Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src-draft/trunk]: src/sys First pass at AES using ARMv8.0-AES on aarch64.
details: https://anonhg.NetBSD.org/src-all/rev/f77352473df7
branches: trunk
changeset: 934502:f77352473df7
user: Taylor R Campbell <riastradh%NetBSD.org@localhost>
date: Sat Jun 13 16:43:32 2020 +0000
description:
First pass at AES using ARMv8.0-AES on aarch64.
No vectorized CBC or XTS yet.
diffstat:
sys/arch/aarch64/aarch64/cpu.c | 24 +
sys/arch/aarch64/conf/files.aarch64 | 3 +
sys/crypto/aes/arch/aarch64/aes_arm.c | 247 ++++++++++++++
sys/crypto/aes/arch/aarch64/aes_arm.h | 51 ++
sys/crypto/aes/arch/aarch64/aesarmfunc.S | 541 +++++++++++++++++++++++++++++++
sys/crypto/aes/arch/aarch64/files.aesarm | 4 +
6 files changed, 870 insertions(+), 0 deletions(-)
diffs (truncated from 924 to 300 lines):
diff -r a5f62e32ec23 -r f77352473df7 sys/arch/aarch64/aarch64/cpu.c
--- a/sys/arch/aarch64/aarch64/cpu.c Thu Jun 04 03:23:00 2020 +0000
+++ b/sys/arch/aarch64/aarch64/cpu.c Sat Jun 13 16:43:32 2020 +0000
@@ -44,6 +44,8 @@
#include <sys/sysctl.h>
#include <sys/systm.h>
+#include <crypto/aes/arch/aarch64/aes_arm.h>
+
#include <aarch64/armreg.h>
#include <aarch64/cpu.h>
#include <aarch64/cpufunc.h>
@@ -70,6 +72,7 @@
static void cpu_setup_id(struct cpu_info *);
static void cpu_setup_sysctl(device_t, struct cpu_info *);
static void cpu_setup_rng(device_t, struct cpu_info *);
+static void cpu_setup_aes(device_t, struct cpu_info *);
#ifdef MULTIPROCESSOR
#define NCPUINFO MAXCPUS
@@ -158,6 +161,7 @@
cpu_setup_sysctl(dv, ci);
cpu_setup_rng(dv, ci);
+ cpu_setup_aes(dv, ci);
}
struct cpuidtab {
@@ -573,6 +577,26 @@
RND_FLAG_DEFAULT|RND_FLAG_HASCB);
}
+/*
+ * setup the AES implementation
+ */
+static void
+cpu_setup_aes(device_t dv, struct cpu_info *ci)
+{
+ struct aarch64_sysctl_cpu_id *id = &ci->ci_id;
+
+ /* Verify that it is supported. */
+ switch (__SHIFTOUT(id->ac_aa64isar0, ID_AA64ISAR0_EL1_AES)) {
+ case ID_AA64ISAR0_EL1_AES_AES:
+ case ID_AA64ISAR0_EL1_AES_PMUL:
+ break;
+ default:
+ return;
+ }
+
+ aes_md_init(&aes_arm_impl);
+}
+
#ifdef MULTIPROCESSOR
void
cpu_hatch(struct cpu_info *ci)
diff -r a5f62e32ec23 -r f77352473df7 sys/arch/aarch64/conf/files.aarch64
--- a/sys/arch/aarch64/conf/files.aarch64 Thu Jun 04 03:23:00 2020 +0000
+++ b/sys/arch/aarch64/conf/files.aarch64 Sat Jun 13 16:43:32 2020 +0000
@@ -138,3 +138,6 @@
# profiling support
file dev/tprof/tprof_armv8.c tprof needs-flag
+
+# AES
+include "crypto/aes/arch/aarch64/files.aesarm"
diff -r a5f62e32ec23 -r f77352473df7 sys/crypto/aes/arch/aarch64/aes_arm.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/crypto/aes/arch/aarch64/aes_arm.c Sat Jun 13 16:43:32 2020 +0000
@@ -0,0 +1,247 @@
+/* $NetBSD$ */
+
+/*-
+ * Copyright (c) 2020 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(1, "$NetBSD$");
+
+#include <sys/types.h>
+#include <sys/proc.h>
+#include <sys/systm.h>
+
+#include <crypto/aes/aes.h>
+#include <crypto/aes/arch/aarch64/aes_arm.h>
+
+#include <aarch64/machdep.h>
+
+static void
+aesarm_setenckey(struct aesenc *enc, const uint8_t key[static 16],
+ uint32_t nrounds)
+{
+
+ switch (nrounds) {
+ case 10:
+ aesarm_setenckey128(enc, key);
+ break;
+ case 12:
+ aesarm_setenckey192(enc, key);
+ break;
+ case 14:
+ aesarm_setenckey256(enc, key);
+ break;
+ default:
+ panic("invalid AES rounds: %u", nrounds);
+ }
+}
+
+static void
+aesarm_setdeckey(struct aesdec *dec, const uint8_t key[static 16],
+ uint32_t nrounds)
+{
+ struct aesenc enc;
+
+ aesarm_setenckey(&enc, key, nrounds);
+ aesarm_enctodec(&enc, dec, nrounds);
+ explicit_memset(&enc, 0, sizeof enc);
+}
+
+static void
+xor(uint8_t x[static 16],
+ const uint8_t a[static 16], const uint8_t b[static 16])
+{
+ uint64_t alo, ahi;
+ uint64_t blo, bhi;
+ uint64_t xlo, xhi;
+
+ memcpy(&alo, a, 8);
+ memcpy(&ahi, a + 8, 8);
+ memcpy(&blo, b, 8);
+ memcpy(&bhi, b + 8, 8);
+ xlo = alo ^ blo;
+ xhi = ahi ^ bhi;
+ memcpy(x, &xlo, 8);
+ memcpy(x + 8, &xhi, 8);
+}
+
+static void
+aesarm_cbc_enc(const struct aesenc *enc, const uint8_t in[static 16],
+ uint8_t out[static 16], size_t nbytes, uint8_t iv[static 16],
+ uint32_t nrounds)
+{
+
+ KASSERT(nbytes % 16 == 0);
+
+ for (; nbytes; nbytes -= 16, in += 16, out += 16) {
+ xor(iv, in, iv);
+ aesarm_enc(enc, iv, out, nrounds);
+ memcpy(iv, out, 16);
+ }
+}
+
+static void
+aesarm_cbc_dec(const struct aesdec *dec, const uint8_t in[static 16],
+ uint8_t out[static 16], size_t nbytes, uint8_t iv[static 16],
+ uint32_t nrounds)
+{
+ uint8_t tmp[16];
+
+ KASSERT(nbytes % 16 == 0);
+
+ for (; nbytes; nbytes -= 16, in += 16, out += 16) {
+ memcpy(tmp, in, 16);
+ aesarm_dec(dec, in, out, nrounds);
+ xor(out, out, iv);
+ memcpy(iv, tmp, 16);
+ }
+}
+
+static inline void
+aesarm_xts_update(const uint8_t in[static 16], uint8_t out[static 16])
+{
+ uint64_t t0, t1;
+ unsigned s0, s1;
+
+ t0 = le64dec(in + 8*0);
+ t1 = le64dec(in + 8*1);
+
+ s0 = t0 >> 63;
+ s1 = t1 >> 63;
+ t0 = (t0 << 1) ^ (-s1 & 0x87);
+ t1 = (t1 << 1) ^ s0;
+
+ le64enc(out + 8*0, t0);
+ le64enc(out + 8*1, t1);
+}
+
+static int
+aesarm_xts_update_selftest(void)
+{
+ static const struct {
+ uint8_t in[16], out[16];
+ } cases[] = {
+ {{1}, {2}},
+ {{0,0,0,0x80}, {0,0,0,0,1}},
+ {{0,0,0,0,0,0,0,0x80}, {0,0,0,0,0,0,0,0,1}},
+ {{0,0,0,0x80,0,0,0,0x80}, {0,0,0,0,1,0,0,0,1}},
+ {{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0x80}, {0x87}},
+ {{0,0,0,0,0,0,0,0x80,0,0,0,0,0,0,0,0x80},
+ {0x87,0,0,0,0,0,0,0,1}},
+ {{0,0,0,0x80,0,0,0,0,0,0,0,0,0,0,0,0x80}, {0x87,0,0,0,1}},
+ {{0,0,0,0x80,0,0,0,0x80,0,0,0,0,0,0,0,0x80},
+ {0x87,0,0,0,1,0,0,0,1}},
+ };
+ unsigned i;
+ uint8_t tweak[16];
+
+ for (i = 0; i < sizeof(cases)/sizeof(cases[0]); i++) {
+ aesarm_xts_update(cases[i].in, tweak);
+ if (memcmp(tweak, cases[i].out, 16))
+ return -1;
+ }
+
+ /* Success! */
+ return 0;
+}
+
+static void
+aesarm_xts_enc(const struct aesenc *enc, const uint8_t in[static 16],
+ uint8_t out[static 16], size_t nbytes, uint8_t tweak[static 16],
+ uint32_t nrounds)
+{
+ uint8_t tmp[16];
+
+ KASSERT(nbytes % 16 == 0);
+
+ for (; nbytes; nbytes -= 16, in += 16, out += 16) {
+ xor(tmp, in, tweak);
+ aesarm_enc(enc, tmp, tmp, nrounds);
+ xor(out, tmp, tweak);
+ aesarm_xts_update(tweak, tweak);
+ }
+
+ explicit_memset(tmp, 0, sizeof tmp);
+}
+
+static void
+aesarm_xts_dec(const struct aesdec *dec, const uint8_t in[static 16],
+ uint8_t out[static 16], size_t nbytes, uint8_t tweak[static 16],
+ uint32_t nrounds)
+{
+ uint8_t tmp[16];
+
+ KASSERT(nbytes % 16 == 0);
+
+ for (; nbytes; nbytes -= 16, in += 16, out += 16) {
+ xor(tmp, in, tweak);
+ aesarm_dec(dec, tmp, tmp, nrounds);
+ xor(out, tmp, tweak);
+ aesarm_xts_update(tweak, tweak);
+ }
+
+ explicit_memset(tmp, 0, sizeof tmp);
+}
+
+static int
+aesarm_probe(void)
+{
+ struct aarch64_sysctl_cpu_id *id = &curcpu()->ci_id;
+ int result = 0;
+
+ /* Verify that the CPU supports AES. */
+ switch (__SHIFTOUT(id->ac_aa64isar0, ID_AA64ISAR0_EL1_AES)) {
+ case ID_AA64ISAR0_EL1_AES_AES:
+ case ID_AA64ISAR0_EL1_AES_PMUL:
+ break;
+ default:
+ return -1;
+ }
+
+ fpu_kern_enter();
+
+ /* Verify that our XTS tweak update logic works. */
+ if (aesarm_xts_update_selftest())
+ result = -1;
+
+ fpu_kern_leave();
+
+ return result;
Home |
Main Index |
Thread Index |
Old Index