dst);
769 dst = scatterwalk_map(&dst_sg_walk) + req->assoclen;
770 }
771 } else {
772 /* Allocate memory for src, dst, assoc */
773 assoc = kmalloc(req->cryptlen + auth_tag_len + req->assoclen,
774 GFP_ATOMIC);
775 if (unlikely(!assoc))
776 return -ENOMEM;
777 scatterwalk_map_and_copy(assoc, req->src, 0,
778 req->assoclen + req->cryptlen, 0);
779 src = assoc + req->assoclen;
780 dst = src;
781 }
782
783 kernel_fpu_begin();
784 aesni_gcm_enc_tfm(aes_ctx, dst, src, req->cryptlen, iv,
785 hash_subkey, assoc, assoclen,
786 dst + req->cryptlen, auth_tag_len);
787 kernel_fpu_end();
788
789 /* The authTag (aka the Integrity Check Value) needs to be written
790 * back to the packet. */
791 if (one_entry_in_sg) {
792 if (unlikely(req->src != req->dst)) {
793 scatterwalk_unmap(dst - req->assoclen);
794 scatterwalk_advance(&dst_sg_walk, req->dst->length);
795 scatterwalk_done(&dst_sg_walk, 1, 0);
796 }
797 scatterwalk_unmap(assoc);
798 scatterwalk_advance(&src_sg_walk, req->src->length);
799 scatterwalk_done(&src_sg_walk, req->src == req->dst, 0);
800 } else {
801 scatterwalk_map_and_copy(dst, req->dst, req->assoclen,
802 req->cryptlen + auth_tag_len, 1);
803 kfree(assoc);
804 }
805 return 0;
806 }
807
808 static int gcmaes_decrypt(struct aead_request *req, unsigned int assoclen,
809 u8 *hash_subkey, u8 *iv, void *aes_ctx)
810 {
811 u8 one_entry_in_sg = 0;
812 u8 *src, *dst, *assoc;
813 unsigned long tempCipherLen = 0;
814 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
815 unsigned long auth_tag_len = crypto_aead_authsize(tfm);
816 u8 authTag[16];
817 struct scatter_walk src_sg_walk;
818 struct scatter_walk dst_sg_walk = {};
819 int retval = 0;
820
821 tempCipherLen = (unsigned long)(req->cryptlen - auth_tag_len);
822
823 if (sg_is_last(req->src) &&
824 (!PageHighMem(sg_page(req->src)) ||
825 req->src->offset + req->src->length <= PAGE_SIZE) &&
826 sg_is_last(req->dst) &&
827 (!PageHighMem(sg_page(req->dst)) ||
828 req->dst->offset + req->dst->length <= PAGE_SIZE)) {
829 one_entry_in_sg = 1;
830 scatterwalk_start(&src_sg_walk, req->src);
831 assoc = scatterwalk_map(&src_sg_walk);
832 src = assoc + req->assoclen;
833 dst = src;
834 if (unlikely(req->src != req->dst)) {
835 scatterwalk_start(&dst_sg_walk, req->dst);
836 dst = scatterwalk_map(&dst_sg_walk) + req->assoclen;
837 }
838 } else {
839 /* Allocate memory for src, dst, assoc */
840 assoc = kmalloc(req->cryptlen + req->assoclen, GFP_ATOMIC);
841 if (!assoc)
842 return -ENOMEM;
843 scatterwalk_map_and_copy(assoc, req->src, 0,
844 req->assoclen + req->cryptlen, 0);
845 src = assoc + req->assoclen;
846 dst = src;
847 }
848
849
850 kernel_fpu_begin();
851 aesni_gcm_dec_tfm(aes_ctx, dst, src, tempCipherLen, iv,
852 hash_subkey, assoc, assoclen,
853 authTag, auth_tag_len);
854 kernel_fpu_end();
855
856 /* Compare generated tag with passed in tag. */
857 retval = crypto_memneq(src + tempCipherLen, authTag, auth_tag_len) ?
858 -EBADMSG : 0;
859
860 if (one_entry_in_sg) {
861 if (unlikely(req->src != req->dst)) {
862 scatterwalk_unmap(dst - req->assoclen);
863 scatterwalk_advance(&dst_sg_walk, req->dst->length);
864 scatterwalk_done(&dst_sg_walk, 1, 0);
865 }
866 scatterwalk_unmap(assoc);
867 scatterwalk_advance(&src_sg_walk, req->src->length);
868 scatterwalk_done(&src_sg_walk, req->src == req->dst, 0);
869 } else {
870 scatterwalk_map_and_copy(dst, req->dst, req->assoclen,
871 tempCipherLen, 1);
872 kfree(assoc);
873 }
874 return retval;
875
876 }
877
878 static int helper_rfc4106_encrypt(struct aead_request *req)
879 {
880 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
881 struct aesni_rfc4106_gcm_ctx *ctx = aesni_rfc4106_gcm_ctx_get(tfm);
882 void *aes_ctx = &(ctx->aes_key_expanded);
883 u8 iv[16] __attribute__ ((__aligned__(AESNI_ALIGN)));
884 unsigned int i;
885 __be32 counter = cpu_to_be32(1);
886
887 /* Assuming we are supporting rfc4106 64-bit extended */
888 /* sequence numbers We need to have the AAD length equal */
889 /* to 16 or 20 bytes */
890 if (unlikely(req->assoclen != 16 && req->assoclen != 20))
891 return -EINVAL;
892
893 /* IV below built */
894 for (i = 0; i < 4; i++)
895 *(iv+i) = ctx->nonce[i];
896 for (i = 0; i < 8; i++)
897 *(iv+4+i) = req->iv[i];
898 *((__be32 *)(iv+12)) = counter;
899
900 return gcmaes_encrypt(req, req->assoclen - 8, ctx->hash_subkey, iv,
901 aes_ctx);
902 }
903
904 static int helper_rfc4106_decrypt(struct aead_request *req)
905 {
906 __be32 counter = cpu_to_be32(1);
907 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
908 struct aesni_rfc4106_gcm_ctx *ctx = aesni_rfc4106_gcm_ctx_get(tfm);
909 void *aes_ctx = &(ctx->aes_key_expanded);
910 u8 iv[16] __attribute__ ((__aligned__(AESNI_ALIGN)));
911 unsigned int i;
912
913 if (unlikely(req->assoclen != 16 && req->assoclen != 20))
914 return -EINVAL;
915
916 /* Assuming we are supporting rfc4106 64-bit extended */
917 /* sequence numbers We need to have the AAD length */
918 /* equal to 16 or 20 bytes */
919
920 /* IV below built */
921 for (i = 0; i < 4; i++)
922 *(iv+i) = ctx->nonce[i];
923 for (i = 0; i < 8; i++)
924 *(iv+4+i) = req->iv[i];
925 *((__be32 *)(iv+12)) = counter;
926
927 return gcmaes_decrypt(req, req->assoclen - 8, ctx->hash_subkey, iv,
928 aes_ctx);
929 }
930
931 static int rfc4106_encrypt(struct aead_request *req)
932 {
933 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
934 struct cryptd_aead **ctx = crypto_aead_ctx(tfm);
935 struct cryptd_aead *cryptd_tfm = *ctx;
936
937 tfm = &cryptd_tfm->base;
938 if (irq_fpu_usable() && (!in_atomic() ||
939 !cryptd_aead_queued(cryptd_tfm)))
940 tfm = cryptd_aead_child(cryptd_tfm);
941
942 aead_request_set_tfm(req, tfm);
943
944 return crypto_aead_encrypt(req);
945 }
946
947 static int rfc4106_decrypt(struct aead_request *req)
948 {
949 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
950 struct cryptd_aead **ctx = crypto_aead_ctx(tfm);
951 struct cryptd_aead *cryptd_tfm = *ctx;
952
953 tfm = &cryptd_tfm->base;
954 if (irq_fpu_usable() && (!in_atomic() ||
955 !cryptd_aead_queued(cryptd_tfm)))
956 tfm = cryptd_aead_child(cryptd_tfm);
957
958 aead_request_set_tfm(req, tfm);
959
960 return crypto_aead_decrypt(req);
961 }
962 #endif
963
964 static struct crypto_alg aesni_algs[] = { {
965 .cra_name = "aes",
966 .cra_driver_name = "aes-aesni",
967 .cra_priority = 300,
968 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
969 .cra_blocksize = AES_BLOCK_SIZE,
970 .cra_ctxsize = CRYPTO_AES_CTX_SIZE,
971 .cra_module = THIS_MODULE,
972 .cra_u = {
973 .cipher = {
974 .cia_min_keysize = AES_MIN_KEY_SIZE,
975 .cia_max_keysize = AES_MAX_KEY_SIZE,
976 .cia_setkey = aes_set_key,
977 .cia_encrypt = aes_encrypt,
978 .cia_decrypt = aes_decrypt
979 }
980 }
981 }, {
982 .cra_name = "__aes",
983 .cra_driver_name = "__aes-aesni",
984 .cra_priority = 300,
985 .cra_flags = CRYPTO_ALG_TYPE_CIPHER | CRYPTO_ALG_INTERNAL,
986 .cra_blocksize = AES_BLOCK_SIZE,
987 .cra_ctxsize = CRYPTO_AES_CTX_SIZE,
988 .cra_module = THIS_MODULE,
989 .cra_u = {
990 .cipher = {
991 .cia_min_keysize = AES_MIN_KEY_SIZE,
992 .cia_max_keysize = AES_MAX_KEY_SIZE,
993 .cia_setkey = aes_set_key,
994 .cia_encrypt = __aes_encrypt,
995 .cia_decrypt = __aes_decrypt
996 }
997 }
998 } };
999
1000 static struct skcipher_alg aesni_skciphers[] = {
1001 {
1002 .base = {
1003 .cra_name = "__ecb(aes)",
1004 .cra_driver_name = "__ecb-aes-aesni",
1005 .cra_priority = 400,
1006 .cra_flags = CRYPTO_ALG_INTERNAL,
1007 .cra_blocksize = AES_BLOCK_SIZE,
1008 .cra_ctxsize = CRYPTO_AES_CTX_SIZE,
1009 .cra_module = THIS_MODULE,
1010 },
1011 .min_keysize = AES_MIN_KEY_SIZE,
1012 .max_keysize = AES_MAX_KEY_SIZE,
1013 .setkey = aesni_skcipher_setkey,
1014 .encrypt = ecb_encrypt,
1015 .decrypt = ecb_decrypt,
1016 }, {
1017 .base = {
1018 .cra_name = "__cbc(aes)",
1019 .cra_driver_name = "__cbc-aes-aesni",
1020 .cra_priority = 400,
1021 .cra_flags = CRYPTO_ALG_INTERNAL,
1022 .cra_blocksize = AES_BLOCK_SIZE,
1023 .cra_ctxsize = CRYPTO_AES_CTX_SIZE,
1024 .cra_module = THIS_MODULE,
1025 },
1026 .min_keysize = AES_MIN_KEY_SIZE,
1027 .max_keysize = AES_MAX_KEY_SIZE,
1028 .ivsize = AES_BLOCK_SIZE,
1029 .setkey = aesni_skcipher_setkey,
1030 .encrypt = cbc_encrypt,
1031 .decrypt = cbc_decrypt,
1032 #ifdef CONFIG_X86_64
1033 }, {
1034 .base = {
1035 .cra_name = "__ctr(aes)",
1036 .cra_driver_name = "__ctr-aes-aesni",
1037 .cra_priority = 400,
1038 .cra_flags = CRYPTO_ALG_INTERNAL,
1039 .cra_blocksize = 1,
1040 .cra_ctxsize = CRYPTO_AES_CTX_SIZE,
1041 .cra_module = THIS_MODULE,
1042 },
1043 .min_keysize = AES_MIN_KEY_SIZE,
1044 .max_keysize = AES_MAX_KEY_SIZE,
1045 .ivsize = AES_BLOCK_SIZE,
1046 .chunksize = AES_BLOCK_SIZE,
1047 .setkey = aesni_skcipher_setkey,
1048 .encrypt = ctr_crypt,
1049 .decrypt = ctr_crypt,
1050 }, {
1051 .base = {
1052 .cra_name = "__xts(aes)",
1053 .cra_driver_name = "__xts-aes-aesni",
1054 .cra_priority = 401,
1055 .cra_flags = CRYPTO_ALG_INTERNAL,
1056 .cra_blocksize = AES_BLOCK_SIZE,
1057 .cra_ctxsize = XTS_AES_CTX_SIZE,
1058 .cra_module = THIS_MODULE,
1059 },
1060 .min_keysize = 2 * AES_MIN_KEY_SIZE,
1061 .max_keysize = 2 * AES_MAX_KEY_SIZE,
1062 .ivsize = AES_BLOCK_SIZE,
1063 .setkey = xts_aesni_setkey,
1064 .encrypt = xts_encrypt,
1065 .decrypt = xts_decrypt,
1066 #endif
1067 }
1068 };
1069
1070 struct simd_skcipher_alg *aesni_simd_skciphers[ARRAY_SIZE(aesni_skciphers)];
1071
1072 struct {
1073 const char *algname;
1074 const char *drvname;
1075 const char *basename;
1076 struct simd_skcipher_alg *simd;
1077 } aesni_simd_skciphers2[] = {
1078 #if (defined(MODULE) && IS_ENABLED(CONFIG_CRYPTO_PCBC)) || \
1079 IS_BUILTIN(CONFIG_CRYPTO_PCBC)
1080 {
1081 .algname = "pcbc(aes)",
1082 .drvname = "pcbc-aes-aesni",
1083 .basename = "fpu(pcbc(__aes-aesni))",
1084 },
1085 #endif
1086 };
1087
1088 #ifdef CONFIG_X86_64
1089 static int generic_gcmaes_set_key(struct crypto_aead *aead, const u8 *key,
1090 unsigned int key_len)
1091 {
1092 struct generic_gcmaes_ctx *ctx = generic_gcmaes_ctx_get(aead);
1093
1094 return aes_set_key_common(crypto_aead_tfm(aead),
1095 &ctx->aes_key_expanded, key, key_len) ?:
1096 rfc4106_set_hash_subkey(ctx->hash_subkey, key, key_len);
1097 }
1098
1099 static int generic_gcmaes_encrypt(struct aead_request *req)
1100 {
1101 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1102 struct generic_gcmaes_ctx *ctx = generic_gcmaes_ctx_get(tfm);
1103 void *aes_ctx = &(ctx->aes_key_expanded);
1104 u8 iv[16] __attribute__ ((__aligned__(AESNI_ALIGN)));
1105 __be32 counter = cpu_to_be32(1);
1106
1107 memcpy(iv, req->iv, 12);
1108 *((__be32 *)(iv+12)) = counter;
1109
1110 return gcmaes_encrypt(req, req->assoclen, ctx->hash_subkey, iv,
1111 aes_ctx);
1112 }
1113
1114 static int generic_gcmaes_decrypt(struct aead_request *req)
1115 {
1116 __be32 counter = cpu_to_be32(1);
1117 struct crypto_aead *tfm = crypto_aead_reqtfm(req);
1118 struct aesni_rfc4106_gcm_ctx *ctx = aesni_rfc4106_gcm_ctx_get(tfm);
1119 void *aes_ctx = &(ctx->aes_key_expanded);
1120 u8 iv[16] __attribute__ ((__aligned__(AESNI_ALIGN)));
1121
1122 memcpy(iv, req->iv, 12);
1123 *((__be32 *)(iv+12)) = counter;
1124
1125 return gcmaes_decrypt(req, req->assoclen, ctx->hash_subkey, iv,
1126 aes_ctx);
1127 }
1128
1129 static struct aead_alg aesni_aead_algs[] = { {
1130 .setkey = common_rfc4106_set_key,
1131 .setauthsize = common_rfc4106_set_authsize,
1132 .encrypt = helper_rfc4106_encrypt,
1133 .decrypt = helper_rfc4106_decrypt,
1134 .ivsize = 8,
1135 .maxauthsize = 16,
1136 .base = {
1137 .cra_name = "__gcm-aes-aesni",
1138 .cra_driver_name = "__driver-gcm-aes-aesni",
1139 .cra_flags = CRYPTO_ALG_INTERNAL,
1140 .cra_blocksize = 1,
1141 .cra_ctxsize = sizeof(struct aesni_rfc4106_gcm_ctx),
1142 .cra_alignmask = AESNI_ALIGN - 1,
1143 .cra_module = THIS_MODULE,
1144 },
1145 }, {
1146 .init = rfc4106_init,
1147 .exit = rfc4106_exit,
1148 .setkey = rfc4106_set_key,
1149 .setauthsize = rfc4106_set_authsize,
1150 .encrypt = rfc4106_encrypt,
1151 .decrypt = rfc4106_decrypt,
1152 .ivsize = 8,
1153 .maxauthsize = 16,
1154 .base = {
1155 .cra_name = "rfc4106(gcm(aes))",
1156 .cra_driver_name = "rfc4106-gcm-aesni",
1157 .cra_priority = 400,
1158 .cra_flags = CRYPTO_ALG_ASYNC,
1159 .cra_blocksize = 1,
1160 .cra_ctxsize = sizeof(struct cryptd_aead *),
1161 .cra_module = THIS_MODULE,
1162 },
1163 }, {
1164 .setkey = generic_gcmaes_set_key,
1165 .setauthsize = generic_gcmaes_set_authsize,
1166 .encrypt = generic_gcmaes_encrypt,
1167 .decrypt = generic_gcmaes_decrypt,
1168 .ivsize = 12,
1169 .maxauthsize = 16,
1170 .base = {
1171 .cra_name = "gcm(aes)",
1172 .cra_driver_name = "generic-gcm-aesni",
1173 .cra_priority = 400,
1174 .cra_flags = CRYPTO_ALG_ASYNC,
1175 .cra_blocksize = 1,
1176 .cra_ctxsize = sizeof(struct generic_gcmaes_ctx),
1177 .cra_alignmask = AESNI_ALIGN - 1,
1178 .cra_module = THIS_MODULE,
1179 },
1180 } };
1181 #else
1182 static struct aead_alg aesni_aead_algs[0];
1183 #endif
1184
1185
1186 static const struct x86_cpu_id aesni_cpu_id[] = {
1187 X86_FEATURE_MATCH(X86_FEATURE_AES),
1188 {}
1189 };
1190 MODULE_DEVICE_TABLE(x86cpu, aesni_cpu_id);
1191
1192 static void aesni_free_simds(void)
1193 {
1194 int i;
1195
1196 for (i = 0; i < ARRAY_SIZE(aesni_simd_skciphers) &&
1197 aesni_simd_skciphers[i]; i++)
1198 simd_skcipher_free(aesni_simd_skciphers[i]);
1199
1200 for (i = 0; i < ARRAY_SIZE(aesni_simd_skciphers2); i++)
1201 if (aesni_simd_skciphers2[i].simd)
1202 simd_skcipher_free(aesni_simd_skciphers2[i].simd);
1203 }
1204
1205 static int __init aesni_init(void)
1206 {
1207 struct simd_skcipher_alg *simd;
1208 const char *basename;
1209 const char *algname;
1210 const char *drvname;
1211 int err;
1212 int i;
1213
1214 if (!x86_match_cpu(aesni_cpu_id))
1215 return -ENODEV;
1216 #ifdef CONFIG_X86_64
1217 #ifdef CONFIG_AS_AVX2
1218 if (boot_cpu_has(X86_FEATURE_AVX2)) {
1219 pr_info("AVX2 version of gcm_enc/dec engaged.\n");
1220 aesni_gcm_enc_tfm = aesni_gcm_enc_avx2;
1221 aesni_gcm_dec_tfm = aesni_gcm_dec_avx2;
1222 } else
1223 #endif
1224 #ifdef CONFIG_AS_AVX
1225 if (boot_cpu_has(X86_FEATURE_AVX)) {
1226 pr_info("AVX version of gcm_enc/dec engaged.\n");
1227 aesni_gcm_enc_tfm = aesni_gcm_enc_avx;
1228 aesni_gcm_dec_tfm = aesni_gcm_dec_avx;
1229 } else
1230 #endif
1231 {
1232 pr_info("SSE version of gcm_enc/dec engaged.\n");
1233 aesni_gcm_enc_tfm = aesni_gcm_enc;
1234 aesni_gcm_dec_tfm = aesni_gcm_dec;
1235 }
1236 aesni_ctr_enc_tfm = aesni_ctr_enc;
1237 #ifdef CONFIG_AS_AVX
1238 if (boot_cpu_has(X86_FEATURE_AVX)) {
1239 /* optimize performance of ctr mode encryption transform */
1240 aesni_ctr_enc_tfm = aesni_ctr_enc_avx_tfm;
1241 pr_info("AES CTR mode by8 optimization enabled\n");
1242 }
1243 #endif
1244 #endif
1245
1246 err = crypto_fpu_init();
1247 if (err)
1248 return err;
1249
1250 err = crypto_register_algs(aesni_algs, ARRAY_SIZE(aesni_algs));
1251 if (err)
1252 goto fpu_exit;
1253
1254 err = crypto_register_skciphers(aesni_skciphers,
1255 ARRAY_SIZE(aesni_skciphers));
1256 if (err)
1257 goto unregister_algs;
1258
1259 err = crypto_register_aeads(aesni_aead_algs,
1260 ARRAY_SIZE(aesni_aead_algs));
1261 if (err)
1262 goto unregister_skciphers;
1263
1264 for (i = 0; i < ARRAY_SIZE(aesni_skciphers); i++) {
1265 algname = aesni_skciphers[i].base.cra_name + 2;
1266 drvname = aesni_skciphers[i].base.cra_driver_name + 2;
1267 basename = aesni_skciphers[i].base.cra_driver_name;
1268 simd = simd_skcipher_create_compat(algname, drvname, basename);
1269 err = PTR_ERR(simd);
1270 if (IS_ERR(simd))
1271 goto unregister_simds;
1272
1273 aesni_simd_skciphers[i] = simd;
1274 }
1275
1276 for (i = 0; i < ARRAY_SIZE(aesni_simd_skciphers2); i++) {
1277 algname = aesni_simd_skciphers2[i].algname;
1278 drvname = aesni_simd_skciphers2[i].drvname;
1279 basename = aesni_simd_skciphers2[i].basename;
1280 simd = simd_skcipher_create_compat(algname, drvname, basename);
1281 err = PTR_ERR(simd);
1282 if (IS_ERR(simd))
1283 continue;
1284
1285 aesni_simd_skciphers2[i].simd = simd;
1286 }
1287
1288 return 0;
1289
1290 unregister_simds:
1291 aesni_free_simds();
1292 crypto_unregister_aeads(aesni_aead_algs, ARRAY_SIZE(aesni_aead_algs));
1293 unregister_skciphers:
1294 crypto_unregister_skciphers(aesni_skciphers,
1295 ARRAY_SIZE(aesni_skciphers));
1296 unregister_algs:
1297 crypto_unregister_algs(aesni_algs, ARRAY_SIZE(aesni_algs));
1298 fpu_exit:
1299 crypto_fpu_exit();
1300 return err;
1301 }
1302
1303 static void __exit aesni_exit(void)
1304 {
1305 aesni_free_simds();
1306 crypto_unregister_aeads(aesni_aead_algs, ARRAY_SIZE(aesni_aead_algs));
1307 crypto_unregister_skciphers(aesni_skciphers,
1308 ARRAY_SIZE(aesni_skciphers));
1309 crypto_unregister_algs(aesni_algs, ARRAY_SIZE(aesni_algs));
1310
1311 crypto_fpu_exit();
1312 }
1313
1314 late_initcall(aesni_init);
1315 module_exit(aesni_exit);
1316
1317 MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm, Intel AES-NI instructions optimized");
1318 MODULE_LICENSE("GPL");
1319 MODULE_ALIAS_CRYPTO("aes");
Ubuntu Artful kernel mirror