162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0-or-later */ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Glue Code for the AVX512/GFNI assembler implementation of the ARIA Cipher 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (c) 2022 Taehee Yoo <ap420073@gmail.com> 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#include <crypto/algapi.h> 962306a36Sopenharmony_ci#include <crypto/internal/simd.h> 1062306a36Sopenharmony_ci#include <crypto/aria.h> 1162306a36Sopenharmony_ci#include <linux/crypto.h> 1262306a36Sopenharmony_ci#include <linux/err.h> 1362306a36Sopenharmony_ci#include <linux/module.h> 1462306a36Sopenharmony_ci#include <linux/types.h> 1562306a36Sopenharmony_ci 1662306a36Sopenharmony_ci#include "ecb_cbc_helpers.h" 1762306a36Sopenharmony_ci#include "aria-avx.h" 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ciasmlinkage void aria_gfni_avx512_encrypt_64way(const void *ctx, u8 *dst, 2062306a36Sopenharmony_ci const u8 *src); 2162306a36Sopenharmony_ciasmlinkage void aria_gfni_avx512_decrypt_64way(const void *ctx, u8 *dst, 2262306a36Sopenharmony_ci const u8 *src); 2362306a36Sopenharmony_ciasmlinkage void aria_gfni_avx512_ctr_crypt_64way(const void *ctx, u8 *dst, 2462306a36Sopenharmony_ci const u8 *src, 2562306a36Sopenharmony_ci u8 *keystream, u8 *iv); 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_cistatic struct aria_avx_ops aria_ops; 2862306a36Sopenharmony_ci 2962306a36Sopenharmony_cistruct aria_avx512_request_ctx { 3062306a36Sopenharmony_ci u8 keystream[ARIA_GFNI_AVX512_PARALLEL_BLOCK_SIZE]; 3162306a36Sopenharmony_ci}; 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_cistatic int ecb_do_encrypt(struct skcipher_request *req, const u32 *rkey) 3462306a36Sopenharmony_ci{ 3562306a36Sopenharmony_ci ECB_WALK_START(req, ARIA_BLOCK_SIZE, ARIA_AESNI_PARALLEL_BLOCKS); 3662306a36Sopenharmony_ci ECB_BLOCK(ARIA_GFNI_AVX512_PARALLEL_BLOCKS, aria_ops.aria_encrypt_64way); 3762306a36Sopenharmony_ci ECB_BLOCK(ARIA_AESNI_AVX2_PARALLEL_BLOCKS, aria_ops.aria_encrypt_32way); 3862306a36Sopenharmony_ci ECB_BLOCK(ARIA_AESNI_PARALLEL_BLOCKS, aria_ops.aria_encrypt_16way); 3962306a36Sopenharmony_ci ECB_BLOCK(1, aria_encrypt); 4062306a36Sopenharmony_ci ECB_WALK_END(); 4162306a36Sopenharmony_ci} 4262306a36Sopenharmony_ci 4362306a36Sopenharmony_cistatic int ecb_do_decrypt(struct skcipher_request *req, const u32 *rkey) 4462306a36Sopenharmony_ci{ 4562306a36Sopenharmony_ci ECB_WALK_START(req, ARIA_BLOCK_SIZE, ARIA_AESNI_PARALLEL_BLOCKS); 4662306a36Sopenharmony_ci ECB_BLOCK(ARIA_GFNI_AVX512_PARALLEL_BLOCKS, aria_ops.aria_decrypt_64way); 4762306a36Sopenharmony_ci ECB_BLOCK(ARIA_AESNI_AVX2_PARALLEL_BLOCKS, aria_ops.aria_decrypt_32way); 4862306a36Sopenharmony_ci ECB_BLOCK(ARIA_AESNI_PARALLEL_BLOCKS, aria_ops.aria_decrypt_16way); 4962306a36Sopenharmony_ci ECB_BLOCK(1, aria_decrypt); 5062306a36Sopenharmony_ci ECB_WALK_END(); 5162306a36Sopenharmony_ci} 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_cistatic int aria_avx512_ecb_encrypt(struct skcipher_request *req) 5462306a36Sopenharmony_ci{ 5562306a36Sopenharmony_ci struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 5662306a36Sopenharmony_ci struct aria_ctx *ctx = crypto_skcipher_ctx(tfm); 5762306a36Sopenharmony_ci 5862306a36Sopenharmony_ci return ecb_do_encrypt(req, ctx->enc_key[0]); 5962306a36Sopenharmony_ci} 6062306a36Sopenharmony_ci 6162306a36Sopenharmony_cistatic int aria_avx512_ecb_decrypt(struct skcipher_request *req) 6262306a36Sopenharmony_ci{ 6362306a36Sopenharmony_ci struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 6462306a36Sopenharmony_ci struct aria_ctx *ctx = crypto_skcipher_ctx(tfm); 6562306a36Sopenharmony_ci 6662306a36Sopenharmony_ci return ecb_do_decrypt(req, ctx->dec_key[0]); 6762306a36Sopenharmony_ci} 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_cistatic int aria_avx512_set_key(struct crypto_skcipher *tfm, const u8 *key, 7062306a36Sopenharmony_ci unsigned int keylen) 7162306a36Sopenharmony_ci{ 7262306a36Sopenharmony_ci return aria_set_key(&tfm->base, key, keylen); 7362306a36Sopenharmony_ci} 7462306a36Sopenharmony_ci 7562306a36Sopenharmony_cistatic int aria_avx512_ctr_encrypt(struct skcipher_request *req) 7662306a36Sopenharmony_ci{ 7762306a36Sopenharmony_ci struct aria_avx512_request_ctx *req_ctx = skcipher_request_ctx(req); 7862306a36Sopenharmony_ci struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 7962306a36Sopenharmony_ci struct aria_ctx *ctx = crypto_skcipher_ctx(tfm); 8062306a36Sopenharmony_ci struct skcipher_walk walk; 8162306a36Sopenharmony_ci unsigned int nbytes; 8262306a36Sopenharmony_ci int err; 8362306a36Sopenharmony_ci 8462306a36Sopenharmony_ci err = skcipher_walk_virt(&walk, req, false); 8562306a36Sopenharmony_ci 8662306a36Sopenharmony_ci while ((nbytes = walk.nbytes) > 0) { 8762306a36Sopenharmony_ci const u8 *src = walk.src.virt.addr; 8862306a36Sopenharmony_ci u8 *dst = walk.dst.virt.addr; 8962306a36Sopenharmony_ci 9062306a36Sopenharmony_ci while (nbytes >= ARIA_GFNI_AVX512_PARALLEL_BLOCK_SIZE) { 9162306a36Sopenharmony_ci kernel_fpu_begin(); 9262306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_64way(ctx, dst, src, 9362306a36Sopenharmony_ci &req_ctx->keystream[0], 9462306a36Sopenharmony_ci walk.iv); 9562306a36Sopenharmony_ci kernel_fpu_end(); 9662306a36Sopenharmony_ci dst += ARIA_GFNI_AVX512_PARALLEL_BLOCK_SIZE; 9762306a36Sopenharmony_ci src += ARIA_GFNI_AVX512_PARALLEL_BLOCK_SIZE; 9862306a36Sopenharmony_ci nbytes -= ARIA_GFNI_AVX512_PARALLEL_BLOCK_SIZE; 9962306a36Sopenharmony_ci } 10062306a36Sopenharmony_ci 10162306a36Sopenharmony_ci while (nbytes >= ARIA_AESNI_AVX2_PARALLEL_BLOCK_SIZE) { 10262306a36Sopenharmony_ci kernel_fpu_begin(); 10362306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_32way(ctx, dst, src, 10462306a36Sopenharmony_ci &req_ctx->keystream[0], 10562306a36Sopenharmony_ci walk.iv); 10662306a36Sopenharmony_ci kernel_fpu_end(); 10762306a36Sopenharmony_ci dst += ARIA_AESNI_AVX2_PARALLEL_BLOCK_SIZE; 10862306a36Sopenharmony_ci src += ARIA_AESNI_AVX2_PARALLEL_BLOCK_SIZE; 10962306a36Sopenharmony_ci nbytes -= ARIA_AESNI_AVX2_PARALLEL_BLOCK_SIZE; 11062306a36Sopenharmony_ci } 11162306a36Sopenharmony_ci 11262306a36Sopenharmony_ci while (nbytes >= ARIA_AESNI_PARALLEL_BLOCK_SIZE) { 11362306a36Sopenharmony_ci kernel_fpu_begin(); 11462306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_16way(ctx, dst, src, 11562306a36Sopenharmony_ci &req_ctx->keystream[0], 11662306a36Sopenharmony_ci walk.iv); 11762306a36Sopenharmony_ci kernel_fpu_end(); 11862306a36Sopenharmony_ci dst += ARIA_AESNI_PARALLEL_BLOCK_SIZE; 11962306a36Sopenharmony_ci src += ARIA_AESNI_PARALLEL_BLOCK_SIZE; 12062306a36Sopenharmony_ci nbytes -= ARIA_AESNI_PARALLEL_BLOCK_SIZE; 12162306a36Sopenharmony_ci } 12262306a36Sopenharmony_ci 12362306a36Sopenharmony_ci while (nbytes >= ARIA_BLOCK_SIZE) { 12462306a36Sopenharmony_ci memcpy(&req_ctx->keystream[0], walk.iv, 12562306a36Sopenharmony_ci ARIA_BLOCK_SIZE); 12662306a36Sopenharmony_ci crypto_inc(walk.iv, ARIA_BLOCK_SIZE); 12762306a36Sopenharmony_ci 12862306a36Sopenharmony_ci aria_encrypt(ctx, &req_ctx->keystream[0], 12962306a36Sopenharmony_ci &req_ctx->keystream[0]); 13062306a36Sopenharmony_ci 13162306a36Sopenharmony_ci crypto_xor_cpy(dst, src, &req_ctx->keystream[0], 13262306a36Sopenharmony_ci ARIA_BLOCK_SIZE); 13362306a36Sopenharmony_ci dst += ARIA_BLOCK_SIZE; 13462306a36Sopenharmony_ci src += ARIA_BLOCK_SIZE; 13562306a36Sopenharmony_ci nbytes -= ARIA_BLOCK_SIZE; 13662306a36Sopenharmony_ci } 13762306a36Sopenharmony_ci 13862306a36Sopenharmony_ci if (walk.nbytes == walk.total && nbytes > 0) { 13962306a36Sopenharmony_ci memcpy(&req_ctx->keystream[0], walk.iv, 14062306a36Sopenharmony_ci ARIA_BLOCK_SIZE); 14162306a36Sopenharmony_ci crypto_inc(walk.iv, ARIA_BLOCK_SIZE); 14262306a36Sopenharmony_ci 14362306a36Sopenharmony_ci aria_encrypt(ctx, &req_ctx->keystream[0], 14462306a36Sopenharmony_ci &req_ctx->keystream[0]); 14562306a36Sopenharmony_ci 14662306a36Sopenharmony_ci crypto_xor_cpy(dst, src, &req_ctx->keystream[0], 14762306a36Sopenharmony_ci nbytes); 14862306a36Sopenharmony_ci dst += nbytes; 14962306a36Sopenharmony_ci src += nbytes; 15062306a36Sopenharmony_ci nbytes = 0; 15162306a36Sopenharmony_ci } 15262306a36Sopenharmony_ci err = skcipher_walk_done(&walk, nbytes); 15362306a36Sopenharmony_ci } 15462306a36Sopenharmony_ci 15562306a36Sopenharmony_ci return err; 15662306a36Sopenharmony_ci} 15762306a36Sopenharmony_ci 15862306a36Sopenharmony_cistatic int aria_avx512_init_tfm(struct crypto_skcipher *tfm) 15962306a36Sopenharmony_ci{ 16062306a36Sopenharmony_ci crypto_skcipher_set_reqsize(tfm, 16162306a36Sopenharmony_ci sizeof(struct aria_avx512_request_ctx)); 16262306a36Sopenharmony_ci 16362306a36Sopenharmony_ci return 0; 16462306a36Sopenharmony_ci} 16562306a36Sopenharmony_ci 16662306a36Sopenharmony_cistatic struct skcipher_alg aria_algs[] = { 16762306a36Sopenharmony_ci { 16862306a36Sopenharmony_ci .base.cra_name = "__ecb(aria)", 16962306a36Sopenharmony_ci .base.cra_driver_name = "__ecb-aria-avx512", 17062306a36Sopenharmony_ci .base.cra_priority = 600, 17162306a36Sopenharmony_ci .base.cra_flags = CRYPTO_ALG_INTERNAL, 17262306a36Sopenharmony_ci .base.cra_blocksize = ARIA_BLOCK_SIZE, 17362306a36Sopenharmony_ci .base.cra_ctxsize = sizeof(struct aria_ctx), 17462306a36Sopenharmony_ci .base.cra_module = THIS_MODULE, 17562306a36Sopenharmony_ci .min_keysize = ARIA_MIN_KEY_SIZE, 17662306a36Sopenharmony_ci .max_keysize = ARIA_MAX_KEY_SIZE, 17762306a36Sopenharmony_ci .setkey = aria_avx512_set_key, 17862306a36Sopenharmony_ci .encrypt = aria_avx512_ecb_encrypt, 17962306a36Sopenharmony_ci .decrypt = aria_avx512_ecb_decrypt, 18062306a36Sopenharmony_ci }, { 18162306a36Sopenharmony_ci .base.cra_name = "__ctr(aria)", 18262306a36Sopenharmony_ci .base.cra_driver_name = "__ctr-aria-avx512", 18362306a36Sopenharmony_ci .base.cra_priority = 600, 18462306a36Sopenharmony_ci .base.cra_flags = CRYPTO_ALG_INTERNAL | 18562306a36Sopenharmony_ci CRYPTO_ALG_SKCIPHER_REQSIZE_LARGE, 18662306a36Sopenharmony_ci .base.cra_blocksize = 1, 18762306a36Sopenharmony_ci .base.cra_ctxsize = sizeof(struct aria_ctx), 18862306a36Sopenharmony_ci .base.cra_module = THIS_MODULE, 18962306a36Sopenharmony_ci .min_keysize = ARIA_MIN_KEY_SIZE, 19062306a36Sopenharmony_ci .max_keysize = ARIA_MAX_KEY_SIZE, 19162306a36Sopenharmony_ci .ivsize = ARIA_BLOCK_SIZE, 19262306a36Sopenharmony_ci .chunksize = ARIA_BLOCK_SIZE, 19362306a36Sopenharmony_ci .setkey = aria_avx512_set_key, 19462306a36Sopenharmony_ci .encrypt = aria_avx512_ctr_encrypt, 19562306a36Sopenharmony_ci .decrypt = aria_avx512_ctr_encrypt, 19662306a36Sopenharmony_ci .init = aria_avx512_init_tfm, 19762306a36Sopenharmony_ci } 19862306a36Sopenharmony_ci}; 19962306a36Sopenharmony_ci 20062306a36Sopenharmony_cistatic struct simd_skcipher_alg *aria_simd_algs[ARRAY_SIZE(aria_algs)]; 20162306a36Sopenharmony_ci 20262306a36Sopenharmony_cistatic int __init aria_avx512_init(void) 20362306a36Sopenharmony_ci{ 20462306a36Sopenharmony_ci const char *feature_name; 20562306a36Sopenharmony_ci 20662306a36Sopenharmony_ci if (!boot_cpu_has(X86_FEATURE_AVX) || 20762306a36Sopenharmony_ci !boot_cpu_has(X86_FEATURE_AVX2) || 20862306a36Sopenharmony_ci !boot_cpu_has(X86_FEATURE_AVX512F) || 20962306a36Sopenharmony_ci !boot_cpu_has(X86_FEATURE_AVX512VL) || 21062306a36Sopenharmony_ci !boot_cpu_has(X86_FEATURE_GFNI) || 21162306a36Sopenharmony_ci !boot_cpu_has(X86_FEATURE_OSXSAVE)) { 21262306a36Sopenharmony_ci pr_info("AVX512/GFNI instructions are not detected.\n"); 21362306a36Sopenharmony_ci return -ENODEV; 21462306a36Sopenharmony_ci } 21562306a36Sopenharmony_ci 21662306a36Sopenharmony_ci if (!cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM | 21762306a36Sopenharmony_ci XFEATURE_MASK_AVX512, &feature_name)) { 21862306a36Sopenharmony_ci pr_info("CPU feature '%s' is not supported.\n", feature_name); 21962306a36Sopenharmony_ci return -ENODEV; 22062306a36Sopenharmony_ci } 22162306a36Sopenharmony_ci 22262306a36Sopenharmony_ci aria_ops.aria_encrypt_16way = aria_aesni_avx_gfni_encrypt_16way; 22362306a36Sopenharmony_ci aria_ops.aria_decrypt_16way = aria_aesni_avx_gfni_decrypt_16way; 22462306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_16way = aria_aesni_avx_gfni_ctr_crypt_16way; 22562306a36Sopenharmony_ci aria_ops.aria_encrypt_32way = aria_aesni_avx2_gfni_encrypt_32way; 22662306a36Sopenharmony_ci aria_ops.aria_decrypt_32way = aria_aesni_avx2_gfni_decrypt_32way; 22762306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_32way = aria_aesni_avx2_gfni_ctr_crypt_32way; 22862306a36Sopenharmony_ci aria_ops.aria_encrypt_64way = aria_gfni_avx512_encrypt_64way; 22962306a36Sopenharmony_ci aria_ops.aria_decrypt_64way = aria_gfni_avx512_decrypt_64way; 23062306a36Sopenharmony_ci aria_ops.aria_ctr_crypt_64way = aria_gfni_avx512_ctr_crypt_64way; 23162306a36Sopenharmony_ci 23262306a36Sopenharmony_ci return simd_register_skciphers_compat(aria_algs, 23362306a36Sopenharmony_ci ARRAY_SIZE(aria_algs), 23462306a36Sopenharmony_ci aria_simd_algs); 23562306a36Sopenharmony_ci} 23662306a36Sopenharmony_ci 23762306a36Sopenharmony_cistatic void __exit aria_avx512_exit(void) 23862306a36Sopenharmony_ci{ 23962306a36Sopenharmony_ci simd_unregister_skciphers(aria_algs, ARRAY_SIZE(aria_algs), 24062306a36Sopenharmony_ci aria_simd_algs); 24162306a36Sopenharmony_ci} 24262306a36Sopenharmony_ci 24362306a36Sopenharmony_cimodule_init(aria_avx512_init); 24462306a36Sopenharmony_cimodule_exit(aria_avx512_exit); 24562306a36Sopenharmony_ci 24662306a36Sopenharmony_ciMODULE_LICENSE("GPL"); 24762306a36Sopenharmony_ciMODULE_AUTHOR("Taehee Yoo <ap420073@gmail.com>"); 24862306a36Sopenharmony_ciMODULE_DESCRIPTION("ARIA Cipher Algorithm, AVX512/GFNI optimized"); 24962306a36Sopenharmony_ciMODULE_ALIAS_CRYPTO("aria"); 25062306a36Sopenharmony_ciMODULE_ALIAS_CRYPTO("aria-gfni-avx512"); 251