xref: /openbmc/linux/arch/powerpc/crypto/aes-spe-glue.c (revision 93707cbabcc8baf2b2b5f4a99c1f08ee83eb7abd)
1 /*
2  * Glue code for AES implementation for SPE instructions (PPC)
3  *
4  * Based on generic implementation. The assembler module takes care
5  * about the SPE registers so it can run from interrupt context.
6  *
7  * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
8  *
9  * This program is free software; you can redistribute it and/or modify it
10  * under the terms of the GNU General Public License as published by the Free
11  * Software Foundation; either version 2 of the License, or (at your option)
12  * any later version.
13  *
14  */
15 
16 #include <crypto/aes.h>
17 #include <linux/module.h>
18 #include <linux/init.h>
19 #include <linux/types.h>
20 #include <linux/errno.h>
21 #include <linux/crypto.h>
22 #include <asm/byteorder.h>
23 #include <asm/switch_to.h>
24 #include <crypto/algapi.h>
25 #include <crypto/xts.h>
26 
27 /*
28  * MAX_BYTES defines the number of bytes that are allowed to be processed
29  * between preempt_disable() and preempt_enable(). e500 cores can issue two
30  * instructions per clock cycle using one 32/64 bit unit (SU1) and one 32
31  * bit unit (SU2). One of these can be a memory access that is executed via
32  * a single load and store unit (LSU). XTS-AES-256 takes ~780 operations per
33  * 16 byte block block or 25 cycles per byte. Thus 768 bytes of input data
34  * will need an estimated maximum of 20,000 cycles. Headroom for cache misses
35  * included. Even with the low end model clocked at 667 MHz this equals to a
36  * critical time window of less than 30us. The value has been chosen to
37  * process a 512 byte disk block in one or a large 1400 bytes IPsec network
38  * packet in two runs.
39  *
40  */
41 #define MAX_BYTES 768
42 
43 struct ppc_aes_ctx {
44 	u32 key_enc[AES_MAX_KEYLENGTH_U32];
45 	u32 key_dec[AES_MAX_KEYLENGTH_U32];
46 	u32 rounds;
47 };
48 
49 struct ppc_xts_ctx {
50 	u32 key_enc[AES_MAX_KEYLENGTH_U32];
51 	u32 key_dec[AES_MAX_KEYLENGTH_U32];
52 	u32 key_twk[AES_MAX_KEYLENGTH_U32];
53 	u32 rounds;
54 };
55 
56 extern void ppc_encrypt_aes(u8 *out, const u8 *in, u32 *key_enc, u32 rounds);
57 extern void ppc_decrypt_aes(u8 *out, const u8 *in, u32 *key_dec, u32 rounds);
58 extern void ppc_encrypt_ecb(u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
59 			    u32 bytes);
60 extern void ppc_decrypt_ecb(u8 *out, const u8 *in, u32 *key_dec, u32 rounds,
61 			    u32 bytes);
62 extern void ppc_encrypt_cbc(u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
63 			    u32 bytes, u8 *iv);
64 extern void ppc_decrypt_cbc(u8 *out, const u8 *in, u32 *key_dec, u32 rounds,
65 			    u32 bytes, u8 *iv);
66 extern void ppc_crypt_ctr  (u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
67 			    u32 bytes, u8 *iv);
68 extern void ppc_encrypt_xts(u8 *out, const u8 *in, u32 *key_enc, u32 rounds,
69 			    u32 bytes, u8 *iv, u32 *key_twk);
70 extern void ppc_decrypt_xts(u8 *out, const u8 *in, u32 *key_dec, u32 rounds,
71 			    u32 bytes, u8 *iv, u32 *key_twk);
72 
73 extern void ppc_expand_key_128(u32 *key_enc, const u8 *key);
74 extern void ppc_expand_key_192(u32 *key_enc, const u8 *key);
75 extern void ppc_expand_key_256(u32 *key_enc, const u8 *key);
76 
77 extern void ppc_generate_decrypt_key(u32 *key_dec,u32 *key_enc,
78 				     unsigned int key_len);
79 
80 static void spe_begin(void)
81 {
82 	/* disable preemption and save users SPE registers if required */
83 	preempt_disable();
84 	enable_kernel_spe();
85 }
86 
87 static void spe_end(void)
88 {
89 	disable_kernel_spe();
90 	/* reenable preemption */
91 	preempt_enable();
92 }
93 
94 static int ppc_aes_setkey(struct crypto_tfm *tfm, const u8 *in_key,
95 		unsigned int key_len)
96 {
97 	struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
98 
99 	if (key_len != AES_KEYSIZE_128 &&
100 	    key_len != AES_KEYSIZE_192 &&
101 	    key_len != AES_KEYSIZE_256) {
102 		tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
103 		return -EINVAL;
104 	}
105 
106 	switch (key_len) {
107 	case AES_KEYSIZE_128:
108 		ctx->rounds = 4;
109 		ppc_expand_key_128(ctx->key_enc, in_key);
110 		break;
111 	case AES_KEYSIZE_192:
112 		ctx->rounds = 5;
113 		ppc_expand_key_192(ctx->key_enc, in_key);
114 		break;
115 	case AES_KEYSIZE_256:
116 		ctx->rounds = 6;
117 		ppc_expand_key_256(ctx->key_enc, in_key);
118 		break;
119 	}
120 
121 	ppc_generate_decrypt_key(ctx->key_dec, ctx->key_enc, key_len);
122 
123 	return 0;
124 }
125 
126 static int ppc_xts_setkey(struct crypto_tfm *tfm, const u8 *in_key,
127 		   unsigned int key_len)
128 {
129 	struct ppc_xts_ctx *ctx = crypto_tfm_ctx(tfm);
130 	int err;
131 
132 	err = xts_check_key(tfm, in_key, key_len);
133 	if (err)
134 		return err;
135 
136 	key_len >>= 1;
137 
138 	if (key_len != AES_KEYSIZE_128 &&
139 	    key_len != AES_KEYSIZE_192 &&
140 	    key_len != AES_KEYSIZE_256) {
141 		tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
142 		return -EINVAL;
143 	}
144 
145 	switch (key_len) {
146 	case AES_KEYSIZE_128:
147 		ctx->rounds = 4;
148 		ppc_expand_key_128(ctx->key_enc, in_key);
149 		ppc_expand_key_128(ctx->key_twk, in_key + AES_KEYSIZE_128);
150 		break;
151 	case AES_KEYSIZE_192:
152 		ctx->rounds = 5;
153 		ppc_expand_key_192(ctx->key_enc, in_key);
154 		ppc_expand_key_192(ctx->key_twk, in_key + AES_KEYSIZE_192);
155 		break;
156 	case AES_KEYSIZE_256:
157 		ctx->rounds = 6;
158 		ppc_expand_key_256(ctx->key_enc, in_key);
159 		ppc_expand_key_256(ctx->key_twk, in_key + AES_KEYSIZE_256);
160 		break;
161 	}
162 
163 	ppc_generate_decrypt_key(ctx->key_dec, ctx->key_enc, key_len);
164 
165 	return 0;
166 }
167 
168 static void ppc_aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
169 {
170 	struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
171 
172 	spe_begin();
173 	ppc_encrypt_aes(out, in, ctx->key_enc, ctx->rounds);
174 	spe_end();
175 }
176 
177 static void ppc_aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
178 {
179 	struct ppc_aes_ctx *ctx = crypto_tfm_ctx(tfm);
180 
181 	spe_begin();
182 	ppc_decrypt_aes(out, in, ctx->key_dec, ctx->rounds);
183 	spe_end();
184 }
185 
186 static int ppc_ecb_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
187 			   struct scatterlist *src, unsigned int nbytes)
188 {
189 	struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
190 	struct blkcipher_walk walk;
191 	unsigned int ubytes;
192 	int err;
193 
194 	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
195 	blkcipher_walk_init(&walk, dst, src, nbytes);
196 	err = blkcipher_walk_virt(desc, &walk);
197 
198 	while ((nbytes = walk.nbytes)) {
199 		ubytes = nbytes > MAX_BYTES ?
200 			 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
201 		nbytes -= ubytes;
202 
203 		spe_begin();
204 		ppc_encrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
205 				ctx->key_enc, ctx->rounds, nbytes);
206 		spe_end();
207 
208 		err = blkcipher_walk_done(desc, &walk, ubytes);
209 	}
210 
211 	return err;
212 }
213 
214 static int ppc_ecb_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
215 			   struct scatterlist *src, unsigned int nbytes)
216 {
217 	struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
218 	struct blkcipher_walk walk;
219 	unsigned int ubytes;
220 	int err;
221 
222 	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
223 	blkcipher_walk_init(&walk, dst, src, nbytes);
224 	err = blkcipher_walk_virt(desc, &walk);
225 
226 	while ((nbytes = walk.nbytes)) {
227 		ubytes = nbytes > MAX_BYTES ?
228 			 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
229 		nbytes -= ubytes;
230 
231 		spe_begin();
232 		ppc_decrypt_ecb(walk.dst.virt.addr, walk.src.virt.addr,
233 				ctx->key_dec, ctx->rounds, nbytes);
234 		spe_end();
235 
236 		err = blkcipher_walk_done(desc, &walk, ubytes);
237 	}
238 
239 	return err;
240 }
241 
242 static int ppc_cbc_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
243 			   struct scatterlist *src, unsigned int nbytes)
244 {
245 	struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
246 	struct blkcipher_walk walk;
247 	unsigned int ubytes;
248 	int err;
249 
250 	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
251 	blkcipher_walk_init(&walk, dst, src, nbytes);
252 	err = blkcipher_walk_virt(desc, &walk);
253 
254 	while ((nbytes = walk.nbytes)) {
255 		ubytes = nbytes > MAX_BYTES ?
256 			 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
257 		nbytes -= ubytes;
258 
259 		spe_begin();
260 		ppc_encrypt_cbc(walk.dst.virt.addr, walk.src.virt.addr,
261 				ctx->key_enc, ctx->rounds, nbytes, walk.iv);
262 		spe_end();
263 
264 		err = blkcipher_walk_done(desc, &walk, ubytes);
265 	}
266 
267 	return err;
268 }
269 
270 static int ppc_cbc_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
271 			   struct scatterlist *src, unsigned int nbytes)
272 {
273 	struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
274 	struct blkcipher_walk walk;
275 	unsigned int ubytes;
276 	int err;
277 
278 	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
279 	blkcipher_walk_init(&walk, dst, src, nbytes);
280 	err = blkcipher_walk_virt(desc, &walk);
281 
282 	while ((nbytes = walk.nbytes)) {
283 		ubytes = nbytes > MAX_BYTES ?
284 			 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
285 		nbytes -= ubytes;
286 
287 		spe_begin();
288 		ppc_decrypt_cbc(walk.dst.virt.addr, walk.src.virt.addr,
289 				ctx->key_dec, ctx->rounds, nbytes, walk.iv);
290 		spe_end();
291 
292 		err = blkcipher_walk_done(desc, &walk, ubytes);
293 	}
294 
295 	return err;
296 }
297 
298 static int ppc_ctr_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
299 			 struct scatterlist *src, unsigned int nbytes)
300 {
301 	struct ppc_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
302 	struct blkcipher_walk walk;
303 	unsigned int pbytes, ubytes;
304 	int err;
305 
306 	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
307 	blkcipher_walk_init(&walk, dst, src, nbytes);
308 	err = blkcipher_walk_virt_block(desc, &walk, AES_BLOCK_SIZE);
309 
310 	while ((pbytes = walk.nbytes)) {
311 		pbytes = pbytes > MAX_BYTES ? MAX_BYTES : pbytes;
312 		pbytes = pbytes == nbytes ?
313 			 nbytes : pbytes & ~(AES_BLOCK_SIZE - 1);
314 		ubytes = walk.nbytes - pbytes;
315 
316 		spe_begin();
317 		ppc_crypt_ctr(walk.dst.virt.addr, walk.src.virt.addr,
318 			      ctx->key_enc, ctx->rounds, pbytes , walk.iv);
319 		spe_end();
320 
321 		nbytes -= pbytes;
322 		err = blkcipher_walk_done(desc, &walk, ubytes);
323 	}
324 
325 	return err;
326 }
327 
328 static int ppc_xts_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
329 			   struct scatterlist *src, unsigned int nbytes)
330 {
331 	struct ppc_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
332 	struct blkcipher_walk walk;
333 	unsigned int ubytes;
334 	int err;
335 	u32 *twk;
336 
337 	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
338 	blkcipher_walk_init(&walk, dst, src, nbytes);
339 	err = blkcipher_walk_virt(desc, &walk);
340 	twk = ctx->key_twk;
341 
342 	while ((nbytes = walk.nbytes)) {
343 		ubytes = nbytes > MAX_BYTES ?
344 			 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
345 		nbytes -= ubytes;
346 
347 		spe_begin();
348 		ppc_encrypt_xts(walk.dst.virt.addr, walk.src.virt.addr,
349 				ctx->key_enc, ctx->rounds, nbytes, walk.iv, twk);
350 		spe_end();
351 
352 		twk = NULL;
353 		err = blkcipher_walk_done(desc, &walk, ubytes);
354 	}
355 
356 	return err;
357 }
358 
359 static int ppc_xts_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
360 			   struct scatterlist *src, unsigned int nbytes)
361 {
362 	struct ppc_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
363 	struct blkcipher_walk walk;
364 	unsigned int ubytes;
365 	int err;
366 	u32 *twk;
367 
368 	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
369 	blkcipher_walk_init(&walk, dst, src, nbytes);
370 	err = blkcipher_walk_virt(desc, &walk);
371 	twk = ctx->key_twk;
372 
373 	while ((nbytes = walk.nbytes)) {
374 		ubytes = nbytes > MAX_BYTES ?
375 			 nbytes - MAX_BYTES : nbytes & (AES_BLOCK_SIZE - 1);
376 		nbytes -= ubytes;
377 
378 		spe_begin();
379 		ppc_decrypt_xts(walk.dst.virt.addr, walk.src.virt.addr,
380 				ctx->key_dec, ctx->rounds, nbytes, walk.iv, twk);
381 		spe_end();
382 
383 		twk = NULL;
384 		err = blkcipher_walk_done(desc, &walk, ubytes);
385 	}
386 
387 	return err;
388 }
389 
390 /*
391  * Algorithm definitions. Disabling alignment (cra_alignmask=0) was chosen
392  * because the e500 platform can handle unaligned reads/writes very efficently.
393  * This improves IPsec thoughput by another few percent. Additionally we assume
394  * that AES context is always aligned to at least 8 bytes because it is created
395  * with kmalloc() in the crypto infrastructure
396  *
397  */
398 static struct crypto_alg aes_algs[] = { {
399 	.cra_name		=	"aes",
400 	.cra_driver_name	=	"aes-ppc-spe",
401 	.cra_priority		=	300,
402 	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
403 	.cra_blocksize		=	AES_BLOCK_SIZE,
404 	.cra_ctxsize		=	sizeof(struct ppc_aes_ctx),
405 	.cra_alignmask		=	0,
406 	.cra_module		=	THIS_MODULE,
407 	.cra_u			=	{
408 		.cipher = {
409 			.cia_min_keysize	=	AES_MIN_KEY_SIZE,
410 			.cia_max_keysize	=	AES_MAX_KEY_SIZE,
411 			.cia_setkey		=	ppc_aes_setkey,
412 			.cia_encrypt		=	ppc_aes_encrypt,
413 			.cia_decrypt		=	ppc_aes_decrypt
414 		}
415 	}
416 }, {
417 	.cra_name		=	"ecb(aes)",
418 	.cra_driver_name	=	"ecb-ppc-spe",
419 	.cra_priority		=	300,
420 	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
421 	.cra_blocksize		=	AES_BLOCK_SIZE,
422 	.cra_ctxsize		=	sizeof(struct ppc_aes_ctx),
423 	.cra_alignmask		=	0,
424 	.cra_type		=	&crypto_blkcipher_type,
425 	.cra_module		=	THIS_MODULE,
426 	.cra_u = {
427 		.blkcipher = {
428 			.min_keysize		=	AES_MIN_KEY_SIZE,
429 			.max_keysize		=	AES_MAX_KEY_SIZE,
430 			.ivsize			=	AES_BLOCK_SIZE,
431 			.setkey			=	ppc_aes_setkey,
432 			.encrypt		=	ppc_ecb_encrypt,
433 			.decrypt		=	ppc_ecb_decrypt,
434 		}
435 	}
436 }, {
437 	.cra_name		=	"cbc(aes)",
438 	.cra_driver_name	=	"cbc-ppc-spe",
439 	.cra_priority		=	300,
440 	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
441 	.cra_blocksize		=	AES_BLOCK_SIZE,
442 	.cra_ctxsize		=	sizeof(struct ppc_aes_ctx),
443 	.cra_alignmask		=	0,
444 	.cra_type		=	&crypto_blkcipher_type,
445 	.cra_module		=	THIS_MODULE,
446 	.cra_u = {
447 		.blkcipher = {
448 			.min_keysize		=	AES_MIN_KEY_SIZE,
449 			.max_keysize		=	AES_MAX_KEY_SIZE,
450 			.ivsize			=	AES_BLOCK_SIZE,
451 			.setkey			=	ppc_aes_setkey,
452 			.encrypt		=	ppc_cbc_encrypt,
453 			.decrypt		=	ppc_cbc_decrypt,
454 		}
455 	}
456 }, {
457 	.cra_name		=	"ctr(aes)",
458 	.cra_driver_name	=	"ctr-ppc-spe",
459 	.cra_priority		=	300,
460 	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
461 	.cra_blocksize		=	1,
462 	.cra_ctxsize		=	sizeof(struct ppc_aes_ctx),
463 	.cra_alignmask		=	0,
464 	.cra_type		=	&crypto_blkcipher_type,
465 	.cra_module		=	THIS_MODULE,
466 	.cra_u = {
467 		.blkcipher = {
468 			.min_keysize		=	AES_MIN_KEY_SIZE,
469 			.max_keysize		=	AES_MAX_KEY_SIZE,
470 			.ivsize			=	AES_BLOCK_SIZE,
471 			.setkey			=	ppc_aes_setkey,
472 			.encrypt		=	ppc_ctr_crypt,
473 			.decrypt		=	ppc_ctr_crypt,
474 		}
475 	}
476 }, {
477 	.cra_name		=	"xts(aes)",
478 	.cra_driver_name	=	"xts-ppc-spe",
479 	.cra_priority		=	300,
480 	.cra_flags		=	CRYPTO_ALG_TYPE_BLKCIPHER,
481 	.cra_blocksize		=	AES_BLOCK_SIZE,
482 	.cra_ctxsize		=	sizeof(struct ppc_xts_ctx),
483 	.cra_alignmask		=	0,
484 	.cra_type		=	&crypto_blkcipher_type,
485 	.cra_module		=	THIS_MODULE,
486 	.cra_u = {
487 		.blkcipher = {
488 			.min_keysize		=	AES_MIN_KEY_SIZE * 2,
489 			.max_keysize		=	AES_MAX_KEY_SIZE * 2,
490 			.ivsize			=	AES_BLOCK_SIZE,
491 			.setkey			=	ppc_xts_setkey,
492 			.encrypt		=	ppc_xts_encrypt,
493 			.decrypt		=	ppc_xts_decrypt,
494 		}
495 	}
496 } };
497 
498 static int __init ppc_aes_mod_init(void)
499 {
500 	return crypto_register_algs(aes_algs, ARRAY_SIZE(aes_algs));
501 }
502 
503 static void __exit ppc_aes_mod_fini(void)
504 {
505 	crypto_unregister_algs(aes_algs, ARRAY_SIZE(aes_algs));
506 }
507 
508 module_init(ppc_aes_mod_init);
509 module_exit(ppc_aes_mod_fini);
510 
511 MODULE_LICENSE("GPL");
512 MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS, SPE optimized");
513 
514 MODULE_ALIAS_CRYPTO("aes");
515 MODULE_ALIAS_CRYPTO("ecb(aes)");
516 MODULE_ALIAS_CRYPTO("cbc(aes)");
517 MODULE_ALIAS_CRYPTO("ctr(aes)");
518 MODULE_ALIAS_CRYPTO("xts(aes)");
519 MODULE_ALIAS_CRYPTO("aes-ppc-spe");
520