xref: /openbmc/linux/arch/x86/crypto/blowfish_glue.c (revision e3d786a3)
1 /*
2  * Glue Code for assembler optimized version of Blowfish
3  *
4  * Copyright (c) 2011 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
5  *
6  * CBC & ECB parts based on code (crypto/cbc.c,ecb.c) by:
7  *   Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
8  * CTR part based on code (crypto/ctr.c) by:
9  *   (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software
23  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
24  * USA
25  *
26  */
27 
28 #include <crypto/algapi.h>
29 #include <crypto/blowfish.h>
30 #include <crypto/internal/skcipher.h>
31 #include <linux/crypto.h>
32 #include <linux/init.h>
33 #include <linux/module.h>
34 #include <linux/types.h>
35 
36 /* regular block cipher functions */
37 asmlinkage void __blowfish_enc_blk(struct bf_ctx *ctx, u8 *dst, const u8 *src,
38 				   bool xor);
39 asmlinkage void blowfish_dec_blk(struct bf_ctx *ctx, u8 *dst, const u8 *src);
40 
41 /* 4-way parallel cipher functions */
42 asmlinkage void __blowfish_enc_blk_4way(struct bf_ctx *ctx, u8 *dst,
43 					const u8 *src, bool xor);
44 asmlinkage void blowfish_dec_blk_4way(struct bf_ctx *ctx, u8 *dst,
45 				      const u8 *src);
46 
47 static inline void blowfish_enc_blk(struct bf_ctx *ctx, u8 *dst, const u8 *src)
48 {
49 	__blowfish_enc_blk(ctx, dst, src, false);
50 }
51 
52 static inline void blowfish_enc_blk_xor(struct bf_ctx *ctx, u8 *dst,
53 					const u8 *src)
54 {
55 	__blowfish_enc_blk(ctx, dst, src, true);
56 }
57 
58 static inline void blowfish_enc_blk_4way(struct bf_ctx *ctx, u8 *dst,
59 					 const u8 *src)
60 {
61 	__blowfish_enc_blk_4way(ctx, dst, src, false);
62 }
63 
64 static inline void blowfish_enc_blk_xor_4way(struct bf_ctx *ctx, u8 *dst,
65 				      const u8 *src)
66 {
67 	__blowfish_enc_blk_4way(ctx, dst, src, true);
68 }
69 
70 static void blowfish_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
71 {
72 	blowfish_enc_blk(crypto_tfm_ctx(tfm), dst, src);
73 }
74 
75 static void blowfish_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
76 {
77 	blowfish_dec_blk(crypto_tfm_ctx(tfm), dst, src);
78 }
79 
80 static int blowfish_setkey_skcipher(struct crypto_skcipher *tfm,
81 				    const u8 *key, unsigned int keylen)
82 {
83 	return blowfish_setkey(&tfm->base, key, keylen);
84 }
85 
86 static int ecb_crypt(struct skcipher_request *req,
87 		     void (*fn)(struct bf_ctx *, u8 *, const u8 *),
88 		     void (*fn_4way)(struct bf_ctx *, u8 *, const u8 *))
89 {
90 	unsigned int bsize = BF_BLOCK_SIZE;
91 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
92 	struct bf_ctx *ctx = crypto_skcipher_ctx(tfm);
93 	struct skcipher_walk walk;
94 	unsigned int nbytes;
95 	int err;
96 
97 	err = skcipher_walk_virt(&walk, req, false);
98 
99 	while ((nbytes = walk.nbytes)) {
100 		u8 *wsrc = walk.src.virt.addr;
101 		u8 *wdst = walk.dst.virt.addr;
102 
103 		/* Process four block batch */
104 		if (nbytes >= bsize * 4) {
105 			do {
106 				fn_4way(ctx, wdst, wsrc);
107 
108 				wsrc += bsize * 4;
109 				wdst += bsize * 4;
110 				nbytes -= bsize * 4;
111 			} while (nbytes >= bsize * 4);
112 
113 			if (nbytes < bsize)
114 				goto done;
115 		}
116 
117 		/* Handle leftovers */
118 		do {
119 			fn(ctx, wdst, wsrc);
120 
121 			wsrc += bsize;
122 			wdst += bsize;
123 			nbytes -= bsize;
124 		} while (nbytes >= bsize);
125 
126 done:
127 		err = skcipher_walk_done(&walk, nbytes);
128 	}
129 
130 	return err;
131 }
132 
133 static int ecb_encrypt(struct skcipher_request *req)
134 {
135 	return ecb_crypt(req, blowfish_enc_blk, blowfish_enc_blk_4way);
136 }
137 
138 static int ecb_decrypt(struct skcipher_request *req)
139 {
140 	return ecb_crypt(req, blowfish_dec_blk, blowfish_dec_blk_4way);
141 }
142 
143 static unsigned int __cbc_encrypt(struct bf_ctx *ctx,
144 				  struct skcipher_walk *walk)
145 {
146 	unsigned int bsize = BF_BLOCK_SIZE;
147 	unsigned int nbytes = walk->nbytes;
148 	u64 *src = (u64 *)walk->src.virt.addr;
149 	u64 *dst = (u64 *)walk->dst.virt.addr;
150 	u64 *iv = (u64 *)walk->iv;
151 
152 	do {
153 		*dst = *src ^ *iv;
154 		blowfish_enc_blk(ctx, (u8 *)dst, (u8 *)dst);
155 		iv = dst;
156 
157 		src += 1;
158 		dst += 1;
159 		nbytes -= bsize;
160 	} while (nbytes >= bsize);
161 
162 	*(u64 *)walk->iv = *iv;
163 	return nbytes;
164 }
165 
166 static int cbc_encrypt(struct skcipher_request *req)
167 {
168 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
169 	struct bf_ctx *ctx = crypto_skcipher_ctx(tfm);
170 	struct skcipher_walk walk;
171 	unsigned int nbytes;
172 	int err;
173 
174 	err = skcipher_walk_virt(&walk, req, false);
175 
176 	while ((nbytes = walk.nbytes)) {
177 		nbytes = __cbc_encrypt(ctx, &walk);
178 		err = skcipher_walk_done(&walk, nbytes);
179 	}
180 
181 	return err;
182 }
183 
184 static unsigned int __cbc_decrypt(struct bf_ctx *ctx,
185 				  struct skcipher_walk *walk)
186 {
187 	unsigned int bsize = BF_BLOCK_SIZE;
188 	unsigned int nbytes = walk->nbytes;
189 	u64 *src = (u64 *)walk->src.virt.addr;
190 	u64 *dst = (u64 *)walk->dst.virt.addr;
191 	u64 ivs[4 - 1];
192 	u64 last_iv;
193 
194 	/* Start of the last block. */
195 	src += nbytes / bsize - 1;
196 	dst += nbytes / bsize - 1;
197 
198 	last_iv = *src;
199 
200 	/* Process four block batch */
201 	if (nbytes >= bsize * 4) {
202 		do {
203 			nbytes -= bsize * 4 - bsize;
204 			src -= 4 - 1;
205 			dst -= 4 - 1;
206 
207 			ivs[0] = src[0];
208 			ivs[1] = src[1];
209 			ivs[2] = src[2];
210 
211 			blowfish_dec_blk_4way(ctx, (u8 *)dst, (u8 *)src);
212 
213 			dst[1] ^= ivs[0];
214 			dst[2] ^= ivs[1];
215 			dst[3] ^= ivs[2];
216 
217 			nbytes -= bsize;
218 			if (nbytes < bsize)
219 				goto done;
220 
221 			*dst ^= *(src - 1);
222 			src -= 1;
223 			dst -= 1;
224 		} while (nbytes >= bsize * 4);
225 	}
226 
227 	/* Handle leftovers */
228 	for (;;) {
229 		blowfish_dec_blk(ctx, (u8 *)dst, (u8 *)src);
230 
231 		nbytes -= bsize;
232 		if (nbytes < bsize)
233 			break;
234 
235 		*dst ^= *(src - 1);
236 		src -= 1;
237 		dst -= 1;
238 	}
239 
240 done:
241 	*dst ^= *(u64 *)walk->iv;
242 	*(u64 *)walk->iv = last_iv;
243 
244 	return nbytes;
245 }
246 
247 static int cbc_decrypt(struct skcipher_request *req)
248 {
249 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
250 	struct bf_ctx *ctx = crypto_skcipher_ctx(tfm);
251 	struct skcipher_walk walk;
252 	unsigned int nbytes;
253 	int err;
254 
255 	err = skcipher_walk_virt(&walk, req, false);
256 
257 	while ((nbytes = walk.nbytes)) {
258 		nbytes = __cbc_decrypt(ctx, &walk);
259 		err = skcipher_walk_done(&walk, nbytes);
260 	}
261 
262 	return err;
263 }
264 
265 static void ctr_crypt_final(struct bf_ctx *ctx, struct skcipher_walk *walk)
266 {
267 	u8 *ctrblk = walk->iv;
268 	u8 keystream[BF_BLOCK_SIZE];
269 	u8 *src = walk->src.virt.addr;
270 	u8 *dst = walk->dst.virt.addr;
271 	unsigned int nbytes = walk->nbytes;
272 
273 	blowfish_enc_blk(ctx, keystream, ctrblk);
274 	crypto_xor_cpy(dst, keystream, src, nbytes);
275 
276 	crypto_inc(ctrblk, BF_BLOCK_SIZE);
277 }
278 
279 static unsigned int __ctr_crypt(struct bf_ctx *ctx, struct skcipher_walk *walk)
280 {
281 	unsigned int bsize = BF_BLOCK_SIZE;
282 	unsigned int nbytes = walk->nbytes;
283 	u64 *src = (u64 *)walk->src.virt.addr;
284 	u64 *dst = (u64 *)walk->dst.virt.addr;
285 	u64 ctrblk = be64_to_cpu(*(__be64 *)walk->iv);
286 	__be64 ctrblocks[4];
287 
288 	/* Process four block batch */
289 	if (nbytes >= bsize * 4) {
290 		do {
291 			if (dst != src) {
292 				dst[0] = src[0];
293 				dst[1] = src[1];
294 				dst[2] = src[2];
295 				dst[3] = src[3];
296 			}
297 
298 			/* create ctrblks for parallel encrypt */
299 			ctrblocks[0] = cpu_to_be64(ctrblk++);
300 			ctrblocks[1] = cpu_to_be64(ctrblk++);
301 			ctrblocks[2] = cpu_to_be64(ctrblk++);
302 			ctrblocks[3] = cpu_to_be64(ctrblk++);
303 
304 			blowfish_enc_blk_xor_4way(ctx, (u8 *)dst,
305 						  (u8 *)ctrblocks);
306 
307 			src += 4;
308 			dst += 4;
309 		} while ((nbytes -= bsize * 4) >= bsize * 4);
310 
311 		if (nbytes < bsize)
312 			goto done;
313 	}
314 
315 	/* Handle leftovers */
316 	do {
317 		if (dst != src)
318 			*dst = *src;
319 
320 		ctrblocks[0] = cpu_to_be64(ctrblk++);
321 
322 		blowfish_enc_blk_xor(ctx, (u8 *)dst, (u8 *)ctrblocks);
323 
324 		src += 1;
325 		dst += 1;
326 	} while ((nbytes -= bsize) >= bsize);
327 
328 done:
329 	*(__be64 *)walk->iv = cpu_to_be64(ctrblk);
330 	return nbytes;
331 }
332 
333 static int ctr_crypt(struct skcipher_request *req)
334 {
335 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
336 	struct bf_ctx *ctx = crypto_skcipher_ctx(tfm);
337 	struct skcipher_walk walk;
338 	unsigned int nbytes;
339 	int err;
340 
341 	err = skcipher_walk_virt(&walk, req, false);
342 
343 	while ((nbytes = walk.nbytes) >= BF_BLOCK_SIZE) {
344 		nbytes = __ctr_crypt(ctx, &walk);
345 		err = skcipher_walk_done(&walk, nbytes);
346 	}
347 
348 	if (nbytes) {
349 		ctr_crypt_final(ctx, &walk);
350 		err = skcipher_walk_done(&walk, 0);
351 	}
352 
353 	return err;
354 }
355 
356 static struct crypto_alg bf_cipher_alg = {
357 	.cra_name		= "blowfish",
358 	.cra_driver_name	= "blowfish-asm",
359 	.cra_priority		= 200,
360 	.cra_flags		= CRYPTO_ALG_TYPE_CIPHER,
361 	.cra_blocksize		= BF_BLOCK_SIZE,
362 	.cra_ctxsize		= sizeof(struct bf_ctx),
363 	.cra_alignmask		= 0,
364 	.cra_module		= THIS_MODULE,
365 	.cra_u = {
366 		.cipher = {
367 			.cia_min_keysize	= BF_MIN_KEY_SIZE,
368 			.cia_max_keysize	= BF_MAX_KEY_SIZE,
369 			.cia_setkey		= blowfish_setkey,
370 			.cia_encrypt		= blowfish_encrypt,
371 			.cia_decrypt		= blowfish_decrypt,
372 		}
373 	}
374 };
375 
376 static struct skcipher_alg bf_skcipher_algs[] = {
377 	{
378 		.base.cra_name		= "ecb(blowfish)",
379 		.base.cra_driver_name	= "ecb-blowfish-asm",
380 		.base.cra_priority	= 300,
381 		.base.cra_blocksize	= BF_BLOCK_SIZE,
382 		.base.cra_ctxsize	= sizeof(struct bf_ctx),
383 		.base.cra_module	= THIS_MODULE,
384 		.min_keysize		= BF_MIN_KEY_SIZE,
385 		.max_keysize		= BF_MAX_KEY_SIZE,
386 		.setkey			= blowfish_setkey_skcipher,
387 		.encrypt		= ecb_encrypt,
388 		.decrypt		= ecb_decrypt,
389 	}, {
390 		.base.cra_name		= "cbc(blowfish)",
391 		.base.cra_driver_name	= "cbc-blowfish-asm",
392 		.base.cra_priority	= 300,
393 		.base.cra_blocksize	= BF_BLOCK_SIZE,
394 		.base.cra_ctxsize	= sizeof(struct bf_ctx),
395 		.base.cra_module	= THIS_MODULE,
396 		.min_keysize		= BF_MIN_KEY_SIZE,
397 		.max_keysize		= BF_MAX_KEY_SIZE,
398 		.ivsize			= BF_BLOCK_SIZE,
399 		.setkey			= blowfish_setkey_skcipher,
400 		.encrypt		= cbc_encrypt,
401 		.decrypt		= cbc_decrypt,
402 	}, {
403 		.base.cra_name		= "ctr(blowfish)",
404 		.base.cra_driver_name	= "ctr-blowfish-asm",
405 		.base.cra_priority	= 300,
406 		.base.cra_blocksize	= 1,
407 		.base.cra_ctxsize	= sizeof(struct bf_ctx),
408 		.base.cra_module	= THIS_MODULE,
409 		.min_keysize		= BF_MIN_KEY_SIZE,
410 		.max_keysize		= BF_MAX_KEY_SIZE,
411 		.ivsize			= BF_BLOCK_SIZE,
412 		.chunksize		= BF_BLOCK_SIZE,
413 		.setkey			= blowfish_setkey_skcipher,
414 		.encrypt		= ctr_crypt,
415 		.decrypt		= ctr_crypt,
416 	},
417 };
418 
419 static bool is_blacklisted_cpu(void)
420 {
421 	if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
422 		return false;
423 
424 	if (boot_cpu_data.x86 == 0x0f) {
425 		/*
426 		 * On Pentium 4, blowfish-x86_64 is slower than generic C
427 		 * implementation because use of 64bit rotates (which are really
428 		 * slow on P4). Therefore blacklist P4s.
429 		 */
430 		return true;
431 	}
432 
433 	return false;
434 }
435 
436 static int force;
437 module_param(force, int, 0);
438 MODULE_PARM_DESC(force, "Force module load, ignore CPU blacklist");
439 
440 static int __init init(void)
441 {
442 	int err;
443 
444 	if (!force && is_blacklisted_cpu()) {
445 		printk(KERN_INFO
446 			"blowfish-x86_64: performance on this CPU "
447 			"would be suboptimal: disabling "
448 			"blowfish-x86_64.\n");
449 		return -ENODEV;
450 	}
451 
452 	err = crypto_register_alg(&bf_cipher_alg);
453 	if (err)
454 		return err;
455 
456 	err = crypto_register_skciphers(bf_skcipher_algs,
457 					ARRAY_SIZE(bf_skcipher_algs));
458 	if (err)
459 		crypto_unregister_alg(&bf_cipher_alg);
460 
461 	return err;
462 }
463 
464 static void __exit fini(void)
465 {
466 	crypto_unregister_alg(&bf_cipher_alg);
467 	crypto_unregister_skciphers(bf_skcipher_algs,
468 				    ARRAY_SIZE(bf_skcipher_algs));
469 }
470 
471 module_init(init);
472 module_exit(fini);
473 
474 MODULE_LICENSE("GPL");
475 MODULE_DESCRIPTION("Blowfish Cipher Algorithm, asm optimized");
476 MODULE_ALIAS_CRYPTO("blowfish");
477 MODULE_ALIAS_CRYPTO("blowfish-asm");
478