xref: /openbmc/linux/arch/x86/crypto/blowfish_glue.c (revision 62975d27)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Glue Code for assembler optimized version of Blowfish
4  *
5  * Copyright (c) 2011 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
6  *
7  * CBC & ECB parts based on code (crypto/cbc.c,ecb.c) by:
8  *   Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
9  * CTR part based on code (crypto/ctr.c) by:
10  *   (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
11  */
12 
13 #include <crypto/algapi.h>
14 #include <crypto/blowfish.h>
15 #include <crypto/internal/skcipher.h>
16 #include <linux/crypto.h>
17 #include <linux/init.h>
18 #include <linux/module.h>
19 #include <linux/types.h>
20 
21 /* regular block cipher functions */
22 asmlinkage void __blowfish_enc_blk(struct bf_ctx *ctx, u8 *dst, const u8 *src,
23 				   bool xor);
24 asmlinkage void blowfish_dec_blk(struct bf_ctx *ctx, u8 *dst, const u8 *src);
25 
26 /* 4-way parallel cipher functions */
27 asmlinkage void __blowfish_enc_blk_4way(struct bf_ctx *ctx, u8 *dst,
28 					const u8 *src, bool xor);
29 asmlinkage void blowfish_dec_blk_4way(struct bf_ctx *ctx, u8 *dst,
30 				      const u8 *src);
31 
32 static inline void blowfish_enc_blk(struct bf_ctx *ctx, u8 *dst, const u8 *src)
33 {
34 	__blowfish_enc_blk(ctx, dst, src, false);
35 }
36 
37 static inline void blowfish_enc_blk_xor(struct bf_ctx *ctx, u8 *dst,
38 					const u8 *src)
39 {
40 	__blowfish_enc_blk(ctx, dst, src, true);
41 }
42 
43 static inline void blowfish_enc_blk_4way(struct bf_ctx *ctx, u8 *dst,
44 					 const u8 *src)
45 {
46 	__blowfish_enc_blk_4way(ctx, dst, src, false);
47 }
48 
49 static inline void blowfish_enc_blk_xor_4way(struct bf_ctx *ctx, u8 *dst,
50 				      const u8 *src)
51 {
52 	__blowfish_enc_blk_4way(ctx, dst, src, true);
53 }
54 
55 static void blowfish_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
56 {
57 	blowfish_enc_blk(crypto_tfm_ctx(tfm), dst, src);
58 }
59 
60 static void blowfish_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
61 {
62 	blowfish_dec_blk(crypto_tfm_ctx(tfm), dst, src);
63 }
64 
65 static int blowfish_setkey_skcipher(struct crypto_skcipher *tfm,
66 				    const u8 *key, unsigned int keylen)
67 {
68 	return blowfish_setkey(&tfm->base, key, keylen);
69 }
70 
71 static int ecb_crypt(struct skcipher_request *req,
72 		     void (*fn)(struct bf_ctx *, u8 *, const u8 *),
73 		     void (*fn_4way)(struct bf_ctx *, u8 *, const u8 *))
74 {
75 	unsigned int bsize = BF_BLOCK_SIZE;
76 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
77 	struct bf_ctx *ctx = crypto_skcipher_ctx(tfm);
78 	struct skcipher_walk walk;
79 	unsigned int nbytes;
80 	int err;
81 
82 	err = skcipher_walk_virt(&walk, req, false);
83 
84 	while ((nbytes = walk.nbytes)) {
85 		u8 *wsrc = walk.src.virt.addr;
86 		u8 *wdst = walk.dst.virt.addr;
87 
88 		/* Process four block batch */
89 		if (nbytes >= bsize * 4) {
90 			do {
91 				fn_4way(ctx, wdst, wsrc);
92 
93 				wsrc += bsize * 4;
94 				wdst += bsize * 4;
95 				nbytes -= bsize * 4;
96 			} while (nbytes >= bsize * 4);
97 
98 			if (nbytes < bsize)
99 				goto done;
100 		}
101 
102 		/* Handle leftovers */
103 		do {
104 			fn(ctx, wdst, wsrc);
105 
106 			wsrc += bsize;
107 			wdst += bsize;
108 			nbytes -= bsize;
109 		} while (nbytes >= bsize);
110 
111 done:
112 		err = skcipher_walk_done(&walk, nbytes);
113 	}
114 
115 	return err;
116 }
117 
118 static int ecb_encrypt(struct skcipher_request *req)
119 {
120 	return ecb_crypt(req, blowfish_enc_blk, blowfish_enc_blk_4way);
121 }
122 
123 static int ecb_decrypt(struct skcipher_request *req)
124 {
125 	return ecb_crypt(req, blowfish_dec_blk, blowfish_dec_blk_4way);
126 }
127 
128 static unsigned int __cbc_encrypt(struct bf_ctx *ctx,
129 				  struct skcipher_walk *walk)
130 {
131 	unsigned int bsize = BF_BLOCK_SIZE;
132 	unsigned int nbytes = walk->nbytes;
133 	u64 *src = (u64 *)walk->src.virt.addr;
134 	u64 *dst = (u64 *)walk->dst.virt.addr;
135 	u64 *iv = (u64 *)walk->iv;
136 
137 	do {
138 		*dst = *src ^ *iv;
139 		blowfish_enc_blk(ctx, (u8 *)dst, (u8 *)dst);
140 		iv = dst;
141 
142 		src += 1;
143 		dst += 1;
144 		nbytes -= bsize;
145 	} while (nbytes >= bsize);
146 
147 	*(u64 *)walk->iv = *iv;
148 	return nbytes;
149 }
150 
151 static int cbc_encrypt(struct skcipher_request *req)
152 {
153 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
154 	struct bf_ctx *ctx = crypto_skcipher_ctx(tfm);
155 	struct skcipher_walk walk;
156 	unsigned int nbytes;
157 	int err;
158 
159 	err = skcipher_walk_virt(&walk, req, false);
160 
161 	while ((nbytes = walk.nbytes)) {
162 		nbytes = __cbc_encrypt(ctx, &walk);
163 		err = skcipher_walk_done(&walk, nbytes);
164 	}
165 
166 	return err;
167 }
168 
169 static unsigned int __cbc_decrypt(struct bf_ctx *ctx,
170 				  struct skcipher_walk *walk)
171 {
172 	unsigned int bsize = BF_BLOCK_SIZE;
173 	unsigned int nbytes = walk->nbytes;
174 	u64 *src = (u64 *)walk->src.virt.addr;
175 	u64 *dst = (u64 *)walk->dst.virt.addr;
176 	u64 ivs[4 - 1];
177 	u64 last_iv;
178 
179 	/* Start of the last block. */
180 	src += nbytes / bsize - 1;
181 	dst += nbytes / bsize - 1;
182 
183 	last_iv = *src;
184 
185 	/* Process four block batch */
186 	if (nbytes >= bsize * 4) {
187 		do {
188 			nbytes -= bsize * 4 - bsize;
189 			src -= 4 - 1;
190 			dst -= 4 - 1;
191 
192 			ivs[0] = src[0];
193 			ivs[1] = src[1];
194 			ivs[2] = src[2];
195 
196 			blowfish_dec_blk_4way(ctx, (u8 *)dst, (u8 *)src);
197 
198 			dst[1] ^= ivs[0];
199 			dst[2] ^= ivs[1];
200 			dst[3] ^= ivs[2];
201 
202 			nbytes -= bsize;
203 			if (nbytes < bsize)
204 				goto done;
205 
206 			*dst ^= *(src - 1);
207 			src -= 1;
208 			dst -= 1;
209 		} while (nbytes >= bsize * 4);
210 	}
211 
212 	/* Handle leftovers */
213 	for (;;) {
214 		blowfish_dec_blk(ctx, (u8 *)dst, (u8 *)src);
215 
216 		nbytes -= bsize;
217 		if (nbytes < bsize)
218 			break;
219 
220 		*dst ^= *(src - 1);
221 		src -= 1;
222 		dst -= 1;
223 	}
224 
225 done:
226 	*dst ^= *(u64 *)walk->iv;
227 	*(u64 *)walk->iv = last_iv;
228 
229 	return nbytes;
230 }
231 
232 static int cbc_decrypt(struct skcipher_request *req)
233 {
234 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
235 	struct bf_ctx *ctx = crypto_skcipher_ctx(tfm);
236 	struct skcipher_walk walk;
237 	unsigned int nbytes;
238 	int err;
239 
240 	err = skcipher_walk_virt(&walk, req, false);
241 
242 	while ((nbytes = walk.nbytes)) {
243 		nbytes = __cbc_decrypt(ctx, &walk);
244 		err = skcipher_walk_done(&walk, nbytes);
245 	}
246 
247 	return err;
248 }
249 
250 static void ctr_crypt_final(struct bf_ctx *ctx, struct skcipher_walk *walk)
251 {
252 	u8 *ctrblk = walk->iv;
253 	u8 keystream[BF_BLOCK_SIZE];
254 	u8 *src = walk->src.virt.addr;
255 	u8 *dst = walk->dst.virt.addr;
256 	unsigned int nbytes = walk->nbytes;
257 
258 	blowfish_enc_blk(ctx, keystream, ctrblk);
259 	crypto_xor_cpy(dst, keystream, src, nbytes);
260 
261 	crypto_inc(ctrblk, BF_BLOCK_SIZE);
262 }
263 
264 static unsigned int __ctr_crypt(struct bf_ctx *ctx, struct skcipher_walk *walk)
265 {
266 	unsigned int bsize = BF_BLOCK_SIZE;
267 	unsigned int nbytes = walk->nbytes;
268 	u64 *src = (u64 *)walk->src.virt.addr;
269 	u64 *dst = (u64 *)walk->dst.virt.addr;
270 	u64 ctrblk = be64_to_cpu(*(__be64 *)walk->iv);
271 	__be64 ctrblocks[4];
272 
273 	/* Process four block batch */
274 	if (nbytes >= bsize * 4) {
275 		do {
276 			if (dst != src) {
277 				dst[0] = src[0];
278 				dst[1] = src[1];
279 				dst[2] = src[2];
280 				dst[3] = src[3];
281 			}
282 
283 			/* create ctrblks for parallel encrypt */
284 			ctrblocks[0] = cpu_to_be64(ctrblk++);
285 			ctrblocks[1] = cpu_to_be64(ctrblk++);
286 			ctrblocks[2] = cpu_to_be64(ctrblk++);
287 			ctrblocks[3] = cpu_to_be64(ctrblk++);
288 
289 			blowfish_enc_blk_xor_4way(ctx, (u8 *)dst,
290 						  (u8 *)ctrblocks);
291 
292 			src += 4;
293 			dst += 4;
294 		} while ((nbytes -= bsize * 4) >= bsize * 4);
295 
296 		if (nbytes < bsize)
297 			goto done;
298 	}
299 
300 	/* Handle leftovers */
301 	do {
302 		if (dst != src)
303 			*dst = *src;
304 
305 		ctrblocks[0] = cpu_to_be64(ctrblk++);
306 
307 		blowfish_enc_blk_xor(ctx, (u8 *)dst, (u8 *)ctrblocks);
308 
309 		src += 1;
310 		dst += 1;
311 	} while ((nbytes -= bsize) >= bsize);
312 
313 done:
314 	*(__be64 *)walk->iv = cpu_to_be64(ctrblk);
315 	return nbytes;
316 }
317 
318 static int ctr_crypt(struct skcipher_request *req)
319 {
320 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
321 	struct bf_ctx *ctx = crypto_skcipher_ctx(tfm);
322 	struct skcipher_walk walk;
323 	unsigned int nbytes;
324 	int err;
325 
326 	err = skcipher_walk_virt(&walk, req, false);
327 
328 	while ((nbytes = walk.nbytes) >= BF_BLOCK_SIZE) {
329 		nbytes = __ctr_crypt(ctx, &walk);
330 		err = skcipher_walk_done(&walk, nbytes);
331 	}
332 
333 	if (nbytes) {
334 		ctr_crypt_final(ctx, &walk);
335 		err = skcipher_walk_done(&walk, 0);
336 	}
337 
338 	return err;
339 }
340 
341 static struct crypto_alg bf_cipher_alg = {
342 	.cra_name		= "blowfish",
343 	.cra_driver_name	= "blowfish-asm",
344 	.cra_priority		= 200,
345 	.cra_flags		= CRYPTO_ALG_TYPE_CIPHER,
346 	.cra_blocksize		= BF_BLOCK_SIZE,
347 	.cra_ctxsize		= sizeof(struct bf_ctx),
348 	.cra_alignmask		= 0,
349 	.cra_module		= THIS_MODULE,
350 	.cra_u = {
351 		.cipher = {
352 			.cia_min_keysize	= BF_MIN_KEY_SIZE,
353 			.cia_max_keysize	= BF_MAX_KEY_SIZE,
354 			.cia_setkey		= blowfish_setkey,
355 			.cia_encrypt		= blowfish_encrypt,
356 			.cia_decrypt		= blowfish_decrypt,
357 		}
358 	}
359 };
360 
361 static struct skcipher_alg bf_skcipher_algs[] = {
362 	{
363 		.base.cra_name		= "ecb(blowfish)",
364 		.base.cra_driver_name	= "ecb-blowfish-asm",
365 		.base.cra_priority	= 300,
366 		.base.cra_blocksize	= BF_BLOCK_SIZE,
367 		.base.cra_ctxsize	= sizeof(struct bf_ctx),
368 		.base.cra_module	= THIS_MODULE,
369 		.min_keysize		= BF_MIN_KEY_SIZE,
370 		.max_keysize		= BF_MAX_KEY_SIZE,
371 		.setkey			= blowfish_setkey_skcipher,
372 		.encrypt		= ecb_encrypt,
373 		.decrypt		= ecb_decrypt,
374 	}, {
375 		.base.cra_name		= "cbc(blowfish)",
376 		.base.cra_driver_name	= "cbc-blowfish-asm",
377 		.base.cra_priority	= 300,
378 		.base.cra_blocksize	= BF_BLOCK_SIZE,
379 		.base.cra_ctxsize	= sizeof(struct bf_ctx),
380 		.base.cra_module	= THIS_MODULE,
381 		.min_keysize		= BF_MIN_KEY_SIZE,
382 		.max_keysize		= BF_MAX_KEY_SIZE,
383 		.ivsize			= BF_BLOCK_SIZE,
384 		.setkey			= blowfish_setkey_skcipher,
385 		.encrypt		= cbc_encrypt,
386 		.decrypt		= cbc_decrypt,
387 	}, {
388 		.base.cra_name		= "ctr(blowfish)",
389 		.base.cra_driver_name	= "ctr-blowfish-asm",
390 		.base.cra_priority	= 300,
391 		.base.cra_blocksize	= 1,
392 		.base.cra_ctxsize	= sizeof(struct bf_ctx),
393 		.base.cra_module	= THIS_MODULE,
394 		.min_keysize		= BF_MIN_KEY_SIZE,
395 		.max_keysize		= BF_MAX_KEY_SIZE,
396 		.ivsize			= BF_BLOCK_SIZE,
397 		.chunksize		= BF_BLOCK_SIZE,
398 		.setkey			= blowfish_setkey_skcipher,
399 		.encrypt		= ctr_crypt,
400 		.decrypt		= ctr_crypt,
401 	},
402 };
403 
404 static bool is_blacklisted_cpu(void)
405 {
406 	if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
407 		return false;
408 
409 	if (boot_cpu_data.x86 == 0x0f) {
410 		/*
411 		 * On Pentium 4, blowfish-x86_64 is slower than generic C
412 		 * implementation because use of 64bit rotates (which are really
413 		 * slow on P4). Therefore blacklist P4s.
414 		 */
415 		return true;
416 	}
417 
418 	return false;
419 }
420 
421 static int force;
422 module_param(force, int, 0);
423 MODULE_PARM_DESC(force, "Force module load, ignore CPU blacklist");
424 
425 static int __init init(void)
426 {
427 	int err;
428 
429 	if (!force && is_blacklisted_cpu()) {
430 		printk(KERN_INFO
431 			"blowfish-x86_64: performance on this CPU "
432 			"would be suboptimal: disabling "
433 			"blowfish-x86_64.\n");
434 		return -ENODEV;
435 	}
436 
437 	err = crypto_register_alg(&bf_cipher_alg);
438 	if (err)
439 		return err;
440 
441 	err = crypto_register_skciphers(bf_skcipher_algs,
442 					ARRAY_SIZE(bf_skcipher_algs));
443 	if (err)
444 		crypto_unregister_alg(&bf_cipher_alg);
445 
446 	return err;
447 }
448 
449 static void __exit fini(void)
450 {
451 	crypto_unregister_alg(&bf_cipher_alg);
452 	crypto_unregister_skciphers(bf_skcipher_algs,
453 				    ARRAY_SIZE(bf_skcipher_algs));
454 }
455 
456 module_init(init);
457 module_exit(fini);
458 
459 MODULE_LICENSE("GPL");
460 MODULE_DESCRIPTION("Blowfish Cipher Algorithm, asm optimized");
461 MODULE_ALIAS_CRYPTO("blowfish");
462 MODULE_ALIAS_CRYPTO("blowfish-asm");
463