root/arch/powerpc/crypto/aes-spe-glue.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. spe_begin
  2. spe_end
  3. ppc_aes_setkey
  4. ppc_xts_setkey
  5. ppc_aes_encrypt
  6. ppc_aes_decrypt
  7. ppc_ecb_encrypt
  8. ppc_ecb_decrypt
  9. ppc_cbc_encrypt
  10. ppc_cbc_decrypt
  11. ppc_ctr_crypt
  12. ppc_xts_encrypt
  13. ppc_xts_decrypt
  14. ppc_aes_mod_init
  15. ppc_aes_mod_fini

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  * Glue code for AES implementation for SPE instructions (PPC)
   4  *
   5  * Based on generic implementation. The assembler module takes care
   6  * about the SPE registers so it can run from interrupt context.
   7  *
   8  * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
   9  */
  10 
  11 #include <crypto/aes.h>
  12 #include <linux/module.h>
  13 #include <linux/init.h>
  14 #include <linux/types.h>
  15 #include <linux/errno.h>
  16 #include <linux/crypto.h>
  17 #include <asm/byteorder.h>
  18 #include <asm/switch_to.h>
  19 #include <crypto/algapi.h>
  20 #include <crypto/xts.h>
  21 
  22 /*
  23  * MAX_BYTES defines the number of bytes that are allowed to be processed
  24  * between preempt_disable() and preempt_enable(). e500 cores can issue two
  25  * instructions per clock cycle using one 32/64 bit unit (SU1) and one 32
  26  * bit unit (SU2). One of these can be a memory access that is executed via
  27  * a single load and store unit (LSU). XTS-AES-256 takes ~780 operations per
  28  * 16 byte block block or 25 cycles per byte. Thus 768 bytes of input data
  29  * will need an estimated maximum of 20,000 cycles. Headroom for cache misses
  30  * included. Even with the low end model clocked at 667 MHz this equals to a
  31  * critical time window of less than 30us. The value has been chosen to
  32  * process a 512 byte disk block in one or a large 1400 bytes IPsec network
  33  * packet in two runs.
  34  *
  35  */
  36 #define MAX_BYTES 768
  37 
  38 struct ppc_aes_ctx {
  39         u32 key_enc[AES_MAX_KEYLENGTH_U32];
  40         u32 key_dec[AES_MAX_KEYLENGTH_U32];
  41         u32 rounds;
  42 };
  43 
  44 struct ppc_xts_ctx {
  45         u32 key_enc[AES_MAX_KEYLENGTH_U32];
  46         u32 key_dec[AES_MAX_KEYLENGTH_U32];
  47         u32 key_twk[AES_MAX_KEYLENGTH_U32];
  48         u32 rounds;
  49 };
  50 
  51 extern void ppc_encrypt_aes(u8 *out, const u8 *in, u32 *key_enc, u32 rounds);
  52 extern void ppc_decrypt_aes(u8 *out, const u8 *in, u32 *key_dec, u32 rounds);
  53 extern void ppc_encrypt_ecb(u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
  54                             u32 bytes);
  55 extern void ppc_decrypt_ecb(u8 *out, const u8 *in, u32 *key_dec, u32 rounds,
  56                             u32 bytes);
  57 extern void ppc_encrypt_cbc(u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
  58                             u32 bytes, u8 *iv);
  59 extern void ppc_decrypt_cbc(u8 *out, const u8 *in, u32 *key_dec, u32 rounds,
  60                             u32 bytes, u8 *iv);
  61 extern void ppc_crypt_ctr  (u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
  62                             u32 bytes, u8 *iv);
  63 extern void ppc_encrypt_xts(u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
  64                             u32 bytes, u8 *iv, u32 *key_twk);
  65 extern void ppc_decrypt_xts(u8 *out, const u8 *in, u32 *key_dec, u32 rounds,
  66                             u32 bytes, u8 *iv, u32 *key_twk);
  67 
  68 extern void ppc_expand_key_128(u32 *key_enc, const u8 *key);
  69 extern void ppc_expand_key_192(u32 *key_enc, const u8 *key);
  70 extern void ppc_expand_key_256(u32 *key_enc, const u8 *key);
  71 
  72 extern void ppc_generate_decrypt_key(u32 *key_dec,u32 *key_enc,
  73                                      unsigned int key_len);
  74 
  75 static void spe_begin(void)
  76 {
  77         /* disable preemption and save users SPE registers if required */
  78         preempt_disable();
  79         enable_kernel_spe();
  80 }
  81 
  82 static void spe_end(void)
  83 {
  84         disable_kernel_spe();
  85         /* reenable preemption */
  86         preempt_enable();
  87 }
  88 
  89 static int ppc_aes_setkey(struct crypto_tfm *tfm, const u8 *in_key,
  90                 unsigned int key_len)
  91 {
  92         struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
  93 
  94         if (key_len != AES_KEYSIZE_128 &&
  95             key_len != AES_KEYSIZE_192 &&
  96             key_len != AES_KEYSIZE_256) {
  97                 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
  98                 return -EINVAL;
  99         }
 100 
 101         switch (key_len) {
 102         case AES_KEYSIZE_128:
 103                 ctx->rounds = 4;
 104                 ppc_expand_key_128(ctx->key_enc, in_key);
 105                 break;
 106         case AES_KEYSIZE_192:
 107                 ctx->rounds = 5;
 108                 ppc_expand_key_192(ctx->key_enc, in_key);
 109                 break;
 110         case AES_KEYSIZE_256:
 111                 ctx->rounds = 6;
 112                 ppc_expand_key_256(ctx->key_enc, in_key);
 113                 break;
 114         }
 115 
 116         ppc_generate_decrypt_key(ctx->key_dec, ctx->key_enc, key_len);
 117 
 118         return 0;
 119 }
 120 
 121 static int ppc_xts_setkey(struct crypto_tfm *tfm, const u8 *in_key,
 122                    unsigned int key_len)
 123 {
 124         struct ppc_xts_ctx *ctx = crypto_tfm_ctx(tfm);
 125         int err;
 126 
 127         err = xts_check_key(tfm, in_key, key_len);
 128         if (err)
 129                 return err;
 130 
 131         key_len >>= 1;
 132 
 133         if (key_len != AES_KEYSIZE_128 &&
 134             key_len != AES_KEYSIZE_192 &&
 135             key_len != AES_KEYSIZE_256) {
 136                 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
 137                 return -EINVAL;
 138         }
 139 
 140         switch (key_len) {
 141         case AES_KEYSIZE_128:
 142                 ctx->rounds = 4;
 143                 ppc_expand_key_128(ctx->key_enc, in_key);
 144                 ppc_expand_key_128(ctx->key_twk, in_key + AES_KEYSIZE_128);
 145                 break;
 146         case AES_KEYSIZE_192:
 147                 ctx->rounds = 5;
 148                 ppc_expand_key_192(ctx->key_enc, in_key);
 149                 ppc_expand_key_192(ctx->key_twk, in_key + AES_KEYSIZE_192);
 150                 break;
 151         case AES_KEYSIZE_256:
 152                 ctx->rounds = 6;
 153                 ppc_expand_key_256(ctx->key_enc, in_key);
 154                 ppc_expand_key_256(ctx->key_twk, in_key + AES_KEYSIZE_256);
 155                 break;
 156         }
 157 
 158         ppc_generate_decrypt_key(ctx->key_dec, ctx->key_enc, key_len);
 159 
 160         return 0;
 161 }
 162 
 163 static void ppc_aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 164 {
 165         struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
 166 
 167         spe_begin();
 168         ppc_encrypt_aes(out, in, ctx->key_enc, ctx->rounds);
 169         spe_end();
 170 }
 171 
 172 static void ppc_aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 173 {
 174         struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
 175 
 176         spe_begin();
 177         ppc_decrypt_aes(out, in, ctx->key_dec, ctx->rounds);
 178         spe_end();
 179 }
 180 
 181 static int ppc_ecb_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
 182                            struct scatterlist *src, unsigned int nbytes)
 183 {
 184         struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
 185         struct blkcipher_walk walk;
 186         unsigned int ubytes;
 187         int err;
 188 
 189         desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
 190         blkcipher_walk_init(&walk, dst, src, nbytes);
 191         err = blkcipher_walk_virt(desc, &walk);
 192 
 193         while ((nbytes = walk.nbytes)) {
 194                 ubytes = nbytes > MAX_BYTES ?
 195                          nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
 196                 nbytes -= ubytes;
 197 
 198                 spe_begin();
 199                 ppc_encrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
 200                                 ctx->key_enc, ctx->rounds, nbytes);
 201                 spe_end();
 202 
 203                 err = blkcipher_walk_done(desc, &walk, ubytes);
 204         }
 205 
 206         return err;
 207 }
 208 
 209 static int ppc_ecb_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
 210                            struct scatterlist *src, unsigned int nbytes)
 211 {
 212         struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
 213         struct blkcipher_walk walk;
 214         unsigned int ubytes;
 215         int err;
 216 
 217         desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
 218         blkcipher_walk_init(&walk, dst, src, nbytes);
 219         err = blkcipher_walk_virt(desc, &walk);
 220 
 221         while ((nbytes = walk.nbytes)) {
 222                 ubytes = nbytes > MAX_BYTES ?
 223                          nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
 224                 nbytes -= ubytes;
 225 
 226                 spe_begin();
 227                 ppc_decrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
 228                                 ctx->key_dec, ctx->rounds, nbytes);
 229                 spe_end();
 230 
 231                 err = blkcipher_walk_done(desc, &walk, ubytes);
 232         }
 233 
 234         return err;
 235 }
 236 
 237 static int ppc_cbc_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
 238                            struct scatterlist *src, unsigned int nbytes)
 239 {
 240         struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
 241         struct blkcipher_walk walk;
 242         unsigned int ubytes;
 243         int err;
 244 
 245         desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
 246         blkcipher_walk_init(&walk, dst, src, nbytes);
 247         err = blkcipher_walk_virt(desc, &walk);
 248 
 249         while ((nbytes = walk.nbytes)) {
 250                 ubytes = nbytes > MAX_BYTES ?
 251                          nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
 252                 nbytes -= ubytes;
 253 
 254                 spe_begin();
 255                 ppc_encrypt_cbc(walk.dst.virt.addr, walk.src.virt.addr,
 256                                 ctx->key_enc, ctx->rounds, nbytes, walk.iv);
 257                 spe_end();
 258 
 259                 err = blkcipher_walk_done(desc, &walk, ubytes);
 260         }
 261 
 262         return err;
 263 }
 264 
 265 static int ppc_cbc_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
 266                            struct scatterlist *src, unsigned int nbytes)
 267 {
 268         struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
 269         struct blkcipher_walk walk;
 270         unsigned int ubytes;
 271         int err;
 272 
 273         desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
 274         blkcipher_walk_init(&walk, dst, src, nbytes);
 275         err = blkcipher_walk_virt(desc, &walk);
 276 
 277         while ((nbytes = walk.nbytes)) {
 278                 ubytes = nbytes > MAX_BYTES ?
 279                          nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
 280                 nbytes -= ubytes;
 281 
 282                 spe_begin();
 283                 ppc_decrypt_cbc(walk.dst.virt.addr, walk.src.virt.addr,
 284                                 ctx->key_dec, ctx->rounds, nbytes, walk.iv);
 285                 spe_end();
 286 
 287                 err = blkcipher_walk_done(desc, &walk, ubytes);
 288         }
 289 
 290         return err;
 291 }
 292 
 293 static int ppc_ctr_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
 294                          struct scatterlist *src, unsigned int nbytes)
 295 {
 296         struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
 297         struct blkcipher_walk walk;
 298         unsigned int pbytes, ubytes;
 299         int err;
 300 
 301         desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
 302         blkcipher_walk_init(&walk, dst, src, nbytes);
 303         err = blkcipher_walk_virt_block(desc, &walk, AES_BLOCK_SIZE);
 304 
 305         while ((pbytes = walk.nbytes)) {
 306                 pbytes = pbytes > MAX_BYTES ? MAX_BYTES : pbytes;
 307                 pbytes = pbytes == nbytes ?
 308                          nbytes : pbytes & ~(AES_BLOCK_SIZE - 1);
 309                 ubytes = walk.nbytes - pbytes;
 310 
 311                 spe_begin();
 312                 ppc_crypt_ctr(walk.dst.virt.addr, walk.src.virt.addr,
 313                               ctx->key_enc, ctx->rounds, pbytes , walk.iv);
 314                 spe_end();
 315 
 316                 nbytes -= pbytes;
 317                 err = blkcipher_walk_done(desc, &walk, ubytes);
 318         }
 319 
 320         return err;
 321 }
 322 
 323 static int ppc_xts_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
 324                            struct scatterlist *src, unsigned int nbytes)
 325 {
 326         struct ppc_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
 327         struct blkcipher_walk walk;
 328         unsigned int ubytes;
 329         int err;
 330         u32 *twk;
 331 
 332         desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
 333         blkcipher_walk_init(&walk, dst, src, nbytes);
 334         err = blkcipher_walk_virt(desc, &walk);
 335         twk = ctx->key_twk;
 336 
 337         while ((nbytes = walk.nbytes)) {
 338                 ubytes = nbytes > MAX_BYTES ?
 339                          nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
 340                 nbytes -= ubytes;
 341 
 342                 spe_begin();
 343                 ppc_encrypt_xts(walk.dst.virt.addr, walk.src.virt.addr,
 344                                 ctx->key_enc, ctx->rounds, nbytes, walk.iv, twk);
 345                 spe_end();
 346 
 347                 twk = NULL;
 348                 err = blkcipher_walk_done(desc, &walk, ubytes);
 349         }
 350 
 351         return err;
 352 }
 353 
 354 static int ppc_xts_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
 355                            struct scatterlist *src, unsigned int nbytes)
 356 {
 357         struct ppc_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
 358         struct blkcipher_walk walk;
 359         unsigned int ubytes;
 360         int err;
 361         u32 *twk;
 362 
 363         desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
 364         blkcipher_walk_init(&walk, dst, src, nbytes);
 365         err = blkcipher_walk_virt(desc, &walk);
 366         twk = ctx->key_twk;
 367 
 368         while ((nbytes = walk.nbytes)) {
 369                 ubytes = nbytes > MAX_BYTES ?
 370                          nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
 371                 nbytes -= ubytes;
 372 
 373                 spe_begin();
 374                 ppc_decrypt_xts(walk.dst.virt.addr, walk.src.virt.addr,
 375                                 ctx->key_dec, ctx->rounds, nbytes, walk.iv, twk);
 376                 spe_end();
 377 
 378                 twk = NULL;
 379                 err = blkcipher_walk_done(desc, &walk, ubytes);
 380         }
 381 
 382         return err;
 383 }
 384 
 385 /*
 386  * Algorithm definitions. Disabling alignment (cra_alignmask=0) was chosen
 387  * because the e500 platform can handle unaligned reads/writes very efficently.
 388  * This improves IPsec thoughput by another few percent. Additionally we assume
 389  * that AES context is always aligned to at least 8 bytes because it is created
 390  * with kmalloc() in the crypto infrastructure
 391  *
 392  */
 393 static struct crypto_alg aes_algs[] = { {
 394         .cra_name               =       "aes",
 395         .cra_driver_name        =       "aes-ppc-spe",
 396         .cra_priority           =       300,
 397         .cra_flags              =       CRYPTO_ALG_TYPE_CIPHER,
 398         .cra_blocksize          =       AES_BLOCK_SIZE,
 399         .cra_ctxsize            =       sizeof(struct ppc_aes_ctx),
 400         .cra_alignmask          =       0,
 401         .cra_module             =       THIS_MODULE,
 402         .cra_u                  =       {
 403                 .cipher = {
 404                         .cia_min_keysize        =       AES_MIN_KEY_SIZE,
 405                         .cia_max_keysize        =       AES_MAX_KEY_SIZE,
 406                         .cia_setkey             =       ppc_aes_setkey,
 407                         .cia_encrypt            =       ppc_aes_encrypt,
 408                         .cia_decrypt            =       ppc_aes_decrypt
 409                 }
 410         }
 411 }, {
 412         .cra_name               =       "ecb(aes)",
 413         .cra_driver_name        =       "ecb-ppc-spe",
 414         .cra_priority           =       300,
 415         .cra_flags              =       CRYPTO_ALG_TYPE_BLKCIPHER,
 416         .cra_blocksize          =       AES_BLOCK_SIZE,
 417         .cra_ctxsize            =       sizeof(struct ppc_aes_ctx),
 418         .cra_alignmask          =       0,
 419         .cra_type               =       &crypto_blkcipher_type,
 420         .cra_module             =       THIS_MODULE,
 421         .cra_u = {
 422                 .blkcipher = {
 423                         .min_keysize            =       AES_MIN_KEY_SIZE,
 424                         .max_keysize            =       AES_MAX_KEY_SIZE,
 425                         .ivsize                 =       AES_BLOCK_SIZE,
 426                         .setkey                 =       ppc_aes_setkey,
 427                         .encrypt                =       ppc_ecb_encrypt,
 428                         .decrypt                =       ppc_ecb_decrypt,
 429                 }
 430         }
 431 }, {
 432         .cra_name               =       "cbc(aes)",
 433         .cra_driver_name        =       "cbc-ppc-spe",
 434         .cra_priority           =       300,
 435         .cra_flags              =       CRYPTO_ALG_TYPE_BLKCIPHER,
 436         .cra_blocksize          =       AES_BLOCK_SIZE,
 437         .cra_ctxsize            =       sizeof(struct ppc_aes_ctx),
 438         .cra_alignmask          =       0,
 439         .cra_type               =       &crypto_blkcipher_type,
 440         .cra_module             =       THIS_MODULE,
 441         .cra_u = {
 442                 .blkcipher = {
 443                         .min_keysize            =       AES_MIN_KEY_SIZE,
 444                         .max_keysize            =       AES_MAX_KEY_SIZE,
 445                         .ivsize                 =       AES_BLOCK_SIZE,
 446                         .setkey                 =       ppc_aes_setkey,
 447                         .encrypt                =       ppc_cbc_encrypt,
 448                         .decrypt                =       ppc_cbc_decrypt,
 449                 }
 450         }
 451 }, {
 452         .cra_name               =       "ctr(aes)",
 453         .cra_driver_name        =       "ctr-ppc-spe",
 454         .cra_priority           =       300,
 455         .cra_flags              =       CRYPTO_ALG_TYPE_BLKCIPHER,
 456         .cra_blocksize          =       1,
 457         .cra_ctxsize            =       sizeof(struct ppc_aes_ctx),
 458         .cra_alignmask          =       0,
 459         .cra_type               =       &crypto_blkcipher_type,
 460         .cra_module             =       THIS_MODULE,
 461         .cra_u = {
 462                 .blkcipher = {
 463                         .min_keysize            =       AES_MIN_KEY_SIZE,
 464                         .max_keysize            =       AES_MAX_KEY_SIZE,
 465                         .ivsize                 =       AES_BLOCK_SIZE,
 466                         .setkey                 =       ppc_aes_setkey,
 467                         .encrypt                =       ppc_ctr_crypt,
 468                         .decrypt                =       ppc_ctr_crypt,
 469                 }
 470         }
 471 }, {
 472         .cra_name               =       "xts(aes)",
 473         .cra_driver_name        =       "xts-ppc-spe",
 474         .cra_priority           =       300,
 475         .cra_flags              =       CRYPTO_ALG_TYPE_BLKCIPHER,
 476         .cra_blocksize          =       AES_BLOCK_SIZE,
 477         .cra_ctxsize            =       sizeof(struct ppc_xts_ctx),
 478         .cra_alignmask          =       0,
 479         .cra_type               =       &crypto_blkcipher_type,
 480         .cra_module             =       THIS_MODULE,
 481         .cra_u = {
 482                 .blkcipher = {
 483                         .min_keysize            =       AES_MIN_KEY_SIZE * 2,
 484                         .max_keysize            =       AES_MAX_KEY_SIZE * 2,
 485                         .ivsize                 =       AES_BLOCK_SIZE,
 486                         .setkey                 =       ppc_xts_setkey,
 487                         .encrypt                =       ppc_xts_encrypt,
 488                         .decrypt                =       ppc_xts_decrypt,
 489                 }
 490         }
 491 } };
 492 
 493 static int __init ppc_aes_mod_init(void)
 494 {
 495         return crypto_register_algs(aes_algs, ARRAY_SIZE(aes_algs));
 496 }
 497 
 498 static void __exit ppc_aes_mod_fini(void)
 499 {
 500         crypto_unregister_algs(aes_algs, ARRAY_SIZE(aes_algs));
 501 }
 502 
 503 module_init(ppc_aes_mod_init);
 504 module_exit(ppc_aes_mod_fini);
 505 
 506 MODULE_LICENSE("GPL");
 507 MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS, SPE optimized");
 508 
 509 MODULE_ALIAS_CRYPTO("aes");
 510 MODULE_ALIAS_CRYPTO("ecb(aes)");
 511 MODULE_ALIAS_CRYPTO("cbc(aes)");
 512 MODULE_ALIAS_CRYPTO("ctr(aes)");
 513 MODULE_ALIAS_CRYPTO("xts(aes)");
 514 MODULE_ALIAS_CRYPTO("aes-ppc-spe");

/* [<][>][^][v][top][bottom][index][help] */