1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Glue Code for x86_64/AVX/AES-NI assembler optimized version of Camellia 4 * 5 * Copyright © 2012-2013 Jussi Kivilinna <jussi.kivilinna@iki.fi> 6 */ 7 8 #include <asm/crypto/camellia.h> 9 #include <asm/crypto/glue_helper.h> 10 #include <crypto/algapi.h> 11 #include <crypto/internal/simd.h> 12 #include <crypto/xts.h> 13 #include <linux/crypto.h> 14 #include <linux/err.h> 15 #include <linux/module.h> 16 #include <linux/types.h> 17 18 #define CAMELLIA_AESNI_PARALLEL_BLOCKS 16 19 20 /* 16-way parallel cipher functions (avx/aes-ni) */ 21 asmlinkage void camellia_ecb_enc_16way(struct camellia_ctx *ctx, u8 *dst, 22 const u8 *src); 23 EXPORT_SYMBOL_GPL(camellia_ecb_enc_16way); 24 25 asmlinkage void camellia_ecb_dec_16way(struct camellia_ctx *ctx, u8 *dst, 26 const u8 *src); 27 EXPORT_SYMBOL_GPL(camellia_ecb_dec_16way); 28 29 asmlinkage void camellia_cbc_dec_16way(struct camellia_ctx *ctx, u8 *dst, 30 const u8 *src); 31 EXPORT_SYMBOL_GPL(camellia_cbc_dec_16way); 32 33 asmlinkage void camellia_ctr_16way(struct camellia_ctx *ctx, u8 *dst, 34 const u8 *src, le128 *iv); 35 EXPORT_SYMBOL_GPL(camellia_ctr_16way); 36 37 asmlinkage void camellia_xts_enc_16way(struct camellia_ctx *ctx, u8 *dst, 38 const u8 *src, le128 *iv); 39 EXPORT_SYMBOL_GPL(camellia_xts_enc_16way); 40 41 asmlinkage void camellia_xts_dec_16way(struct camellia_ctx *ctx, u8 *dst, 42 const u8 *src, le128 *iv); 43 EXPORT_SYMBOL_GPL(camellia_xts_dec_16way); 44 45 void camellia_xts_enc(void *ctx, u128 *dst, const u128 *src, le128 *iv) 46 { 47 glue_xts_crypt_128bit_one(ctx, dst, src, iv, 48 GLUE_FUNC_CAST(camellia_enc_blk)); 49 } 50 EXPORT_SYMBOL_GPL(camellia_xts_enc); 51 52 void camellia_xts_dec(void *ctx, u128 *dst, const u128 *src, le128 *iv) 53 { 54 glue_xts_crypt_128bit_one(ctx, dst, src, iv, 55 GLUE_FUNC_CAST(camellia_dec_blk)); 56 } 57 EXPORT_SYMBOL_GPL(camellia_xts_dec); 58 59 static const struct common_glue_ctx camellia_enc = { 60 .num_funcs = 3, 61 .fpu_blocks_limit = CAMELLIA_AESNI_PARALLEL_BLOCKS, 62 63 .funcs = { { 64 .num_blocks = CAMELLIA_AESNI_PARALLEL_BLOCKS, 65 .fn_u = { .ecb = GLUE_FUNC_CAST(camellia_ecb_enc_16way) } 66 }, { 67 .num_blocks = 2, 68 .fn_u = { .ecb = GLUE_FUNC_CAST(camellia_enc_blk_2way) } 69 }, { 70 .num_blocks = 1, 71 .fn_u = { .ecb = GLUE_FUNC_CAST(camellia_enc_blk) } 72 } } 73 }; 74 75 static const struct common_glue_ctx camellia_ctr = { 76 .num_funcs = 3, 77 .fpu_blocks_limit = CAMELLIA_AESNI_PARALLEL_BLOCKS, 78 79 .funcs = { { 80 .num_blocks = CAMELLIA_AESNI_PARALLEL_BLOCKS, 81 .fn_u = { .ctr = GLUE_CTR_FUNC_CAST(camellia_ctr_16way) } 82 }, { 83 .num_blocks = 2, 84 .fn_u = { .ctr = GLUE_CTR_FUNC_CAST(camellia_crypt_ctr_2way) } 85 }, { 86 .num_blocks = 1, 87 .fn_u = { .ctr = GLUE_CTR_FUNC_CAST(camellia_crypt_ctr) } 88 } } 89 }; 90 91 static const struct common_glue_ctx camellia_enc_xts = { 92 .num_funcs = 2, 93 .fpu_blocks_limit = CAMELLIA_AESNI_PARALLEL_BLOCKS, 94 95 .funcs = { { 96 .num_blocks = CAMELLIA_AESNI_PARALLEL_BLOCKS, 97 .fn_u = { .xts = GLUE_XTS_FUNC_CAST(camellia_xts_enc_16way) } 98 }, { 99 .num_blocks = 1, 100 .fn_u = { .xts = GLUE_XTS_FUNC_CAST(camellia_xts_enc) } 101 } } 102 }; 103 104 static const struct common_glue_ctx camellia_dec = { 105 .num_funcs = 3, 106 .fpu_blocks_limit = CAMELLIA_AESNI_PARALLEL_BLOCKS, 107 108 .funcs = { { 109 .num_blocks = CAMELLIA_AESNI_PARALLEL_BLOCKS, 110 .fn_u = { .ecb = GLUE_FUNC_CAST(camellia_ecb_dec_16way) } 111 }, { 112 .num_blocks = 2, 113 .fn_u = { .ecb = GLUE_FUNC_CAST(camellia_dec_blk_2way) } 114 }, { 115 .num_blocks = 1, 116 .fn_u = { .ecb = GLUE_FUNC_CAST(camellia_dec_blk) } 117 } } 118 }; 119 120 static const struct common_glue_ctx camellia_dec_cbc = { 121 .num_funcs = 3, 122 .fpu_blocks_limit = CAMELLIA_AESNI_PARALLEL_BLOCKS, 123 124 .funcs = { { 125 .num_blocks = CAMELLIA_AESNI_PARALLEL_BLOCKS, 126 .fn_u = { .cbc = GLUE_CBC_FUNC_CAST(camellia_cbc_dec_16way) } 127 }, { 128 .num_blocks = 2, 129 .fn_u = { .cbc = GLUE_CBC_FUNC_CAST(camellia_decrypt_cbc_2way) } 130 }, { 131 .num_blocks = 1, 132 .fn_u = { .cbc = GLUE_CBC_FUNC_CAST(camellia_dec_blk) } 133 } } 134 }; 135 136 static const struct common_glue_ctx camellia_dec_xts = { 137 .num_funcs = 2, 138 .fpu_blocks_limit = CAMELLIA_AESNI_PARALLEL_BLOCKS, 139 140 .funcs = { { 141 .num_blocks = CAMELLIA_AESNI_PARALLEL_BLOCKS, 142 .fn_u = { .xts = GLUE_XTS_FUNC_CAST(camellia_xts_dec_16way) } 143 }, { 144 .num_blocks = 1, 145 .fn_u = { .xts = GLUE_XTS_FUNC_CAST(camellia_xts_dec) } 146 } } 147 }; 148 149 static int camellia_setkey(struct crypto_skcipher *tfm, const u8 *key, 150 unsigned int keylen) 151 { 152 return __camellia_setkey(crypto_skcipher_ctx(tfm), key, keylen, 153 &tfm->base.crt_flags); 154 } 155 156 static int ecb_encrypt(struct skcipher_request *req) 157 { 158 return glue_ecb_req_128bit(&camellia_enc, req); 159 } 160 161 static int ecb_decrypt(struct skcipher_request *req) 162 { 163 return glue_ecb_req_128bit(&camellia_dec, req); 164 } 165 166 static int cbc_encrypt(struct skcipher_request *req) 167 { 168 return glue_cbc_encrypt_req_128bit(GLUE_FUNC_CAST(camellia_enc_blk), 169 req); 170 } 171 172 static int cbc_decrypt(struct skcipher_request *req) 173 { 174 return glue_cbc_decrypt_req_128bit(&camellia_dec_cbc, req); 175 } 176 177 static int ctr_crypt(struct skcipher_request *req) 178 { 179 return glue_ctr_req_128bit(&camellia_ctr, req); 180 } 181 182 int xts_camellia_setkey(struct crypto_skcipher *tfm, const u8 *key, 183 unsigned int keylen) 184 { 185 struct camellia_xts_ctx *ctx = crypto_skcipher_ctx(tfm); 186 u32 *flags = &tfm->base.crt_flags; 187 int err; 188 189 err = xts_verify_key(tfm, key, keylen); 190 if (err) 191 return err; 192 193 /* first half of xts-key is for crypt */ 194 err = __camellia_setkey(&ctx->crypt_ctx, key, keylen / 2, flags); 195 if (err) 196 return err; 197 198 /* second half of xts-key is for tweak */ 199 return __camellia_setkey(&ctx->tweak_ctx, key + keylen / 2, keylen / 2, 200 flags); 201 } 202 EXPORT_SYMBOL_GPL(xts_camellia_setkey); 203 204 static int xts_encrypt(struct skcipher_request *req) 205 { 206 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 207 struct camellia_xts_ctx *ctx = crypto_skcipher_ctx(tfm); 208 209 return glue_xts_req_128bit(&camellia_enc_xts, req, 210 XTS_TWEAK_CAST(camellia_enc_blk), 211 &ctx->tweak_ctx, &ctx->crypt_ctx); 212 } 213 214 static int xts_decrypt(struct skcipher_request *req) 215 { 216 struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 217 struct camellia_xts_ctx *ctx = crypto_skcipher_ctx(tfm); 218 219 return glue_xts_req_128bit(&camellia_dec_xts, req, 220 XTS_TWEAK_CAST(camellia_enc_blk), 221 &ctx->tweak_ctx, &ctx->crypt_ctx); 222 } 223 224 static struct skcipher_alg camellia_algs[] = { 225 { 226 .base.cra_name = "__ecb(camellia)", 227 .base.cra_driver_name = "__ecb-camellia-aesni", 228 .base.cra_priority = 400, 229 .base.cra_flags = CRYPTO_ALG_INTERNAL, 230 .base.cra_blocksize = CAMELLIA_BLOCK_SIZE, 231 .base.cra_ctxsize = sizeof(struct camellia_ctx), 232 .base.cra_module = THIS_MODULE, 233 .min_keysize = CAMELLIA_MIN_KEY_SIZE, 234 .max_keysize = CAMELLIA_MAX_KEY_SIZE, 235 .setkey = camellia_setkey, 236 .encrypt = ecb_encrypt, 237 .decrypt = ecb_decrypt, 238 }, { 239 .base.cra_name = "__cbc(camellia)", 240 .base.cra_driver_name = "__cbc-camellia-aesni", 241 .base.cra_priority = 400, 242 .base.cra_flags = CRYPTO_ALG_INTERNAL, 243 .base.cra_blocksize = CAMELLIA_BLOCK_SIZE, 244 .base.cra_ctxsize = sizeof(struct camellia_ctx), 245 .base.cra_module = THIS_MODULE, 246 .min_keysize = CAMELLIA_MIN_KEY_SIZE, 247 .max_keysize = CAMELLIA_MAX_KEY_SIZE, 248 .ivsize = CAMELLIA_BLOCK_SIZE, 249 .setkey = camellia_setkey, 250 .encrypt = cbc_encrypt, 251 .decrypt = cbc_decrypt, 252 }, { 253 .base.cra_name = "__ctr(camellia)", 254 .base.cra_driver_name = "__ctr-camellia-aesni", 255 .base.cra_priority = 400, 256 .base.cra_flags = CRYPTO_ALG_INTERNAL, 257 .base.cra_blocksize = 1, 258 .base.cra_ctxsize = sizeof(struct camellia_ctx), 259 .base.cra_module = THIS_MODULE, 260 .min_keysize = CAMELLIA_MIN_KEY_SIZE, 261 .max_keysize = CAMELLIA_MAX_KEY_SIZE, 262 .ivsize = CAMELLIA_BLOCK_SIZE, 263 .chunksize = CAMELLIA_BLOCK_SIZE, 264 .setkey = camellia_setkey, 265 .encrypt = ctr_crypt, 266 .decrypt = ctr_crypt, 267 }, { 268 .base.cra_name = "__xts(camellia)", 269 .base.cra_driver_name = "__xts-camellia-aesni", 270 .base.cra_priority = 400, 271 .base.cra_flags = CRYPTO_ALG_INTERNAL, 272 .base.cra_blocksize = CAMELLIA_BLOCK_SIZE, 273 .base.cra_ctxsize = sizeof(struct camellia_xts_ctx), 274 .base.cra_module = THIS_MODULE, 275 .min_keysize = 2 * CAMELLIA_MIN_KEY_SIZE, 276 .max_keysize = 2 * CAMELLIA_MAX_KEY_SIZE, 277 .ivsize = CAMELLIA_BLOCK_SIZE, 278 .setkey = xts_camellia_setkey, 279 .encrypt = xts_encrypt, 280 .decrypt = xts_decrypt, 281 }, 282 }; 283 284 static struct simd_skcipher_alg *camellia_simd_algs[ARRAY_SIZE(camellia_algs)]; 285 286 static int __init camellia_aesni_init(void) 287 { 288 const char *feature_name; 289 290 if (!boot_cpu_has(X86_FEATURE_AVX) || 291 !boot_cpu_has(X86_FEATURE_AES) || 292 !boot_cpu_has(X86_FEATURE_OSXSAVE)) { 293 pr_info("AVX or AES-NI instructions are not detected.\n"); 294 return -ENODEV; 295 } 296 297 if (!cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, 298 &feature_name)) { 299 pr_info("CPU feature '%s' is not supported.\n", feature_name); 300 return -ENODEV; 301 } 302 303 return simd_register_skciphers_compat(camellia_algs, 304 ARRAY_SIZE(camellia_algs), 305 camellia_simd_algs); 306 } 307 308 static void __exit camellia_aesni_fini(void) 309 { 310 simd_unregister_skciphers(camellia_algs, ARRAY_SIZE(camellia_algs), 311 camellia_simd_algs); 312 } 313 314 module_init(camellia_aesni_init); 315 module_exit(camellia_aesni_fini); 316 317 MODULE_LICENSE("GPL"); 318 MODULE_DESCRIPTION("Camellia Cipher Algorithm, AES-NI/AVX optimized"); 319 MODULE_ALIAS_CRYPTO("camellia"); 320 MODULE_ALIAS_CRYPTO("camellia-asm"); 321