Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src-draft/trunk]: src/sys Add x86 AES-NI support.



details:   https://anonhg.NetBSD.org/src-all/rev/3afa5282ac88
branches:  trunk
changeset: 934704:3afa5282ac88
user:      Taylor R Campbell <riastradh%NetBSD.org@localhost>
date:      Sun Jun 14 18:06:43 2020 +0000

description:
Add x86 AES-NI support.

Limited to amd64 for now.  In principle, AES-NI should work in 32-bit
mode, and there may even be some 32-bit-only CPUs that support
AES-NI, but that requires work to adapt the assembly.

diffstat:

 sys/arch/x86/conf/files.x86          |     3 +
 sys/arch/x86/x86/identcpu.c          |     6 +
 sys/crypto/aes/aes.h                 |     8 +-
 sys/crypto/aes/aes_impl.c            |    58 +-
 sys/crypto/aes/aes_rijndael.c        |    14 +-
 sys/crypto/aes/arch/x86/aes_ni.c     |   252 +++++++
 sys/crypto/aes/arch/x86/aes_ni.h     |    68 ++
 sys/crypto/aes/arch/x86/aesnifunc.S  |  1097 ++++++++++++++++++++++++++++++++++
 sys/crypto/aes/arch/x86/files.aesni  |     6 +
 sys/rump/kern/lib/libcrypto/Makefile |    14 +-
 10 files changed, 1510 insertions(+), 16 deletions(-)

diffs (truncated from 1655 to 300 lines):

diff -r a5ba4e4f810b -r 3afa5282ac88 sys/arch/x86/conf/files.x86
--- a/sys/arch/x86/conf/files.x86       Fri Jun 12 05:16:46 2020 +0000
+++ b/sys/arch/x86/conf/files.x86       Sun Jun 14 18:06:43 2020 +0000
@@ -165,3 +165,6 @@
 
 file   arch/x86/pci/pci_bus_fixup.c    pci_bus_fixup
 file   arch/x86/pci/pci_addr_fixup.c   pci_addr_fixup
+
+# AES-NI
+include "crypto/aes/arch/x86/files.aesni"
diff -r a5ba4e4f810b -r 3afa5282ac88 sys/arch/x86/x86/identcpu.c
--- a/sys/arch/x86/x86/identcpu.c       Fri Jun 12 05:16:46 2020 +0000
+++ b/sys/arch/x86/x86/identcpu.c       Sun Jun 14 18:06:43 2020 +0000
@@ -39,6 +39,8 @@
 #include <sys/device.h>
 #include <sys/cpu.h>
 
+#include <crypto/aes/arch/x86/aes_ni.h>
+
 #include <uvm/uvm_extern.h>
 
 #include <machine/specialreg.h>
@@ -995,6 +997,10 @@
                /* Early patch of text segment. */
                x86_patch(true);
 #endif
+#ifdef __x86_64__      /* not yet implemented on i386 */
+               if (cpu_feature[1] & CPUID2_AES)
+                       aes_md_init(&aes_ni_impl);
+#endif
        } else {
                /*
                 * If not first. Warn about cpu_feature mismatch for
diff -r a5ba4e4f810b -r 3afa5282ac88 sys/crypto/aes/aes.h
--- a/sys/crypto/aes/aes.h      Fri Jun 12 05:16:46 2020 +0000
+++ b/sys/crypto/aes/aes.h      Sun Jun 14 18:06:43 2020 +0000
@@ -74,8 +74,12 @@
 
 int    aes_selftest(const struct aes_impl *);
 
-void   aes_setenckey(struct aesenc *, const uint8_t[static 16], uint32_t);
-void   aes_setdeckey(struct aesdec *, const uint8_t[static 16], uint32_t);
+uint32_t aes_setenckey128(struct aesenc *, const uint8_t[static 16]);
+uint32_t aes_setenckey192(struct aesenc *, const uint8_t[static 24]);
+uint32_t aes_setenckey256(struct aesenc *, const uint8_t[static 32]);
+uint32_t aes_setdeckey128(struct aesdec *, const uint8_t[static 16]);
+uint32_t aes_setdeckey192(struct aesdec *, const uint8_t[static 24]);
+uint32_t aes_setdeckey256(struct aesdec *, const uint8_t[static 32]);
 
 void   aes_enc(const struct aesenc *, const uint8_t[static 16],
            uint8_t[static 16], uint32_t);
diff -r a5ba4e4f810b -r 3afa5282ac88 sys/crypto/aes/aes_impl.c
--- a/sys/crypto/aes/aes_impl.c Fri Jun 12 05:16:46 2020 +0000
+++ b/sys/crypto/aes/aes_impl.c Sun Jun 14 18:06:43 2020 +0000
@@ -125,7 +125,7 @@
        aes_md_impl = impl;
 }
 
-void
+static void
 aes_setenckey(struct aesenc *enc, const uint8_t key[static 16],
     uint32_t nrounds)
 {
@@ -134,7 +134,34 @@
        aes_impl->ai_setenckey(enc, key, nrounds);
 }
 
-void
+uint32_t
+aes_setenckey128(struct aesenc *enc, const uint8_t key[static 16])
+{
+       uint32_t nrounds = AES_128_NROUNDS;
+
+       aes_setenckey(enc, key, nrounds);
+       return nrounds;
+}
+
+uint32_t
+aes_setenckey192(struct aesenc *enc, const uint8_t key[static 24])
+{
+       uint32_t nrounds = AES_192_NROUNDS;
+
+       aes_setenckey(enc, key, nrounds);
+       return nrounds;
+}
+
+uint32_t
+aes_setenckey256(struct aesenc *enc, const uint8_t key[static 32])
+{
+       uint32_t nrounds = AES_256_NROUNDS;
+
+       aes_setenckey(enc, key, nrounds);
+       return nrounds;
+}
+
+static void
 aes_setdeckey(struct aesdec *dec, const uint8_t key[static 16],
     uint32_t nrounds)
 {
@@ -143,6 +170,33 @@
        aes_impl->ai_setdeckey(dec, key, nrounds);
 }
 
+uint32_t
+aes_setdeckey128(struct aesdec *dec, const uint8_t key[static 16])
+{
+       uint32_t nrounds = AES_128_NROUNDS;
+
+       aes_setdeckey(dec, key, nrounds);
+       return nrounds;
+}
+
+uint32_t
+aes_setdeckey192(struct aesdec *dec, const uint8_t key[static 24])
+{
+       uint32_t nrounds = AES_192_NROUNDS;
+
+       aes_setdeckey(dec, key, nrounds);
+       return nrounds;
+}
+
+uint32_t
+aes_setdeckey256(struct aesdec *dec, const uint8_t key[static 32])
+{
+       uint32_t nrounds = AES_256_NROUNDS;
+
+       aes_setdeckey(dec, key, nrounds);
+       return nrounds;
+}
+
 void
 aes_enc(const struct aesenc *enc, const uint8_t in[static 16],
     uint8_t out[static 16], uint32_t nrounds)
diff -r a5ba4e4f810b -r 3afa5282ac88 sys/crypto/aes/aes_rijndael.c
--- a/sys/crypto/aes/aes_rijndael.c     Fri Jun 12 05:16:46 2020 +0000
+++ b/sys/crypto/aes/aes_rijndael.c     Sun Jun 14 18:06:43 2020 +0000
@@ -84,19 +84,18 @@
 
        switch (keybits) {
        case 128:
-               nrounds = AES_128_NROUNDS;
+               nrounds = aes_setenckey128(&enc, key);
                break;
        case 192:
-               nrounds = AES_192_NROUNDS;
+               nrounds = aes_setenckey192(&enc, key);
                break;
        case 256:
-               nrounds = AES_256_NROUNDS;
+               nrounds = aes_setenckey256(&enc, key);
                break;
        default:
                panic("invalid AES key bits: %d", keybits);
        }
 
-       aes_setenckey(&enc, key, nrounds);
        memcpy(rk, enc.aese_aes.aes_rk, 4*(nrounds + 1)*sizeof(rk[0]));
        explicit_memset(&enc, 0, sizeof enc);
 
@@ -111,19 +110,18 @@
 
        switch (keybits) {
        case 128:
-               nrounds = AES_128_NROUNDS;
+               nrounds = aes_setdeckey128(&dec, key);
                break;
        case 192:
-               nrounds = AES_192_NROUNDS;
+               nrounds = aes_setdeckey192(&dec, key);
                break;
        case 256:
-               nrounds = AES_256_NROUNDS;
+               nrounds = aes_setdeckey256(&dec, key);
                break;
        default:
                panic("invalid AES key bits: %d", keybits);
        }
 
-       aes_setdeckey(&dec, key, nrounds);
        memcpy(rk, dec.aesd_aes.aes_rk, 4*(nrounds + 1)*sizeof(rk[0]));
        explicit_memset(&dec, 0, sizeof dec);
 
diff -r a5ba4e4f810b -r 3afa5282ac88 sys/crypto/aes/arch/x86/aes_ni.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/crypto/aes/arch/x86/aes_ni.c  Sun Jun 14 18:06:43 2020 +0000
@@ -0,0 +1,252 @@
+/*     $NetBSD$        */
+
+/*-
+ * Copyright (c) 2020 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(1, "$NetBSD$");
+
+#include <sys/types.h>
+#include <sys/systm.h>
+
+#include <crypto/aes/aes.h>
+#include <crypto/aes/arch/x86/aes_ni.h>
+
+#include <x86/cpuvar.h>
+#include <x86/fpu.h>
+#include <x86/specialreg.h>
+
+static void
+aesni_setenckey(struct aesenc *enc, const uint8_t key[static 16],
+    uint32_t nrounds)
+{
+
+       switch (nrounds) {
+       case 10:
+               aesni_setenckey128(enc, key);
+               break;
+       case 12:
+               aesni_setenckey192(enc, key);
+               break;
+       case 14:
+               aesni_setenckey256(enc, key);
+               break;
+       default:
+               panic("invalid AES rounds: %u", nrounds);
+       }
+}
+
+static void
+aesni_setenckey_impl(struct aesenc *enc, const uint8_t key[static 16],
+    uint32_t nrounds)
+{
+
+       fpu_kern_enter();
+       aesni_setenckey(enc, key, nrounds);
+       fpu_kern_leave();
+}
+
+static void
+aesni_setdeckey_impl(struct aesdec *dec, const uint8_t key[static 16],
+    uint32_t nrounds)
+{
+       struct aesenc enc;
+
+       fpu_kern_enter();
+       aesni_setenckey(&enc, key, nrounds);
+       aesni_enctodec(&enc, dec, nrounds);
+       fpu_kern_leave();
+
+       explicit_memset(&enc, 0, sizeof enc);
+}
+
+static void
+aesni_enc_impl(const struct aesenc *enc, const uint8_t in[static 16],
+    uint8_t out[static 16], uint32_t nrounds)
+{
+
+       fpu_kern_enter();
+       aesni_enc(enc, in, out, nrounds);
+       fpu_kern_leave();
+}
+
+static void
+aesni_dec_impl(const struct aesdec *dec, const uint8_t in[static 16],
+    uint8_t out[static 16], uint32_t nrounds)
+{
+
+       fpu_kern_enter();
+       aesni_dec(dec, in, out, nrounds);
+       fpu_kern_leave();
+}
+
+static void
+aesni_cbc_enc_impl(const struct aesenc *enc, const uint8_t in[static 16],
+    uint8_t out[static 16], size_t nbytes, uint8_t iv[static 16],
+    uint32_t nrounds)
+{
+
+       KASSERT(nbytes % 16 == 0);
+
+       fpu_kern_enter();



Home | Main Index | Thread Index | Old Index