projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
crypto: doc - add skcipher API documentation
[deliverable/linux.git] / arch / powerpc / crypto / aes-spe-glue.c
CommitLineData
8a28a1a8
MS		 1/*
2 * Glue code for AES implementation for SPE instructions (PPC)
3 *
4 * Based on generic implementation. The assembler module takes care
5 * about the SPE registers so it can run from interrupt context.
6 *
7 * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
8 *
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the Free
11 * Software Foundation; either version 2 of the License, or (at your option)
12 * any later version.
13 *
14 */
15
16#include <crypto/aes.h>
17#include <linux/module.h>
18#include <linux/init.h>
19#include <linux/types.h>
20#include <linux/errno.h>
21#include <linux/crypto.h>
22#include <asm/byteorder.h>
23#include <asm/switch_to.h>
24#include <crypto/algapi.h>
25
26/*
27 * MAX_BYTES defines the number of bytes that are allowed to be processed
28 * between preempt_disable() and preempt_enable(). e500 cores can issue two
29 * instructions per clock cycle using one 32/64 bit unit (SU1) and one 32
30 * bit unit (SU2). One of these can be a memory access that is executed via
31 * a single load and store unit (LSU). XTS-AES-256 takes ~780 operations per
32 * 16 byte block block or 25 cycles per byte. Thus 768 bytes of input data
33 * will need an estimated maximum of 20,000 cycles. Headroom for cache misses
34 * included. Even with the low end model clocked at 667 MHz this equals to a
35 * critical time window of less than 30us. The value has been choosen to
36 * process a 512 byte disk block in one or a large 1400 bytes IPsec network
37 * packet in two runs.
38 *
39 */
40#define MAX_BYTES 768
41
42struct ppc_aes_ctx {
43 u32 key_enc[AES_MAX_KEYLENGTH_U32];
44 u32 key_dec[AES_MAX_KEYLENGTH_U32];
45 u32 rounds;
46};
47
48struct ppc_xts_ctx {
49 u32 key_enc[AES_MAX_KEYLENGTH_U32];
50 u32 key_dec[AES_MAX_KEYLENGTH_U32];
51 u32 key_twk[AES_MAX_KEYLENGTH_U32];
52 u32 rounds;
53};
54
55extern void ppc_encrypt_aes(u8 *out, const u8 *in, u32 *key_enc, u32 rounds);
56extern void ppc_decrypt_aes(u8 *out, const u8 *in, u32 *key_dec, u32 rounds);
57extern void ppc_encrypt_ecb(u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
58 u32 bytes);
59extern void ppc_decrypt_ecb(u8 *out, const u8 *in, u32 *key_dec, u32 rounds,
60 u32 bytes);
61extern void ppc_encrypt_cbc(u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
62 u32 bytes, u8 *iv);
63extern void ppc_decrypt_cbc(u8 *out, const u8 *in, u32 *key_dec, u32 rounds,
64 u32 bytes, u8 *iv);
65extern void ppc_crypt_ctr (u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
66 u32 bytes, u8 *iv);
67extern void ppc_encrypt_xts(u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
68 u32 bytes, u8 *iv, u32 *key_twk);
69extern void ppc_decrypt_xts(u8 *out, const u8 *in, u32 *key_dec, u32 rounds,
70 u32 bytes, u8 *iv, u32 *key_twk);
71
72extern void ppc_expand_key_128(u32 *key_enc, const u8 *key);
73extern void ppc_expand_key_192(u32 *key_enc, const u8 *key);
74extern void ppc_expand_key_256(u32 *key_enc, const u8 *key);
75
76extern void ppc_generate_decrypt_key(u32 *key_dec,u32 *key_enc,
77 unsigned int key_len);
78
79static void spe_begin(void)
80{
81 /* disable preemption and save users SPE registers if required */
82 preempt_disable();
83 enable_kernel_spe();
84}
85
86static void spe_end(void)
87{
dc4fbba1 88 disable_kernel_spe();
8a28a1a8
MS		 89 /* reenable preemption */
90 preempt_enable();
91}
92
93static int ppc_aes_setkey(struct crypto_tfm *tfm, const u8 *in_key,
94 unsigned int key_len)
95{
96 struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
97
98 if (key_len != AES_KEYSIZE_128 &&
99 key_len != AES_KEYSIZE_192 &&
100 key_len != AES_KEYSIZE_256) {
101 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
102 return -EINVAL;
103 }
104
105 switch (key_len) {
106 case AES_KEYSIZE_128:
107 ctx->rounds = 4;
108 ppc_expand_key_128(ctx->key_enc, in_key);
109 break;
110 case AES_KEYSIZE_192:
111 ctx->rounds = 5;
112 ppc_expand_key_192(ctx->key_enc, in_key);
113 break;
114 case AES_KEYSIZE_256:
115 ctx->rounds = 6;
116 ppc_expand_key_256(ctx->key_enc, in_key);
117 break;
118 }
119
120 ppc_generate_decrypt_key(ctx->key_dec, ctx->key_enc, key_len);
121
122 return 0;
123}
124
125static int ppc_xts_setkey(struct crypto_tfm *tfm, const u8 *in_key,
126 unsigned int key_len)
127{
128 struct ppc_xts_ctx *ctx = crypto_tfm_ctx(tfm);
28856a9e
SM		 129 int err;
130
131 err = xts_check_key(tfm, in_key, key_len);
132 if (err)
133 return err;
8a28a1a8
MS		 134
135 key_len >>= 1;
136
137 if (key_len != AES_KEYSIZE_128 &&
138 key_len != AES_KEYSIZE_192 &&
139 key_len != AES_KEYSIZE_256) {
140 tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
141 return -EINVAL;
142 }
143
144 switch (key_len) {
145 case AES_KEYSIZE_128:
146 ctx->rounds = 4;
147 ppc_expand_key_128(ctx->key_enc, in_key);
148 ppc_expand_key_128(ctx->key_twk, in_key + AES_KEYSIZE_128);
149 break;
150 case AES_KEYSIZE_192:
151 ctx->rounds = 5;
152 ppc_expand_key_192(ctx->key_enc, in_key);
153 ppc_expand_key_192(ctx->key_twk, in_key + AES_KEYSIZE_192);
154 break;
155 case AES_KEYSIZE_256:
156 ctx->rounds = 6;
157 ppc_expand_key_256(ctx->key_enc, in_key);
158 ppc_expand_key_256(ctx->key_twk, in_key + AES_KEYSIZE_256);
159 break;
160 }
161
162 ppc_generate_decrypt_key(ctx->key_dec, ctx->key_enc, key_len);
163
164 return 0;
165}
166
167static void ppc_aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
168{
169 struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
170
171 spe_begin();
172 ppc_encrypt_aes(out, in, ctx->key_enc, ctx->rounds);
173 spe_end();
174}
175
176static void ppc_aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
177{
178 struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
179
180 spe_begin();
181 ppc_decrypt_aes(out, in, ctx->key_dec, ctx->rounds);
182 spe_end();
183}
184
185static int ppc_ecb_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
186 struct scatterlist *src, unsigned int nbytes)
187{
188 struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
189 struct blkcipher_walk walk;
190 unsigned int ubytes;
191 int err;
192
193 desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
194 blkcipher_walk_init(&walk, dst, src, nbytes);
195 err = blkcipher_walk_virt(desc, &walk);
196
197 while ((nbytes = walk.nbytes)) {
198 ubytes = nbytes > MAX_BYTES ?
199 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
200 nbytes -= ubytes;
201
202 spe_begin();
203 ppc_encrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
204 ctx->key_enc, ctx->rounds, nbytes);
205 spe_end();
206
207 err = blkcipher_walk_done(desc, &walk, ubytes);
208 }
209
210 return err;
211}
212
213static int ppc_ecb_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
214 struct scatterlist *src, unsigned int nbytes)
215{
216 struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
217 struct blkcipher_walk walk;
218 unsigned int ubytes;
219 int err;
220
221 desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
222 blkcipher_walk_init(&walk, dst, src, nbytes);
223 err = blkcipher_walk_virt(desc, &walk);
224
225 while ((nbytes = walk.nbytes)) {
226 ubytes = nbytes > MAX_BYTES ?
227 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
228 nbytes -= ubytes;
229
230 spe_begin();
231 ppc_decrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
232 ctx->key_dec, ctx->rounds, nbytes);
233 spe_end();
234
235 err = blkcipher_walk_done(desc, &walk, ubytes);
236 }
237
238 return err;
239}
240
241static int ppc_cbc_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
242 struct scatterlist *src, unsigned int nbytes)
243{
244 struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
245 struct blkcipher_walk walk;
246 unsigned int ubytes;
247 int err;
248
249 desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
250 blkcipher_walk_init(&walk, dst, src, nbytes);
251 err = blkcipher_walk_virt(desc, &walk);
252
253 while ((nbytes = walk.nbytes)) {
254 ubytes = nbytes > MAX_BYTES ?
255 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
256 nbytes -= ubytes;
257
258 spe_begin();
259 ppc_encrypt_cbc(walk.dst.virt.addr, walk.src.virt.addr,
260 ctx->key_enc, ctx->rounds, nbytes, walk.iv);
261 spe_end();
262
263 err = blkcipher_walk_done(desc, &walk, ubytes);
264 }
265
266 return err;
267}
268
269static int ppc_cbc_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
270 struct scatterlist *src, unsigned int nbytes)
271{
272 struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
273 struct blkcipher_walk walk;
274 unsigned int ubytes;
275 int err;
276
277 desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
278 blkcipher_walk_init(&walk, dst, src, nbytes);
279 err = blkcipher_walk_virt(desc, &walk);
280
281 while ((nbytes = walk.nbytes)) {
282 ubytes = nbytes > MAX_BYTES ?
283 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
284 nbytes -= ubytes;
285
286 spe_begin();
287 ppc_decrypt_cbc(walk.dst.virt.addr, walk.src.virt.addr,
288 ctx->key_dec, ctx->rounds, nbytes, walk.iv);
289 spe_end();
290
291 err = blkcipher_walk_done(desc, &walk, ubytes);
292 }
293
294 return err;
295}
296
297static int ppc_ctr_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
298 struct scatterlist *src, unsigned int nbytes)
299{
300 struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
301 struct blkcipher_walk walk;
302 unsigned int pbytes, ubytes;
303 int err;
304
305 desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
306 blkcipher_walk_init(&walk, dst, src, nbytes);
307 err = blkcipher_walk_virt_block(desc, &walk, AES_BLOCK_SIZE);
308
309 while ((pbytes = walk.nbytes)) {
310 pbytes = pbytes > MAX_BYTES ? MAX_BYTES : pbytes;
311 pbytes = pbytes == nbytes ?
312 nbytes : pbytes & ~(AES_BLOCK_SIZE - 1);
313 ubytes = walk.nbytes - pbytes;
314
315 spe_begin();
316 ppc_crypt_ctr(walk.dst.virt.addr, walk.src.virt.addr,
317 ctx->key_enc, ctx->rounds, pbytes , walk.iv);
318 spe_end();
319
320 nbytes -= pbytes;
321 err = blkcipher_walk_done(desc, &walk, ubytes);
322 }
323
324 return err;
325}
326
327static int ppc_xts_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
328 struct scatterlist *src, unsigned int nbytes)
329{
330 struct ppc_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
331 struct blkcipher_walk walk;
332 unsigned int ubytes;
333 int err;
334 u32 *twk;
335
336 desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
337 blkcipher_walk_init(&walk, dst, src, nbytes);
338 err = blkcipher_walk_virt(desc, &walk);
339 twk = ctx->key_twk;
340
341 while ((nbytes = walk.nbytes)) {
342 ubytes = nbytes > MAX_BYTES ?
343 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
344 nbytes -= ubytes;
345
346 spe_begin();
347 ppc_encrypt_xts(walk.dst.virt.addr, walk.src.virt.addr,
348 ctx->key_enc, ctx->rounds, nbytes, walk.iv, twk);
349 spe_end();
350
351 twk = NULL;
352 err = blkcipher_walk_done(desc, &walk, ubytes);
353 }
354
355 return err;
356}
357
358static int ppc_xts_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
359 struct scatterlist *src, unsigned int nbytes)
360{
361 struct ppc_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
362 struct blkcipher_walk walk;
363 unsigned int ubytes;
364 int err;
365 u32 *twk;
366
367 desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
368 blkcipher_walk_init(&walk, dst, src, nbytes);
369 err = blkcipher_walk_virt(desc, &walk);
370 twk = ctx->key_twk;
371
372 while ((nbytes = walk.nbytes)) {
373 ubytes = nbytes > MAX_BYTES ?
374 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
375 nbytes -= ubytes;
376
377 spe_begin();
378 ppc_decrypt_xts(walk.dst.virt.addr, walk.src.virt.addr,
379 ctx->key_dec, ctx->rounds, nbytes, walk.iv, twk);
380 spe_end();
381
382 twk = NULL;
383 err = blkcipher_walk_done(desc, &walk, ubytes);
384 }
385
386 return err;
387}
388
389/*
390 * Algorithm definitions. Disabling alignment (cra_alignmask=0) was chosen
391 * because the e500 platform can handle unaligned reads/writes very efficently.
392 * This improves IPsec thoughput by another few percent. Additionally we assume
393 * that AES context is always aligned to at least 8 bytes because it is created
394 * with kmalloc() in the crypto infrastructure
395 *
396 */
397static struct crypto_alg aes_algs[] = { {
398 .cra_name = "aes",
399 .cra_driver_name = "aes-ppc-spe",
400 .cra_priority = 300,
401 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
402 .cra_blocksize = AES_BLOCK_SIZE,
403 .cra_ctxsize = sizeof(struct ppc_aes_ctx),
404 .cra_alignmask = 0,
405 .cra_module = THIS_MODULE,
406 .cra_u = {
407 .cipher = {
408 .cia_min_keysize = AES_MIN_KEY_SIZE,
409 .cia_max_keysize = AES_MAX_KEY_SIZE,
410 .cia_setkey = ppc_aes_setkey,
411 .cia_encrypt = ppc_aes_encrypt,
412 .cia_decrypt = ppc_aes_decrypt
413 }
414 }
415}, {
416 .cra_name = "ecb(aes)",
417 .cra_driver_name = "ecb-ppc-spe",
418 .cra_priority = 300,
419 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
420 .cra_blocksize = AES_BLOCK_SIZE,
421 .cra_ctxsize = sizeof(struct ppc_aes_ctx),
422 .cra_alignmask = 0,
423 .cra_type = &crypto_blkcipher_type,
424 .cra_module = THIS_MODULE,
425 .cra_u = {
426 .blkcipher = {
427 .min_keysize = AES_MIN_KEY_SIZE,
428 .max_keysize = AES_MAX_KEY_SIZE,
429 .ivsize = AES_BLOCK_SIZE,
430 .setkey = ppc_aes_setkey,
431 .encrypt = ppc_ecb_encrypt,
432 .decrypt = ppc_ecb_decrypt,
433 }
434 }
435}, {
436 .cra_name = "cbc(aes)",
437 .cra_driver_name = "cbc-ppc-spe",
438 .cra_priority = 300,
439 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
440 .cra_blocksize = AES_BLOCK_SIZE,
441 .cra_ctxsize = sizeof(struct ppc_aes_ctx),
442 .cra_alignmask = 0,
443 .cra_type = &crypto_blkcipher_type,
444 .cra_module = THIS_MODULE,
445 .cra_u = {
446 .blkcipher = {
447 .min_keysize = AES_MIN_KEY_SIZE,
448 .max_keysize = AES_MAX_KEY_SIZE,
449 .ivsize = AES_BLOCK_SIZE,
450 .setkey = ppc_aes_setkey,
451 .encrypt = ppc_cbc_encrypt,
452 .decrypt = ppc_cbc_decrypt,
453 }
454 }
455}, {
456 .cra_name = "ctr(aes)",
457 .cra_driver_name = "ctr-ppc-spe",
458 .cra_priority = 300,
459 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
460 .cra_blocksize = 1,
461 .cra_ctxsize = sizeof(struct ppc_aes_ctx),
462 .cra_alignmask = 0,
463 .cra_type = &crypto_blkcipher_type,
464 .cra_module = THIS_MODULE,
465 .cra_u = {
466 .blkcipher = {
467 .min_keysize = AES_MIN_KEY_SIZE,
468 .max_keysize = AES_MAX_KEY_SIZE,
469 .ivsize = AES_BLOCK_SIZE,
470 .setkey = ppc_aes_setkey,
471 .encrypt = ppc_ctr_crypt,
472 .decrypt = ppc_ctr_crypt,
473 }
474 }
475}, {
476 .cra_name = "xts(aes)",
477 .cra_driver_name = "xts-ppc-spe",
478 .cra_priority = 300,
479 .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
480 .cra_blocksize = AES_BLOCK_SIZE,
481 .cra_ctxsize = sizeof(struct ppc_xts_ctx),
482 .cra_alignmask = 0,
483 .cra_type = &crypto_blkcipher_type,
484 .cra_module = THIS_MODULE,
485 .cra_u = {
486 .blkcipher = {
487 .min_keysize = AES_MIN_KEY_SIZE * 2,
488 .max_keysize = AES_MAX_KEY_SIZE * 2,
489 .ivsize = AES_BLOCK_SIZE,
490 .setkey = ppc_xts_setkey,
491 .encrypt = ppc_xts_encrypt,
492 .decrypt = ppc_xts_decrypt,
493 }
494 }
495} };
496
497static int __init ppc_aes_mod_init(void)
498{
499 return crypto_register_algs(aes_algs, ARRAY_SIZE(aes_algs));
500}
501
502static void __exit ppc_aes_mod_fini(void)
503{
504 crypto_unregister_algs(aes_algs, ARRAY_SIZE(aes_algs));
505}
506
507module_init(ppc_aes_mod_init);
508module_exit(ppc_aes_mod_fini);
509
510MODULE_LICENSE("GPL");
511MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS, SPE optimized");
512
513MODULE_ALIAS_CRYPTO("aes");
514MODULE_ALIAS_CRYPTO("ecb(aes)");
515MODULE_ALIAS_CRYPTO("cbc(aes)");
516MODULE_ALIAS_CRYPTO("ctr(aes)");
517MODULE_ALIAS_CRYPTO("xts(aes)");
518MODULE_ALIAS_CRYPTO("aes-ppc-spe");
Linux kernel - Deliverables
This page took 0.092545 seconds and 5 git commands to generate.