simd.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /*
  3. * Shared crypto simd helpers
  4. *
  5. * Copyright (c) 2012 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
  6. * Copyright (c) 2016 Herbert Xu <herbert@gondor.apana.org.au>
  7. * Copyright (c) 2019 Google LLC
  8. *
  9. * Based on aesni-intel_glue.c by:
  10. * Copyright (C) 2008, Intel Corp.
  11. * Author: Huang Ying <ying.huang@intel.com>
  12. */
  13. /*
  14. * Shared crypto SIMD helpers. These functions dynamically create and register
  15. * an skcipher or AEAD algorithm that wraps another, internal algorithm. The
  16. * wrapper ensures that the internal algorithm is only executed in a context
  17. * where SIMD instructions are usable, i.e. where may_use_simd() returns true.
  18. * If SIMD is already usable, the wrapper directly calls the internal algorithm.
  19. * Otherwise it defers execution to a workqueue via cryptd.
  20. *
  21. * This is an alternative to the internal algorithm implementing a fallback for
  22. * the !may_use_simd() case itself.
  23. *
  24. * Note that the wrapper algorithm is asynchronous, i.e. it has the
  25. * CRYPTO_ALG_ASYNC flag set. Therefore it won't be found by users who
  26. * explicitly allocate a synchronous algorithm.
  27. */
  28. #include <crypto/cryptd.h>
  29. #include <crypto/internal/aead.h>
  30. #include <crypto/internal/simd.h>
  31. #include <crypto/internal/skcipher.h>
  32. #include <linux/kernel.h>
  33. #include <linux/module.h>
  34. #include <linux/preempt.h>
  35. #include <asm/simd.h>
  36. /* skcipher support */
  37. struct simd_skcipher_alg {
  38. const char *ialg_name;
  39. struct skcipher_alg alg;
  40. };
  41. struct simd_skcipher_ctx {
  42. struct cryptd_skcipher *cryptd_tfm;
  43. };
  44. static int simd_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
  45. unsigned int key_len)
  46. {
  47. struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
  48. struct crypto_skcipher *child = &ctx->cryptd_tfm->base;
  49. crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
  50. crypto_skcipher_set_flags(child, crypto_skcipher_get_flags(tfm) &
  51. CRYPTO_TFM_REQ_MASK);
  52. return crypto_skcipher_setkey(child, key, key_len);
  53. }
  54. static int simd_skcipher_encrypt(struct skcipher_request *req)
  55. {
  56. struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
  57. struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
  58. struct skcipher_request *subreq;
  59. struct crypto_skcipher *child;
  60. subreq = skcipher_request_ctx(req);
  61. *subreq = *req;
  62. if (!crypto_simd_usable() ||
  63. (in_atomic() && cryptd_skcipher_queued(ctx->cryptd_tfm)))
  64. child = &ctx->cryptd_tfm->base;
  65. else
  66. child = cryptd_skcipher_child(ctx->cryptd_tfm);
  67. skcipher_request_set_tfm(subreq, child);
  68. return crypto_skcipher_encrypt(subreq);
  69. }
  70. static int simd_skcipher_decrypt(struct skcipher_request *req)
  71. {
  72. struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
  73. struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
  74. struct skcipher_request *subreq;
  75. struct crypto_skcipher *child;
  76. subreq = skcipher_request_ctx(req);
  77. *subreq = *req;
  78. if (!crypto_simd_usable() ||
  79. (in_atomic() && cryptd_skcipher_queued(ctx->cryptd_tfm)))
  80. child = &ctx->cryptd_tfm->base;
  81. else
  82. child = cryptd_skcipher_child(ctx->cryptd_tfm);
  83. skcipher_request_set_tfm(subreq, child);
  84. return crypto_skcipher_decrypt(subreq);
  85. }
  86. static void simd_skcipher_exit(struct crypto_skcipher *tfm)
  87. {
  88. struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
  89. cryptd_free_skcipher(ctx->cryptd_tfm);
  90. }
  91. static int simd_skcipher_init(struct crypto_skcipher *tfm)
  92. {
  93. struct simd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
  94. struct cryptd_skcipher *cryptd_tfm;
  95. struct simd_skcipher_alg *salg;
  96. struct skcipher_alg *alg;
  97. unsigned reqsize;
  98. alg = crypto_skcipher_alg(tfm);
  99. salg = container_of(alg, struct simd_skcipher_alg, alg);
  100. cryptd_tfm = cryptd_alloc_skcipher(salg->ialg_name,
  101. CRYPTO_ALG_INTERNAL,
  102. CRYPTO_ALG_INTERNAL);
  103. if (IS_ERR(cryptd_tfm))
  104. return PTR_ERR(cryptd_tfm);
  105. ctx->cryptd_tfm = cryptd_tfm;
  106. reqsize = crypto_skcipher_reqsize(cryptd_skcipher_child(cryptd_tfm));
  107. reqsize = max(reqsize, crypto_skcipher_reqsize(&cryptd_tfm->base));
  108. reqsize += sizeof(struct skcipher_request);
  109. crypto_skcipher_set_reqsize(tfm, reqsize);
  110. return 0;
  111. }
  112. struct simd_skcipher_alg *simd_skcipher_create_compat(struct skcipher_alg *ialg,
  113. const char *algname,
  114. const char *drvname,
  115. const char *basename)
  116. {
  117. struct simd_skcipher_alg *salg;
  118. struct skcipher_alg *alg;
  119. int err;
  120. salg = kzalloc_obj(*salg);
  121. if (!salg) {
  122. salg = ERR_PTR(-ENOMEM);
  123. goto out;
  124. }
  125. salg->ialg_name = basename;
  126. alg = &salg->alg;
  127. err = -ENAMETOOLONG;
  128. if (snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", algname) >=
  129. CRYPTO_MAX_ALG_NAME)
  130. goto out_free_salg;
  131. if (snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
  132. drvname) >= CRYPTO_MAX_ALG_NAME)
  133. goto out_free_salg;
  134. alg->base.cra_flags = CRYPTO_ALG_ASYNC |
  135. (ialg->base.cra_flags & CRYPTO_ALG_INHERITED_FLAGS);
  136. alg->base.cra_priority = ialg->base.cra_priority;
  137. alg->base.cra_blocksize = ialg->base.cra_blocksize;
  138. alg->base.cra_alignmask = ialg->base.cra_alignmask;
  139. alg->base.cra_module = ialg->base.cra_module;
  140. alg->base.cra_ctxsize = sizeof(struct simd_skcipher_ctx);
  141. alg->ivsize = ialg->ivsize;
  142. alg->chunksize = ialg->chunksize;
  143. alg->min_keysize = ialg->min_keysize;
  144. alg->max_keysize = ialg->max_keysize;
  145. alg->init = simd_skcipher_init;
  146. alg->exit = simd_skcipher_exit;
  147. alg->setkey = simd_skcipher_setkey;
  148. alg->encrypt = simd_skcipher_encrypt;
  149. alg->decrypt = simd_skcipher_decrypt;
  150. err = crypto_register_skcipher(alg);
  151. if (err)
  152. goto out_free_salg;
  153. out:
  154. return salg;
  155. out_free_salg:
  156. kfree(salg);
  157. salg = ERR_PTR(err);
  158. goto out;
  159. }
  160. EXPORT_SYMBOL_GPL(simd_skcipher_create_compat);
  161. void simd_skcipher_free(struct simd_skcipher_alg *salg)
  162. {
  163. crypto_unregister_skcipher(&salg->alg);
  164. kfree(salg);
  165. }
  166. EXPORT_SYMBOL_GPL(simd_skcipher_free);
  167. int simd_register_skciphers_compat(struct skcipher_alg *algs, int count,
  168. struct simd_skcipher_alg **simd_algs)
  169. {
  170. int err;
  171. int i;
  172. const char *algname;
  173. const char *drvname;
  174. const char *basename;
  175. struct simd_skcipher_alg *simd;
  176. err = crypto_register_skciphers(algs, count);
  177. if (err)
  178. return err;
  179. for (i = 0; i < count; i++) {
  180. WARN_ON(strncmp(algs[i].base.cra_name, "__", 2));
  181. WARN_ON(strncmp(algs[i].base.cra_driver_name, "__", 2));
  182. algname = algs[i].base.cra_name + 2;
  183. drvname = algs[i].base.cra_driver_name + 2;
  184. basename = algs[i].base.cra_driver_name;
  185. simd = simd_skcipher_create_compat(algs + i, algname, drvname, basename);
  186. err = PTR_ERR(simd);
  187. if (IS_ERR(simd))
  188. goto err_unregister;
  189. simd_algs[i] = simd;
  190. }
  191. return 0;
  192. err_unregister:
  193. simd_unregister_skciphers(algs, count, simd_algs);
  194. return err;
  195. }
  196. EXPORT_SYMBOL_GPL(simd_register_skciphers_compat);
  197. void simd_unregister_skciphers(struct skcipher_alg *algs, int count,
  198. struct simd_skcipher_alg **simd_algs)
  199. {
  200. int i;
  201. crypto_unregister_skciphers(algs, count);
  202. for (i = 0; i < count; i++) {
  203. if (simd_algs[i]) {
  204. simd_skcipher_free(simd_algs[i]);
  205. simd_algs[i] = NULL;
  206. }
  207. }
  208. }
  209. EXPORT_SYMBOL_GPL(simd_unregister_skciphers);
  210. /* AEAD support */
  211. struct simd_aead_alg {
  212. const char *ialg_name;
  213. struct aead_alg alg;
  214. };
  215. struct simd_aead_ctx {
  216. struct cryptd_aead *cryptd_tfm;
  217. };
  218. static int simd_aead_setkey(struct crypto_aead *tfm, const u8 *key,
  219. unsigned int key_len)
  220. {
  221. struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
  222. struct crypto_aead *child = &ctx->cryptd_tfm->base;
  223. crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK);
  224. crypto_aead_set_flags(child, crypto_aead_get_flags(tfm) &
  225. CRYPTO_TFM_REQ_MASK);
  226. return crypto_aead_setkey(child, key, key_len);
  227. }
  228. static int simd_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
  229. {
  230. struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
  231. struct crypto_aead *child = &ctx->cryptd_tfm->base;
  232. return crypto_aead_setauthsize(child, authsize);
  233. }
  234. static int simd_aead_encrypt(struct aead_request *req)
  235. {
  236. struct crypto_aead *tfm = crypto_aead_reqtfm(req);
  237. struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
  238. struct aead_request *subreq;
  239. struct crypto_aead *child;
  240. subreq = aead_request_ctx(req);
  241. *subreq = *req;
  242. if (!crypto_simd_usable() ||
  243. (in_atomic() && cryptd_aead_queued(ctx->cryptd_tfm)))
  244. child = &ctx->cryptd_tfm->base;
  245. else
  246. child = cryptd_aead_child(ctx->cryptd_tfm);
  247. aead_request_set_tfm(subreq, child);
  248. return crypto_aead_encrypt(subreq);
  249. }
  250. static int simd_aead_decrypt(struct aead_request *req)
  251. {
  252. struct crypto_aead *tfm = crypto_aead_reqtfm(req);
  253. struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
  254. struct aead_request *subreq;
  255. struct crypto_aead *child;
  256. subreq = aead_request_ctx(req);
  257. *subreq = *req;
  258. if (!crypto_simd_usable() ||
  259. (in_atomic() && cryptd_aead_queued(ctx->cryptd_tfm)))
  260. child = &ctx->cryptd_tfm->base;
  261. else
  262. child = cryptd_aead_child(ctx->cryptd_tfm);
  263. aead_request_set_tfm(subreq, child);
  264. return crypto_aead_decrypt(subreq);
  265. }
  266. static void simd_aead_exit(struct crypto_aead *tfm)
  267. {
  268. struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
  269. cryptd_free_aead(ctx->cryptd_tfm);
  270. }
  271. static int simd_aead_init(struct crypto_aead *tfm)
  272. {
  273. struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
  274. struct cryptd_aead *cryptd_tfm;
  275. struct simd_aead_alg *salg;
  276. struct aead_alg *alg;
  277. unsigned reqsize;
  278. alg = crypto_aead_alg(tfm);
  279. salg = container_of(alg, struct simd_aead_alg, alg);
  280. cryptd_tfm = cryptd_alloc_aead(salg->ialg_name, CRYPTO_ALG_INTERNAL,
  281. CRYPTO_ALG_INTERNAL);
  282. if (IS_ERR(cryptd_tfm))
  283. return PTR_ERR(cryptd_tfm);
  284. ctx->cryptd_tfm = cryptd_tfm;
  285. reqsize = max(crypto_aead_reqsize(cryptd_aead_child(cryptd_tfm)),
  286. crypto_aead_reqsize(&cryptd_tfm->base));
  287. reqsize += sizeof(struct aead_request);
  288. crypto_aead_set_reqsize(tfm, reqsize);
  289. return 0;
  290. }
  291. static struct simd_aead_alg *simd_aead_create_compat(struct aead_alg *ialg,
  292. const char *algname,
  293. const char *drvname,
  294. const char *basename)
  295. {
  296. struct simd_aead_alg *salg;
  297. struct aead_alg *alg;
  298. int err;
  299. salg = kzalloc_obj(*salg);
  300. if (!salg) {
  301. salg = ERR_PTR(-ENOMEM);
  302. goto out;
  303. }
  304. salg->ialg_name = basename;
  305. alg = &salg->alg;
  306. err = -ENAMETOOLONG;
  307. if (snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", algname) >=
  308. CRYPTO_MAX_ALG_NAME)
  309. goto out_free_salg;
  310. if (snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
  311. drvname) >= CRYPTO_MAX_ALG_NAME)
  312. goto out_free_salg;
  313. alg->base.cra_flags = CRYPTO_ALG_ASYNC |
  314. (ialg->base.cra_flags & CRYPTO_ALG_INHERITED_FLAGS);
  315. alg->base.cra_priority = ialg->base.cra_priority;
  316. alg->base.cra_blocksize = ialg->base.cra_blocksize;
  317. alg->base.cra_alignmask = ialg->base.cra_alignmask;
  318. alg->base.cra_module = ialg->base.cra_module;
  319. alg->base.cra_ctxsize = sizeof(struct simd_aead_ctx);
  320. alg->ivsize = ialg->ivsize;
  321. alg->maxauthsize = ialg->maxauthsize;
  322. alg->chunksize = ialg->chunksize;
  323. alg->init = simd_aead_init;
  324. alg->exit = simd_aead_exit;
  325. alg->setkey = simd_aead_setkey;
  326. alg->setauthsize = simd_aead_setauthsize;
  327. alg->encrypt = simd_aead_encrypt;
  328. alg->decrypt = simd_aead_decrypt;
  329. err = crypto_register_aead(alg);
  330. if (err)
  331. goto out_free_salg;
  332. out:
  333. return salg;
  334. out_free_salg:
  335. kfree(salg);
  336. salg = ERR_PTR(err);
  337. goto out;
  338. }
  339. static void simd_aead_free(struct simd_aead_alg *salg)
  340. {
  341. crypto_unregister_aead(&salg->alg);
  342. kfree(salg);
  343. }
  344. int simd_register_aeads_compat(struct aead_alg *algs, int count,
  345. struct simd_aead_alg **simd_algs)
  346. {
  347. int err;
  348. int i;
  349. const char *algname;
  350. const char *drvname;
  351. const char *basename;
  352. struct simd_aead_alg *simd;
  353. err = crypto_register_aeads(algs, count);
  354. if (err)
  355. return err;
  356. for (i = 0; i < count; i++) {
  357. WARN_ON(strncmp(algs[i].base.cra_name, "__", 2));
  358. WARN_ON(strncmp(algs[i].base.cra_driver_name, "__", 2));
  359. algname = algs[i].base.cra_name + 2;
  360. drvname = algs[i].base.cra_driver_name + 2;
  361. basename = algs[i].base.cra_driver_name;
  362. simd = simd_aead_create_compat(algs + i, algname, drvname, basename);
  363. err = PTR_ERR(simd);
  364. if (IS_ERR(simd))
  365. goto err_unregister;
  366. simd_algs[i] = simd;
  367. }
  368. return 0;
  369. err_unregister:
  370. simd_unregister_aeads(algs, count, simd_algs);
  371. return err;
  372. }
  373. EXPORT_SYMBOL_GPL(simd_register_aeads_compat);
  374. void simd_unregister_aeads(struct aead_alg *algs, int count,
  375. struct simd_aead_alg **simd_algs)
  376. {
  377. int i;
  378. crypto_unregister_aeads(algs, count);
  379. for (i = 0; i < count; i++) {
  380. if (simd_algs[i]) {
  381. simd_aead_free(simd_algs[i]);
  382. simd_algs[i] = NULL;
  383. }
  384. }
  385. }
  386. EXPORT_SYMBOL_GPL(simd_unregister_aeads);
  387. MODULE_DESCRIPTION("Shared crypto SIMD helpers");
  388. MODULE_LICENSE("GPL");