Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src-draft/trunk]: src/sys Add x86 AES-NI support.



details:   https://anonhg.NetBSD.org/src-all/rev/176f67abb39a
branches:  trunk
changeset: 934469:176f67abb39a
user:      Taylor R Campbell <riastradh%NetBSD.org@localhost>
date:      Fri Jun 12 05:21:35 2020 +0000

description:
Add x86 AES-NI support.

diffstat:

 sys/arch/amd64/conf/files.amd64        |     3 +
 sys/arch/x86/x86/identcpu.c            |     4 +
 sys/crypto/aes/arch/x86_64/aes_ni.c    |   196 +++++
 sys/crypto/aes/arch/x86_64/aes_ni.h    |    68 +
 sys/crypto/aes/arch/x86_64/aesnifunc.S |  1102 ++++++++++++++++++++++++++++++++
 sys/crypto/aes/arch/x86_64/files.aesni |     4 +
 6 files changed, 1377 insertions(+), 0 deletions(-)

diffs (truncated from 1418 to 300 lines):

diff -r 48cce71cba85 -r 176f67abb39a sys/arch/amd64/conf/files.amd64
--- a/sys/arch/amd64/conf/files.amd64   Fri Jun 12 05:16:46 2020 +0000
+++ b/sys/arch/amd64/conf/files.amd64   Fri Jun 12 05:21:35 2020 +0000
@@ -193,4 +193,7 @@
 attach vmbus at acpinodebus with vmbus_acpi
 file   dev/acpi/vmbus_acpi.c                   vmbus_acpi
 
+# AES-NI
+include "crypto/aes/arch/x86_64/files.aesni"
+
 include        "arch/amd64/conf/majors.amd64"
diff -r 48cce71cba85 -r 176f67abb39a sys/arch/x86/x86/identcpu.c
--- a/sys/arch/x86/x86/identcpu.c       Fri Jun 12 05:16:46 2020 +0000
+++ b/sys/arch/x86/x86/identcpu.c       Fri Jun 12 05:21:35 2020 +0000
@@ -39,6 +39,8 @@
 #include <sys/device.h>
 #include <sys/cpu.h>
 
+#include <crypto/aes/arch/x86_64/aes_ni.h>
+
 #include <uvm/uvm_extern.h>
 
 #include <machine/specialreg.h>
@@ -995,6 +997,8 @@
                /* Early patch of text segment. */
                x86_patch(true);
 #endif
+               if (cpu_feature[1] & CPUID2_AES)
+                       aes_md_init(&aes_ni_impl);
        } else {
                /*
                 * If not first. Warn about cpu_feature mismatch for
diff -r 48cce71cba85 -r 176f67abb39a sys/crypto/aes/arch/x86_64/aes_ni.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/crypto/aes/arch/x86_64/aes_ni.c       Fri Jun 12 05:21:35 2020 +0000
@@ -0,0 +1,196 @@
+/*     $NetBSD$        */
+
+/*-
+ * Copyright (c) 2020 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(1, "$NetBSD$");
+
+#include <sys/types.h>
+#include <sys/systm.h>
+
+#include <crypto/aes/aes.h>
+#include <crypto/aes/arch/x86_64/aes_ni.h>
+
+#include <x86/cpuvar.h>
+#include <x86/fpu.h>
+#include <x86/specialreg.h>
+
+static void
+aesni_setenckey(struct aesenc *enc, const uint8_t key[static 16],
+    uint32_t nrounds)
+{
+
+       switch (nrounds) {
+       case 10:
+               aesni_setenckey128(enc, key);
+               break;
+       case 12:
+               aesni_setenckey192(enc, key);
+               break;
+       case 14:
+               aesni_setenckey256(enc, key);
+               break;
+       default:
+               panic("invalid AES rounds: %u", nrounds);
+       }
+}
+
+static void
+aesni_setdeckey(struct aesdec *dec, const uint8_t key[static 16],
+    uint32_t nrounds)
+{
+       struct aesenc enc;
+
+       aesni_setenckey(&enc, key, nrounds);
+       aesni_enctodec(&enc, dec, nrounds);
+       explicit_memset(&enc, 0, sizeof enc);
+}
+
+static void
+aesni_cbc_dec(const struct aesdec *dec, const uint8_t in[static 16],
+    uint8_t out[static 16], size_t nbytes, uint8_t iv[static 16],
+    uint32_t nrounds)
+{
+
+       KASSERT(nbytes % 16 == 0);
+
+       if (nbytes % 128) {
+               aesni_cbc_dec1(dec, in, out, nbytes % 128, iv, nrounds);
+               in += nbytes % 128;
+               out += nbytes % 128;
+               nbytes -= nbytes % 128;
+       }
+
+       KASSERT(nbytes % 128 == 0);
+       if (nbytes)
+               aesni_cbc_dec8(dec, in, out, nbytes, iv, nrounds);
+}
+
+static void
+aesni_xts_enc(const struct aesenc *enc, const uint8_t in[static 16],
+    uint8_t out[static 16], size_t nbytes, uint8_t iv[static 16],
+    uint32_t nrounds)
+{
+
+       KASSERT(nbytes % 16 == 0);
+
+       if (nbytes % 128) {
+               aesni_xts_enc1(enc, in, out, nbytes % 128, iv, nrounds);
+               in += nbytes % 128;
+               out += nbytes % 128;
+               nbytes -= nbytes % 128;
+       }
+
+       KASSERT(nbytes % 128 == 0);
+       if (nbytes)
+               aesni_xts_enc8(enc, in, out, nbytes, iv, nrounds);
+}
+
+static void
+aesni_xts_dec(const struct aesdec *dec, const uint8_t in[static 16],
+    uint8_t out[static 16], size_t nbytes, uint8_t iv[static 16],
+    uint32_t nrounds)
+{
+
+       KASSERT(nbytes % 16 == 0);
+
+       if (nbytes % 128) {
+               aesni_xts_dec1(dec, in, out, nbytes % 128, iv, nrounds);
+               in += nbytes % 128;
+               out += nbytes % 128;
+               nbytes -= nbytes % 128;
+       }
+
+       KASSERT(nbytes % 128 == 0);
+       if (nbytes)
+               aesni_xts_dec8(dec, in, out, nbytes, iv, nrounds);
+}
+
+static int
+aesni_xts_update_selftest(void)
+{
+       static const struct {
+               uint8_t in[16], out[16];
+       } cases[] = {
+               {{1}, {2}},
+               {{0,0,0,0x80}, {0,0,0,0,1}},
+               {{0,0,0,0,0,0,0,0x80}, {0,0,0,0,0,0,0,0,1}},
+               {{0,0,0,0x80,0,0,0,0x80}, {0,0,0,0,1,0,0,0,1}},
+               {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x80}, {0x87}},
+               {{0,0,0,0,0,0,0,0x80,0,0,0,0,0,0,0,0x80},
+                {0x87,0,0,0,0,0,0,0,1}},
+               {{0,0,0,0x80,0,0,0,0,0,0,0,0,0,0,0,0x80}, {0x87,0,0,0,1}},
+               {{0,0,0,0x80,0,0,0,0x80,0,0,0,0,0,0,0,0x80},
+                {0x87,0,0,0,1,0,0,0,1}},
+       };
+       unsigned i;
+       uint8_t tweak[16];
+
+       for (i = 0; i < sizeof(cases)/sizeof(cases[0]); i++) {
+               aesni_xts_update(cases[i].in, tweak);
+               if (memcmp(tweak, cases[i].out, 16))
+                       return -1;
+       }
+
+       /* Success!  */
+       return 0;
+}
+
+static int
+aesni_probe(void)
+{
+       int result = 0;
+
+       /* Verify that the CPU supports AES-NI.  */
+       if ((cpu_feature[1] & CPUID2_AES) == 0)
+               return -1;
+
+       fpu_kern_enter();
+
+       /* Verify that our XTS tweak update logic works.  */
+       if (aesni_xts_update_selftest())
+               result = -1;
+
+       fpu_kern_leave();
+
+       return result;
+}
+
+struct aes_impl aes_ni_impl = {
+       .ai_name = "Intel AES-NI",
+       .ai_probe = aesni_probe,
+       .ai_enter = fpu_kern_enter,
+       .ai_leave = fpu_kern_leave,
+       .ai_setenckey = aesni_setenckey,
+       .ai_setdeckey = aesni_setdeckey,
+       .ai_enc = aesni_enc,
+       .ai_dec = aesni_dec,
+       .ai_cbc_enc = aesni_cbc_enc,
+       .ai_cbc_dec = aesni_cbc_dec,
+       .ai_xts_enc = aesni_xts_enc,
+       .ai_xts_dec = aesni_xts_dec,
+};
diff -r 48cce71cba85 -r 176f67abb39a sys/crypto/aes/arch/x86_64/aes_ni.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/crypto/aes/arch/x86_64/aes_ni.h       Fri Jun 12 05:21:35 2020 +0000
@@ -0,0 +1,68 @@
+/*     $NetBSD$        */
+
+/*-
+ * Copyright (c) 2020 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef        _CRYPTO_AES_AES_ARCH_X86_64_AES_NI_H
+#define        _CRYPTO_AES_AES_ARCH_X86_64_AES_NI_H
+
+#include <sys/types.h>
+
+#include <crypto/aes/aes.h>
+
+/* Assembly routines */
+
+void   aesni_setenckey128(struct aesenc *, const uint8_t[static 16]);
+void   aesni_setenckey192(struct aesenc *, const uint8_t[static 24]);
+void   aesni_setenckey256(struct aesenc *, const uint8_t[static 32]);
+
+void   aesni_enctodec(const struct aesenc *, struct aesdec *, uint32_t);
+
+void   aesni_enc(const struct aesenc *, const uint8_t[static 16],
+           uint8_t[static 16], uint32_t);
+void   aesni_dec(const struct aesdec *, const uint8_t[static 16],
+           uint8_t[static 16], uint32_t);
+
+void   aesni_cbc_enc(const struct aesenc *, const uint8_t[static 16],
+           uint8_t[static 16], size_t, uint8_t[static 16], uint32_t);
+void   aesni_cbc_dec1(const struct aesdec *, const uint8_t[static 16],
+           uint8_t[static 16], size_t, const uint8_t[static 16], uint32_t);
+void   aesni_cbc_dec8(const struct aesdec *, const uint8_t[static 128],
+           uint8_t[static 128], size_t, const uint8_t[static 16], uint32_t);
+
+void   aesni_xts_enc1(const struct aesenc *, const uint8_t[static 16],
+           uint8_t[static 16], size_t, uint8_t[static 16], uint32_t);
+void   aesni_xts_enc8(const struct aesenc *, const uint8_t[static 128],
+           uint8_t[static 128], size_t, uint8_t[static 16], uint32_t);
+void   aesni_xts_dec1(const struct aesdec *, const uint8_t[static 16],
+           uint8_t[static 16], size_t, uint8_t[static 16], uint32_t);
+void   aesni_xts_dec8(const struct aesdec *, const uint8_t[static 128],
+           uint8_t[static 128], size_t, uint8_t[static 16], uint32_t);
+void   aesni_xts_update(const uint8_t[static 16], uint8_t[static 16]);



Home | Main Index | Thread Index | Old Index