aes.h 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106
  1. /* SPDX-License-Identifier: GPL-2.0-or-later */
  2. /*
  3. * AES optimized using the CP Assist for Cryptographic Functions (CPACF)
  4. *
  5. * Copyright 2026 Google LLC
  6. */
  7. #include <asm/cpacf.h>
  8. #include <linux/cpufeature.h>
  9. static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_cpacf_aes128);
  10. static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_cpacf_aes192);
  11. static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_cpacf_aes256);
  12. /*
  13. * When the CPU supports CPACF AES for the requested key length, we need only
  14. * save a copy of the raw AES key, as that's what the CPACF instructions need.
  15. *
  16. * When unsupported, fall back to the generic key expansion and en/decryption.
  17. */
  18. static void aes_preparekey_arch(union aes_enckey_arch *k,
  19. union aes_invkey_arch *inv_k,
  20. const u8 *in_key, int key_len, int nrounds)
  21. {
  22. if (key_len == AES_KEYSIZE_128) {
  23. if (static_branch_likely(&have_cpacf_aes128)) {
  24. memcpy(k->raw_key, in_key, AES_KEYSIZE_128);
  25. return;
  26. }
  27. } else if (key_len == AES_KEYSIZE_192) {
  28. if (static_branch_likely(&have_cpacf_aes192)) {
  29. memcpy(k->raw_key, in_key, AES_KEYSIZE_192);
  30. return;
  31. }
  32. } else {
  33. if (static_branch_likely(&have_cpacf_aes256)) {
  34. memcpy(k->raw_key, in_key, AES_KEYSIZE_256);
  35. return;
  36. }
  37. }
  38. aes_expandkey_generic(k->rndkeys, inv_k ? inv_k->inv_rndkeys : NULL,
  39. in_key, key_len);
  40. }
  41. static inline bool aes_crypt_s390(const struct aes_enckey *key,
  42. u8 out[AES_BLOCK_SIZE],
  43. const u8 in[AES_BLOCK_SIZE], int decrypt)
  44. {
  45. if (key->len == AES_KEYSIZE_128) {
  46. if (static_branch_likely(&have_cpacf_aes128)) {
  47. cpacf_km(CPACF_KM_AES_128 | decrypt,
  48. (void *)key->k.raw_key, out, in,
  49. AES_BLOCK_SIZE);
  50. return true;
  51. }
  52. } else if (key->len == AES_KEYSIZE_192) {
  53. if (static_branch_likely(&have_cpacf_aes192)) {
  54. cpacf_km(CPACF_KM_AES_192 | decrypt,
  55. (void *)key->k.raw_key, out, in,
  56. AES_BLOCK_SIZE);
  57. return true;
  58. }
  59. } else {
  60. if (static_branch_likely(&have_cpacf_aes256)) {
  61. cpacf_km(CPACF_KM_AES_256 | decrypt,
  62. (void *)key->k.raw_key, out, in,
  63. AES_BLOCK_SIZE);
  64. return true;
  65. }
  66. }
  67. return false;
  68. }
  69. static void aes_encrypt_arch(const struct aes_enckey *key,
  70. u8 out[AES_BLOCK_SIZE],
  71. const u8 in[AES_BLOCK_SIZE])
  72. {
  73. if (likely(aes_crypt_s390(key, out, in, 0)))
  74. return;
  75. aes_encrypt_generic(key->k.rndkeys, key->nrounds, out, in);
  76. }
  77. static void aes_decrypt_arch(const struct aes_key *key,
  78. u8 out[AES_BLOCK_SIZE],
  79. const u8 in[AES_BLOCK_SIZE])
  80. {
  81. if (likely(aes_crypt_s390((const struct aes_enckey *)key, out, in,
  82. CPACF_DECRYPT)))
  83. return;
  84. aes_decrypt_generic(key->inv_k.inv_rndkeys, key->nrounds, out, in);
  85. }
  86. #define aes_mod_init_arch aes_mod_init_arch
  87. static void aes_mod_init_arch(void)
  88. {
  89. if (cpu_have_feature(S390_CPU_FEATURE_MSA)) {
  90. cpacf_mask_t km_functions;
  91. cpacf_query(CPACF_KM, &km_functions);
  92. if (cpacf_test_func(&km_functions, CPACF_KM_AES_128))
  93. static_branch_enable(&have_cpacf_aes128);
  94. if (cpacf_test_func(&km_functions, CPACF_KM_AES_192))
  95. static_branch_enable(&have_cpacf_aes192);
  96. if (cpacf_test_func(&km_functions, CPACF_KM_AES_256))
  97. static_branch_enable(&have_cpacf_aes256);
  98. }
  99. }