mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-12-30 21:09:38 +03:00
010d12474c
- Add two new module parameters to icp (icp_aes_impl, icp_gcm_impl) that control the crypto implementation. At the moment there is a choice between generic and aesni (on platforms that support it). - This enables support for AES-NI and PCLMULQDQ-NI on AMD Family 15h (bulldozer) and newer CPUs (zen). - Modify aes_key_t to track what implementation it was generated with as key schedules generated with various implementations are not necessarily interchangable. Reviewed by: Gvozden Neskovic <neskovic@gmail.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Tom Caputi <tcaputi@datto.com> Reviewed-by: Richard Laager <rlaager@wiktel.com> Signed-off-by: Nathaniel R. Lewis <linux.robotdude@gmail.com> Closes #7102 Closes #7103
124 lines
3.7 KiB
C
124 lines
3.7 KiB
C
/*
|
|
* CDDL HEADER START
|
|
*
|
|
* The contents of this file are subject to the terms of the
|
|
* Common Development and Distribution License (the "License").
|
|
* You may not use this file except in compliance with the License.
|
|
*
|
|
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
* or http://www.opensolaris.org/os/licensing.
|
|
* See the License for the specific language governing permissions
|
|
* and limitations under the License.
|
|
*
|
|
* When distributing Covered Code, include this CDDL HEADER in each
|
|
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
* If applicable, add the following below this CDDL HEADER, with the
|
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
|
* information: Portions Copyright [yyyy] [name of copyright owner]
|
|
*
|
|
* CDDL HEADER END
|
|
*/
|
|
/*
|
|
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
|
|
*/
|
|
|
|
#if defined(__x86_64) && defined(HAVE_AES)
|
|
|
|
#include <linux/simd_x86.h>
|
|
|
|
/* These functions are used to execute AES-NI instructions: */
|
|
extern int rijndael_key_setup_enc_intel(uint32_t rk[],
|
|
const uint32_t cipherKey[], uint64_t keyBits);
|
|
extern int rijndael_key_setup_dec_intel(uint32_t rk[],
|
|
const uint32_t cipherKey[], uint64_t keyBits);
|
|
extern void aes_encrypt_intel(const uint32_t rk[], int Nr,
|
|
const uint32_t pt[4], uint32_t ct[4]);
|
|
extern void aes_decrypt_intel(const uint32_t rk[], int Nr,
|
|
const uint32_t ct[4], uint32_t pt[4]);
|
|
|
|
|
|
#include <aes/aes_impl.h>
|
|
|
|
/*
|
|
* Expand the 32-bit AES cipher key array into the encryption and decryption
|
|
* key schedules.
|
|
*
|
|
* Parameters:
|
|
* key AES key schedule to be initialized
|
|
* keyarr32 User key
|
|
* keyBits AES key size (128, 192, or 256 bits)
|
|
*/
|
|
static void
|
|
aes_aesni_generate(aes_key_t *key, const uint32_t *keyarr32, int keybits)
|
|
{
|
|
kfpu_begin();
|
|
key->nr = rijndael_key_setup_enc_intel(&(key->encr_ks.ks32[0]),
|
|
keyarr32, keybits);
|
|
key->nr = rijndael_key_setup_dec_intel(&(key->decr_ks.ks32[0]),
|
|
keyarr32, keybits);
|
|
kfpu_end();
|
|
}
|
|
|
|
/*
|
|
* Encrypt one block of data. The block is assumed to be an array
|
|
* of four uint32_t values, so copy for alignment (and byte-order
|
|
* reversal for little endian systems might be necessary on the
|
|
* input and output byte streams.
|
|
* The size of the key schedule depends on the number of rounds
|
|
* (which can be computed from the size of the key), i.e. 4*(Nr + 1).
|
|
*
|
|
* Parameters:
|
|
* rk Key schedule, of aes_ks_t (60 32-bit integers)
|
|
* Nr Number of rounds
|
|
* pt Input block (plain text)
|
|
* ct Output block (crypto text). Can overlap with pt
|
|
*/
|
|
static void
|
|
aes_aesni_encrypt(const uint32_t rk[], int Nr, const uint32_t pt[4],
|
|
uint32_t ct[4])
|
|
{
|
|
kfpu_begin();
|
|
aes_encrypt_intel(rk, Nr, pt, ct);
|
|
kfpu_end();
|
|
}
|
|
|
|
/*
|
|
* Decrypt one block of data. The block is assumed to be an array
|
|
* of four uint32_t values, so copy for alignment (and byte-order
|
|
* reversal for little endian systems might be necessary on the
|
|
* input and output byte streams.
|
|
* The size of the key schedule depends on the number of rounds
|
|
* (which can be computed from the size of the key), i.e. 4*(Nr + 1).
|
|
*
|
|
* Parameters:
|
|
* rk Key schedule, of aes_ks_t (60 32-bit integers)
|
|
* Nr Number of rounds
|
|
* ct Input block (crypto text)
|
|
* pt Output block (plain text). Can overlap with pt
|
|
*/
|
|
static void
|
|
aes_aesni_decrypt(const uint32_t rk[], int Nr, const uint32_t ct[4],
|
|
uint32_t pt[4])
|
|
{
|
|
kfpu_begin();
|
|
aes_decrypt_intel(rk, Nr, ct, pt);
|
|
kfpu_end();
|
|
}
|
|
|
|
static boolean_t
|
|
aes_aesni_will_work(void)
|
|
{
|
|
return (zfs_aes_available());
|
|
}
|
|
|
|
const aes_impl_ops_t aes_aesni_impl = {
|
|
.generate = &aes_aesni_generate,
|
|
.encrypt = &aes_aesni_encrypt,
|
|
.decrypt = &aes_aesni_decrypt,
|
|
.is_supported = &aes_aesni_will_work,
|
|
.needs_byteswap = B_FALSE,
|
|
.name = "aesni"
|
|
};
|
|
|
|
#endif /* defined(__x86_64) && defined(HAVE_AES) */
|