162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-or-later */ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Glue Code for the AVX2/AES-NI/GFNI assembler implementation of the ARIA Cipher 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (c) 2022 Taehee Yoo <ap420073@gmail.com> 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#include <crypto/algapi.h> 962306a36Sopenharmony_ci#include <crypto/internal/simd.h> 1062306a36Sopenharmony_ci#include <crypto/aria.h> 1162306a36Sopenharmony_ci#include <linux/crypto.h> 1262306a36Sopenharmony_ci#include <linux/err.h> 1362306a36Sopenharmony_ci#include <linux/module.h> 1462306a36Sopenharmony_ci#include <linux/types.h> 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci#include "ecb_cbc_helpers.h" 1762306a36Sopenharmony_ci#include "aria-avx.h" 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ciasmlinkage void aria_aesni_avx2_encrypt_32way(const void *ctx, u8 *dst, 2062306a36Sopenharmony_ci const u8 *src); 2162306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(aria_aesni_avx2_encrypt_32way); 2262306a36Sopenharmony_ciasmlinkage void aria_aesni_avx2_decrypt_32way(const void *ctx, u8 *dst, 2362306a36Sopenharmony_ci const u8 *src); 2462306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(aria_aesni_avx2_decrypt_32way); 2562306a36Sopenharmony_ciasmlinkage void aria_aesni_avx2_ctr_crypt_32way(const void *ctx, u8 *dst, 2662306a36Sopenharmony_ci const u8 *src, 2762306a36Sopenharmony_ci u8 *keystream, u8 *iv); 2862306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(aria_aesni_avx2_ctr_crypt_32way); 2962306a36Sopenharmony_ci#ifdef CONFIG_AS_GFNI 3062306a36Sopenharmony_ciasmlinkage void aria_aesni_avx2_gfni_encrypt_32way(const void *ctx, u8 *dst, 3162306a36Sopenharmony_ci const u8 *src); 3262306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(aria_aesni_avx2_gfni_encrypt_32way); 3362306a36Sopenharmony_ciasmlinkage void aria_aesni_avx2_gfni_decrypt_32way(const void *ctx, u8 *dst, 3462306a36Sopenharmony_ci const u8 *src); 3562306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(aria_aesni_avx2_gfni_decrypt_32way); 3662306a36Sopenharmony_ciasmlinkage void aria_aesni_avx2_gfni_ctr_crypt_32way(const void *ctx, u8 *dst, 3762306a36Sopenharmony_ci const u8 *src, 3862306a36Sopenharmony_ci u8 *keystream, u8 *iv); 3962306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(aria_aesni_avx2_gfni_ctr_crypt_32way); 4062306a36Sopenharmony_ci#endif /* CONFIG_AS_GFNI */ 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_cistatic struct aria_avx_ops aria_ops; 4362306a36Sopenharmony_ci 4462306a36Sopenharmony_cistruct aria_avx2_request_ctx { 4562306a36Sopenharmony_ci u8 keystream[ARIA_AESNI_AVX2_PARALLEL_BLOCK_SIZE]; 4662306a36Sopenharmony_ci}; 4762306a36Sopenharmony_ci 4862306a36Sopenharmony_cistatic int ecb_do_encrypt(struct skcipher_request *req, const u32 *rkey) 4962306a36Sopenharmony_ci{ 5062306a36Sopenharmony_ci ECB_WALK_START(req, ARIA_BLOCK_SIZE, ARIA_AESNI_PARALLEL_BLOCKS); 5162306a36Sopenharmony_ci ECB_BLOCK(ARIA_AESNI_AVX2_PARALLEL_BLOCKS, aria_ops.aria_encrypt_32way); 5262306a36Sopenharmony_ci ECB_BLOCK(ARIA_AESNI_PARALLEL_BLOCKS, aria_ops.aria_encrypt_16way); 5362306a36Sopenharmony_ci ECB_BLOCK(1, aria_encrypt); 5462306a36Sopenharmony_ci ECB_WALK_END(); 5562306a36Sopenharmony_ci} 5662306a36Sopenharmony_ci 5762306a36Sopenharmony_cistatic int ecb_do_decrypt(struct skcipher_request *req, const u32 *rkey) 5862306a36Sopenharmony_ci{ 5962306a36Sopenharmony_ci ECB_WALK_START(req, ARIA_BLOCK_SIZE, ARIA_AESNI_PARALLEL_BLOCKS); 6062306a36Sopenharmony_ci ECB_BLOCK(ARIA_AESNI_AVX2_PARALLEL_BLOCKS, aria_ops.aria_decrypt_32way); 6162306a36Sopenharmony_ci ECB_BLOCK(ARIA_AESNI_PARALLEL_BLOCKS, aria_ops.aria_decrypt_16way); 6262306a36Sopenharmony_ci ECB_BLOCK(1, aria_decrypt); 6362306a36Sopenharmony_ci ECB_WALK_END(); 6462306a36Sopenharmony_ci} 6562306a36Sopenharmony_ci 6662306a36Sopenharmony_cistatic int aria_avx2_ecb_encrypt(struct skcipher_request *req) 6762306a36Sopenharmony_ci{ 6862306a36Sopenharmony_ci struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 6962306a36Sopenharmony_ci struct aria_ctx *ctx = crypto_skcipher_ctx(tfm); 7062306a36Sopenharmony_ci 7162306a36Sopenharmony_ci return ecb_do_encrypt(req, ctx->enc_key[0]); 7262306a36Sopenharmony_ci} 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_cistatic int aria_avx2_ecb_decrypt(struct skcipher_request *req) 7562306a36Sopenharmony_ci{ 7662306a36Sopenharmony_ci struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 7762306a36Sopenharmony_ci struct aria_ctx *ctx = crypto_skcipher_ctx(tfm); 7862306a36Sopenharmony_ci 7962306a36Sopenharmony_ci return ecb_do_decrypt(req, ctx->dec_key[0]); 8062306a36Sopenharmony_ci} 8162306a36Sopenharmony_ci 8262306a36Sopenharmony_cistatic int aria_avx2_set_key(struct crypto_skcipher *tfm, const u8 *key, 8362306a36Sopenharmony_ci unsigned int keylen) 8462306a36Sopenharmony_ci{ 8562306a36Sopenharmony_ci return aria_set_key(&tfm->base, key, keylen); 8662306a36Sopenharmony_ci} 8762306a36Sopenharmony_ci 8862306a36Sopenharmony_cistatic int aria_avx2_ctr_encrypt(struct skcipher_request *req) 8962306a36Sopenharmony_ci{ 9062306a36Sopenharmony_ci struct aria_avx2_request_ctx *req_ctx = skcipher_request_ctx(req); 9162306a36Sopenharmony_ci struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 9262306a36Sopenharmony_ci struct aria_ctx *ctx = crypto_skcipher_ctx(tfm); 9362306a36Sopenharmony_ci struct skcipher_walk walk; 9462306a36Sopenharmony_ci unsigned int nbytes; 9562306a36Sopenharmony_ci int err; 9662306a36Sopenharmony_ci 9762306a36Sopenharmony_ci err = skcipher_walk_virt(&walk, req, false); 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_ci while ((nbytes = walk.nbytes) > 0) { 10062306a36Sopenharmony_ci const u8 *src = walk.src.virt.addr; 10162306a36Sopenharmony_ci u8 *dst = walk.dst.virt.addr; 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ci while (nbytes >= ARIA_AESNI_AVX2_PARALLEL_BLOCK_SIZE) { 10462306a36Sopenharmony_ci kernel_fpu_begin(); 10562306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_32way(ctx, dst, src, 10662306a36Sopenharmony_ci &req_ctx->keystream[0], 10762306a36Sopenharmony_ci walk.iv); 10862306a36Sopenharmony_ci kernel_fpu_end(); 10962306a36Sopenharmony_ci dst += ARIA_AESNI_AVX2_PARALLEL_BLOCK_SIZE; 11062306a36Sopenharmony_ci src += ARIA_AESNI_AVX2_PARALLEL_BLOCK_SIZE; 11162306a36Sopenharmony_ci nbytes -= ARIA_AESNI_AVX2_PARALLEL_BLOCK_SIZE; 11262306a36Sopenharmony_ci } 11362306a36Sopenharmony_ci 11462306a36Sopenharmony_ci while (nbytes >= ARIA_AESNI_PARALLEL_BLOCK_SIZE) { 11562306a36Sopenharmony_ci kernel_fpu_begin(); 11662306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_16way(ctx, dst, src, 11762306a36Sopenharmony_ci &req_ctx->keystream[0], 11862306a36Sopenharmony_ci walk.iv); 11962306a36Sopenharmony_ci kernel_fpu_end(); 12062306a36Sopenharmony_ci dst += ARIA_AESNI_PARALLEL_BLOCK_SIZE; 12162306a36Sopenharmony_ci src += ARIA_AESNI_PARALLEL_BLOCK_SIZE; 12262306a36Sopenharmony_ci nbytes -= ARIA_AESNI_PARALLEL_BLOCK_SIZE; 12362306a36Sopenharmony_ci } 12462306a36Sopenharmony_ci 12562306a36Sopenharmony_ci while (nbytes >= ARIA_BLOCK_SIZE) { 12662306a36Sopenharmony_ci memcpy(&req_ctx->keystream[0], walk.iv, ARIA_BLOCK_SIZE); 12762306a36Sopenharmony_ci crypto_inc(walk.iv, ARIA_BLOCK_SIZE); 12862306a36Sopenharmony_ci 12962306a36Sopenharmony_ci aria_encrypt(ctx, &req_ctx->keystream[0], 13062306a36Sopenharmony_ci &req_ctx->keystream[0]); 13162306a36Sopenharmony_ci 13262306a36Sopenharmony_ci crypto_xor_cpy(dst, src, &req_ctx->keystream[0], 13362306a36Sopenharmony_ci ARIA_BLOCK_SIZE); 13462306a36Sopenharmony_ci dst += ARIA_BLOCK_SIZE; 13562306a36Sopenharmony_ci src += ARIA_BLOCK_SIZE; 13662306a36Sopenharmony_ci nbytes -= ARIA_BLOCK_SIZE; 13762306a36Sopenharmony_ci } 13862306a36Sopenharmony_ci 13962306a36Sopenharmony_ci if (walk.nbytes == walk.total && nbytes > 0) { 14062306a36Sopenharmony_ci memcpy(&req_ctx->keystream[0], walk.iv, 14162306a36Sopenharmony_ci ARIA_BLOCK_SIZE); 14262306a36Sopenharmony_ci crypto_inc(walk.iv, ARIA_BLOCK_SIZE); 14362306a36Sopenharmony_ci 14462306a36Sopenharmony_ci aria_encrypt(ctx, &req_ctx->keystream[0], 14562306a36Sopenharmony_ci &req_ctx->keystream[0]); 14662306a36Sopenharmony_ci 14762306a36Sopenharmony_ci crypto_xor_cpy(dst, src, &req_ctx->keystream[0], 14862306a36Sopenharmony_ci nbytes); 14962306a36Sopenharmony_ci dst += nbytes; 15062306a36Sopenharmony_ci src += nbytes; 15162306a36Sopenharmony_ci nbytes = 0; 15262306a36Sopenharmony_ci } 15362306a36Sopenharmony_ci err = skcipher_walk_done(&walk, nbytes); 15462306a36Sopenharmony_ci } 15562306a36Sopenharmony_ci 15662306a36Sopenharmony_ci return err; 15762306a36Sopenharmony_ci} 15862306a36Sopenharmony_ci 15962306a36Sopenharmony_cistatic int aria_avx2_init_tfm(struct crypto_skcipher *tfm) 16062306a36Sopenharmony_ci{ 16162306a36Sopenharmony_ci crypto_skcipher_set_reqsize(tfm, sizeof(struct aria_avx2_request_ctx)); 16262306a36Sopenharmony_ci 16362306a36Sopenharmony_ci return 0; 16462306a36Sopenharmony_ci} 16562306a36Sopenharmony_ci 16662306a36Sopenharmony_cistatic struct skcipher_alg aria_algs[] = { 16762306a36Sopenharmony_ci { 16862306a36Sopenharmony_ci .base.cra_name = "__ecb(aria)", 16962306a36Sopenharmony_ci .base.cra_driver_name = "__ecb-aria-avx2", 17062306a36Sopenharmony_ci .base.cra_priority = 500, 17162306a36Sopenharmony_ci .base.cra_flags = CRYPTO_ALG_INTERNAL, 17262306a36Sopenharmony_ci .base.cra_blocksize = ARIA_BLOCK_SIZE, 17362306a36Sopenharmony_ci .base.cra_ctxsize = sizeof(struct aria_ctx), 17462306a36Sopenharmony_ci .base.cra_module = THIS_MODULE, 17562306a36Sopenharmony_ci .min_keysize = ARIA_MIN_KEY_SIZE, 17662306a36Sopenharmony_ci .max_keysize = ARIA_MAX_KEY_SIZE, 17762306a36Sopenharmony_ci .setkey = aria_avx2_set_key, 17862306a36Sopenharmony_ci .encrypt = aria_avx2_ecb_encrypt, 17962306a36Sopenharmony_ci .decrypt = aria_avx2_ecb_decrypt, 18062306a36Sopenharmony_ci }, { 18162306a36Sopenharmony_ci .base.cra_name = "__ctr(aria)", 18262306a36Sopenharmony_ci .base.cra_driver_name = "__ctr-aria-avx2", 18362306a36Sopenharmony_ci .base.cra_priority = 500, 18462306a36Sopenharmony_ci .base.cra_flags = CRYPTO_ALG_INTERNAL | 18562306a36Sopenharmony_ci CRYPTO_ALG_SKCIPHER_REQSIZE_LARGE, 18662306a36Sopenharmony_ci .base.cra_blocksize = 1, 18762306a36Sopenharmony_ci .base.cra_ctxsize = sizeof(struct aria_ctx), 18862306a36Sopenharmony_ci .base.cra_module = THIS_MODULE, 18962306a36Sopenharmony_ci .min_keysize = ARIA_MIN_KEY_SIZE, 19062306a36Sopenharmony_ci .max_keysize = ARIA_MAX_KEY_SIZE, 19162306a36Sopenharmony_ci .ivsize = ARIA_BLOCK_SIZE, 19262306a36Sopenharmony_ci .chunksize = ARIA_BLOCK_SIZE, 19362306a36Sopenharmony_ci .setkey = aria_avx2_set_key, 19462306a36Sopenharmony_ci .encrypt = aria_avx2_ctr_encrypt, 19562306a36Sopenharmony_ci .decrypt = aria_avx2_ctr_encrypt, 19662306a36Sopenharmony_ci .init = aria_avx2_init_tfm, 19762306a36Sopenharmony_ci } 19862306a36Sopenharmony_ci}; 19962306a36Sopenharmony_ci 20062306a36Sopenharmony_cistatic struct simd_skcipher_alg *aria_simd_algs[ARRAY_SIZE(aria_algs)]; 20162306a36Sopenharmony_ci 20262306a36Sopenharmony_cistatic int __init aria_avx2_init(void) 20362306a36Sopenharmony_ci{ 20462306a36Sopenharmony_ci const char *feature_name; 20562306a36Sopenharmony_ci 20662306a36Sopenharmony_ci if (!boot_cpu_has(X86_FEATURE_AVX) || 20762306a36Sopenharmony_ci !boot_cpu_has(X86_FEATURE_AVX2) || 20862306a36Sopenharmony_ci !boot_cpu_has(X86_FEATURE_AES) || 20962306a36Sopenharmony_ci !boot_cpu_has(X86_FEATURE_OSXSAVE)) { 21062306a36Sopenharmony_ci pr_info("AVX2 or AES-NI instructions are not detected.\n"); 21162306a36Sopenharmony_ci return -ENODEV; 21262306a36Sopenharmony_ci } 21362306a36Sopenharmony_ci 21462306a36Sopenharmony_ci if (!cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, 21562306a36Sopenharmony_ci &feature_name)) { 21662306a36Sopenharmony_ci pr_info("CPU feature '%s' is not supported.\n", feature_name); 21762306a36Sopenharmony_ci return -ENODEV; 21862306a36Sopenharmony_ci } 21962306a36Sopenharmony_ci 22062306a36Sopenharmony_ci if (boot_cpu_has(X86_FEATURE_GFNI) && IS_ENABLED(CONFIG_AS_GFNI)) { 22162306a36Sopenharmony_ci aria_ops.aria_encrypt_16way = aria_aesni_avx_gfni_encrypt_16way; 22262306a36Sopenharmony_ci aria_ops.aria_decrypt_16way = aria_aesni_avx_gfni_decrypt_16way; 22362306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_16way = aria_aesni_avx_gfni_ctr_crypt_16way; 22462306a36Sopenharmony_ci aria_ops.aria_encrypt_32way = aria_aesni_avx2_gfni_encrypt_32way; 22562306a36Sopenharmony_ci aria_ops.aria_decrypt_32way = aria_aesni_avx2_gfni_decrypt_32way; 22662306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_32way = aria_aesni_avx2_gfni_ctr_crypt_32way; 22762306a36Sopenharmony_ci } else { 22862306a36Sopenharmony_ci aria_ops.aria_encrypt_16way = aria_aesni_avx_encrypt_16way; 22962306a36Sopenharmony_ci aria_ops.aria_decrypt_16way = aria_aesni_avx_decrypt_16way; 23062306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_16way = aria_aesni_avx_ctr_crypt_16way; 23162306a36Sopenharmony_ci aria_ops.aria_encrypt_32way = aria_aesni_avx2_encrypt_32way; 23262306a36Sopenharmony_ci aria_ops.aria_decrypt_32way = aria_aesni_avx2_decrypt_32way; 23362306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_32way = aria_aesni_avx2_ctr_crypt_32way; 23462306a36Sopenharmony_ci } 23562306a36Sopenharmony_ci 23662306a36Sopenharmony_ci return simd_register_skciphers_compat(aria_algs, 23762306a36Sopenharmony_ci ARRAY_SIZE(aria_algs), 23862306a36Sopenharmony_ci aria_simd_algs); 23962306a36Sopenharmony_ci} 24062306a36Sopenharmony_ci 24162306a36Sopenharmony_cistatic void __exit aria_avx2_exit(void) 24262306a36Sopenharmony_ci{ 24362306a36Sopenharmony_ci simd_unregister_skciphers(aria_algs, ARRAY_SIZE(aria_algs), 24462306a36Sopenharmony_ci aria_simd_algs); 24562306a36Sopenharmony_ci} 24662306a36Sopenharmony_ci 24762306a36Sopenharmony_cimodule_init(aria_avx2_init); 24862306a36Sopenharmony_cimodule_exit(aria_avx2_exit); 24962306a36Sopenharmony_ci 25062306a36Sopenharmony_ciMODULE_LICENSE("GPL"); 25162306a36Sopenharmony_ciMODULE_AUTHOR("Taehee Yoo <ap420073@gmail.com>"); 25262306a36Sopenharmony_ciMODULE_DESCRIPTION("ARIA Cipher Algorithm, AVX2/AES-NI/GFNI optimized"); 25362306a36Sopenharmony_ciMODULE_ALIAS_CRYPTO("aria"); 25462306a36Sopenharmony_ciMODULE_ALIAS_CRYPTO("aria-aesni-avx2"); 255