diff options
author | Damjan Marion <damarion@cisco.com> | 2020-01-28 09:55:25 +0100 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2020-01-28 10:24:18 +0000 |
commit | 7d08e39a87f5805d1ef764aa0fd986490fb4f7bb (patch) | |
tree | 27d838a8f5681dea82d2661c2d70526af9d0fef0 /src/plugins/crypto_ia32/aes_gcm.c | |
parent | 0d4a61216c2329eec5167d0411481431037ac5c1 (diff) |
crypto-native: rename crypto_ia32 to crypto_native
Type: refactor
Change-Id: I9f21b3bf669ff913ff50afe5459cf52ff987e701
Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/plugins/crypto_ia32/aes_gcm.c')
-rw-r--r-- | src/plugins/crypto_ia32/aes_gcm.c | 780 |
1 files changed, 0 insertions, 780 deletions
diff --git a/src/plugins/crypto_ia32/aes_gcm.c b/src/plugins/crypto_ia32/aes_gcm.c deleted file mode 100644 index e45dda79faf..00000000000 --- a/src/plugins/crypto_ia32/aes_gcm.c +++ /dev/null @@ -1,780 +0,0 @@ -/* - *------------------------------------------------------------------ - * Copyright (c) 2019 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *------------------------------------------------------------------ - */ - -#include <vlib/vlib.h> -#include <vnet/plugin/plugin.h> -#include <vnet/crypto/crypto.h> -#include <x86intrin.h> -#include <crypto_ia32/crypto_ia32.h> -#include <crypto_ia32/aesni.h> -#include <crypto_ia32/ghash.h> - -#if __GNUC__ > 4 && !__clang__ && CLIB_DEBUG == 0 -#pragma GCC optimize ("O3") -#endif - -typedef struct -{ - /* pre-calculated hash key values */ - const __m128i Hi[8]; - /* extracted AES key */ - const __m128i Ke[15]; -} aes_gcm_key_data_t; - -static const __m128i last_byte_one = { 0, 1ULL << 56 }; -static const __m128i zero = { 0, 0 }; - -static const u8x16 bswap_mask = { - 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 -}; - -static const u8x16 byte_mask_scale = { - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 -}; - -static_always_inline __m128i -aesni_gcm_bswap (__m128i x) -{ - return _mm_shuffle_epi8 (x, (__m128i) bswap_mask); -} - -static_always_inline __m128i -aesni_gcm_byte_mask (__m128i x, u8 n_bytes) -{ - u8x16 mask = u8x16_is_greater (u8x16_splat (n_bytes), byte_mask_scale); - - return _mm_blendv_epi8 (zero, x, (__m128i) mask); -} - -static_always_inline __m128i -aesni_gcm_load_partial (__m128i * p, int n_bytes) -{ - ASSERT (n_bytes <= 16); -#ifdef __AVX512F__ - return _mm_mask_loadu_epi8 (zero, (1 << n_bytes) - 1, p); -#else - return aesni_gcm_byte_mask (CLIB_MEM_OVERFLOW_LOAD (_mm_loadu_si128, p), - n_bytes); -#endif -} - -static_always_inline void -aesni_gcm_store_partial (void *p, __m128i r, int n_bytes) -{ -#ifdef __AVX512F__ - _mm_mask_storeu_epi8 (p, (1 << n_bytes) - 1, r); -#else - u8x16 mask = u8x16_is_greater (u8x16_splat (n_bytes), byte_mask_scale); - _mm_maskmoveu_si128 (r, (__m128i) mask, p); -#endif -} - -static_always_inline void -aesni_gcm_load (__m128i * d, __m128i * inv, int n, int n_bytes) -{ - for (int i = 0; i < n - 1; i++) - d[i] = _mm_loadu_si128 (inv + i); - d[n - 1] = n_bytes ? aesni_gcm_load_partial (inv + n - 1, n_bytes) : - _mm_loadu_si128 (inv + n - 1); -} - -static_always_inline void -aesni_gcm_store (__m128i * d, __m128i * outv, int n, int n_bytes) -{ - for (int i = 0; i < n - 1; i++) - _mm_storeu_si128 (outv + i, d[i]); - if (n_bytes & 0xf) - aesni_gcm_store_partial (outv + n - 1, d[n - 1], n_bytes); - else - _mm_storeu_si128 (outv + n - 1, d[n - 1]); -} - -static_always_inline void -aesni_gcm_enc_first_round (__m128i * r, __m128i * Y, u32 * ctr, __m128i k, - int n_blocks) -{ - u32 i; - - if (PREDICT_TRUE ((u8) ctr[0] < (256 - n_blocks))) - { - for (i = 0; i < n_blocks; i++) - { - Y[0] = _mm_add_epi32 (Y[0], last_byte_one); - r[i] = k ^ Y[0]; - } - ctr[0] += n_blocks; - } - else - { - for (i = 0; i < n_blocks; i++) - { - Y[0] = _mm_insert_epi32 (Y[0], clib_host_to_net_u32 (++ctr[0]), 3); - r[i] = k ^ Y[0]; - } - } -} - -static_always_inline void -aesni_gcm_enc_round (__m128i * r, __m128i k, int n_blocks) -{ - for (int i = 0; i < n_blocks; i++) - r[i] = _mm_aesenc_si128 (r[i], k); -} - -static_always_inline void -aesni_gcm_enc_last_round (__m128i * r, __m128i * d, const __m128i * k, - int rounds, int n_blocks) -{ - - /* additional ronuds for AES-192 and AES-256 */ - for (int i = 10; i < rounds; i++) - aesni_gcm_enc_round (r, k[i], n_blocks); - - for (int i = 0; i < n_blocks; i++) - d[i] ^= _mm_aesenclast_si128 (r[i], k[rounds]); -} - -static_always_inline __m128i -aesni_gcm_ghash_blocks (__m128i T, aes_gcm_key_data_t * kd, - const __m128i * in, int n_blocks) -{ - ghash_data_t _gd, *gd = &_gd; - const __m128i *Hi = kd->Hi + n_blocks - 1; - ghash_mul_first (gd, aesni_gcm_bswap (_mm_loadu_si128 (in)) ^ T, Hi[0]); - for (int i = 1; i < n_blocks; i++) - ghash_mul_next (gd, aesni_gcm_bswap (_mm_loadu_si128 (in + i)), Hi[-i]); - ghash_reduce (gd); - ghash_reduce2 (gd); - return ghash_final (gd); -} - -static_always_inline __m128i -aesni_gcm_ghash (__m128i T, aes_gcm_key_data_t * kd, const __m128i * in, - u32 n_left) -{ - - while (n_left >= 128) - { - T = aesni_gcm_ghash_blocks (T, kd, in, 8); - n_left -= 128; - in += 8; - } - - if (n_left >= 64) - { - T = aesni_gcm_ghash_blocks (T, kd, in, 4); - n_left -= 64; - in += 4; - } - - if (n_left >= 32) - { - T = aesni_gcm_ghash_blocks (T, kd, in, 2); - n_left -= 32; - in += 2; - } - - if (n_left >= 16) - { - T = aesni_gcm_ghash_blocks (T, kd, in, 1); - n_left -= 16; - in += 1; - } - - if (n_left) - { - __m128i r = aesni_gcm_load_partial ((__m128i *) in, n_left); - T = ghash_mul (aesni_gcm_bswap (r) ^ T, kd->Hi[0]); - } - return T; -} - -static_always_inline __m128i -aesni_gcm_calc (__m128i T, aes_gcm_key_data_t * kd, __m128i * d, - __m128i * Y, u32 * ctr, __m128i * inv, __m128i * outv, - int rounds, int n, int last_block_bytes, int with_ghash, - int is_encrypt) -{ - __m128i r[n]; - ghash_data_t _gd = { }, *gd = &_gd; - const __m128i *k = kd->Ke; - int hidx = is_encrypt ? 4 : n, didx = 0; - - _mm_prefetch (inv + 4, _MM_HINT_T0); - - /* AES rounds 0 and 1 */ - aesni_gcm_enc_first_round (r, Y, ctr, k[0], n); - aesni_gcm_enc_round (r, k[1], n); - - /* load data - decrypt round */ - if (is_encrypt == 0) - aesni_gcm_load (d, inv, n, last_block_bytes); - - /* GHASH multiply block 1 */ - if (with_ghash) - ghash_mul_first (gd, aesni_gcm_bswap (d[didx++]) ^ T, kd->Hi[--hidx]); - - /* AES rounds 2 and 3 */ - aesni_gcm_enc_round (r, k[2], n); - aesni_gcm_enc_round (r, k[3], n); - - /* GHASH multiply block 2 */ - if (with_ghash && hidx) - ghash_mul_next (gd, aesni_gcm_bswap (d[didx++]), kd->Hi[--hidx]); - - /* AES rounds 4 and 5 */ - aesni_gcm_enc_round (r, k[4], n); - aesni_gcm_enc_round (r, k[5], n); - - /* GHASH multiply block 3 */ - if (with_ghash && hidx) - ghash_mul_next (gd, aesni_gcm_bswap (d[didx++]), kd->Hi[--hidx]); - - /* AES rounds 6 and 7 */ - aesni_gcm_enc_round (r, k[6], n); - aesni_gcm_enc_round (r, k[7], n); - - /* GHASH multiply block 4 */ - if (with_ghash && hidx) - ghash_mul_next (gd, aesni_gcm_bswap (d[didx++]), kd->Hi[--hidx]); - - /* AES rounds 8 and 9 */ - aesni_gcm_enc_round (r, k[8], n); - aesni_gcm_enc_round (r, k[9], n); - - /* GHASH reduce 1st step */ - if (with_ghash) - ghash_reduce (gd); - - /* load data - encrypt round */ - if (is_encrypt) - aesni_gcm_load (d, inv, n, last_block_bytes); - - /* GHASH reduce 2nd step */ - if (with_ghash) - ghash_reduce2 (gd); - - /* AES last round(s) */ - aesni_gcm_enc_last_round (r, d, k, rounds, n); - - /* store data */ - aesni_gcm_store (d, outv, n, last_block_bytes); - - /* GHASH final step */ - if (with_ghash) - T = ghash_final (gd); - - return T; -} - -static_always_inline __m128i -aesni_gcm_calc_double (__m128i T, aes_gcm_key_data_t * kd, __m128i * d, - __m128i * Y, u32 * ctr, __m128i * inv, __m128i * outv, - int rounds, int is_encrypt) -{ - __m128i r[4]; - ghash_data_t _gd, *gd = &_gd; - const __m128i *k = kd->Ke; - - /* AES rounds 0 and 1 */ - aesni_gcm_enc_first_round (r, Y, ctr, k[0], 4); - aesni_gcm_enc_round (r, k[1], 4); - - /* load 4 blocks of data - decrypt round */ - if (is_encrypt == 0) - aesni_gcm_load (d, inv, 4, 0); - - /* GHASH multiply block 0 */ - ghash_mul_first (gd, aesni_gcm_bswap (d[0]) ^ T, kd->Hi[7]); - - /* AES rounds 2 and 3 */ - aesni_gcm_enc_round (r, k[2], 4); - aesni_gcm_enc_round (r, k[3], 4); - - /* GHASH multiply block 1 */ - ghash_mul_next (gd, aesni_gcm_bswap (d[1]), kd->Hi[6]); - - /* AES rounds 4 and 5 */ - aesni_gcm_enc_round (r, k[4], 4); - aesni_gcm_enc_round (r, k[5], 4); - - /* GHASH multiply block 2 */ - ghash_mul_next (gd, aesni_gcm_bswap (d[2]), kd->Hi[5]); - - /* AES rounds 6 and 7 */ - aesni_gcm_enc_round (r, k[6], 4); - aesni_gcm_enc_round (r, k[7], 4); - - /* GHASH multiply block 3 */ - ghash_mul_next (gd, aesni_gcm_bswap (d[3]), kd->Hi[4]); - - /* AES rounds 8 and 9 */ - aesni_gcm_enc_round (r, k[8], 4); - aesni_gcm_enc_round (r, k[9], 4); - - /* load 4 blocks of data - encrypt round */ - if (is_encrypt) - aesni_gcm_load (d, inv, 4, 0); - - /* AES last round(s) */ - aesni_gcm_enc_last_round (r, d, k, rounds, 4); - - /* store 4 blocks of data */ - aesni_gcm_store (d, outv, 4, 0); - - /* load next 4 blocks of data data - decrypt round */ - if (is_encrypt == 0) - aesni_gcm_load (d, inv + 4, 4, 0); - - /* GHASH multiply block 4 */ - ghash_mul_next (gd, aesni_gcm_bswap (d[0]), kd->Hi[3]); - - /* AES rounds 0, 1 and 2 */ - aesni_gcm_enc_first_round (r, Y, ctr, k[0], 4); - aesni_gcm_enc_round (r, k[1], 4); - aesni_gcm_enc_round (r, k[2], 4); - - /* GHASH multiply block 5 */ - ghash_mul_next (gd, aesni_gcm_bswap (d[1]), kd->Hi[2]); - - /* AES rounds 3 and 4 */ - aesni_gcm_enc_round (r, k[3], 4); - aesni_gcm_enc_round (r, k[4], 4); - - /* GHASH multiply block 6 */ - ghash_mul_next (gd, aesni_gcm_bswap (d[2]), kd->Hi[1]); - - /* AES rounds 5 and 6 */ - aesni_gcm_enc_round (r, k[5], 4); - aesni_gcm_enc_round (r, k[6], 4); - - /* GHASH multiply block 7 */ - ghash_mul_next (gd, aesni_gcm_bswap (d[3]), kd->Hi[0]); - - /* AES rounds 7 and 8 */ - aesni_gcm_enc_round (r, k[7], 4); - aesni_gcm_enc_round (r, k[8], 4); - - /* GHASH reduce 1st step */ - ghash_reduce (gd); - - /* AES round 9 */ - aesni_gcm_enc_round (r, k[9], 4); - - /* load data - encrypt round */ - if (is_encrypt) - aesni_gcm_load (d, inv + 4, 4, 0); - - /* GHASH reduce 2nd step */ - ghash_reduce2 (gd); - - /* AES last round(s) */ - aesni_gcm_enc_last_round (r, d, k, rounds, 4); - - /* store data */ - aesni_gcm_store (d, outv + 4, 4, 0); - - /* GHASH final step */ - return ghash_final (gd); -} - -static_always_inline __m128i -aesni_gcm_ghash_last (__m128i T, aes_gcm_key_data_t * kd, __m128i * d, - int n_blocks, int n_bytes) -{ - ghash_data_t _gd, *gd = &_gd; - - if (n_bytes) - d[n_blocks - 1] = aesni_gcm_byte_mask (d[n_blocks - 1], n_bytes); - - ghash_mul_first (gd, aesni_gcm_bswap (d[0]) ^ T, kd->Hi[n_blocks - 1]); - if (n_blocks > 1) - ghash_mul_next (gd, aesni_gcm_bswap (d[1]), kd->Hi[n_blocks - 2]); - if (n_blocks > 2) - ghash_mul_next (gd, aesni_gcm_bswap (d[2]), kd->Hi[n_blocks - 3]); - if (n_blocks > 3) - ghash_mul_next (gd, aesni_gcm_bswap (d[3]), kd->Hi[n_blocks - 4]); - ghash_reduce (gd); - ghash_reduce2 (gd); - return ghash_final (gd); -} - - -static_always_inline __m128i -aesni_gcm_enc (__m128i T, aes_gcm_key_data_t * kd, __m128i Y, const u8 * in, - const u8 * out, u32 n_left, int rounds) -{ - __m128i *inv = (__m128i *) in, *outv = (__m128i *) out; - __m128i d[4]; - u32 ctr = 1; - - if (n_left == 0) - return T; - - if (n_left < 64) - { - if (n_left > 48) - { - n_left &= 0x0f; - aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 4, n_left, - /* with_ghash */ 0, /* is_encrypt */ 1); - return aesni_gcm_ghash_last (T, kd, d, 4, n_left); - } - else if (n_left > 32) - { - n_left &= 0x0f; - aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 3, n_left, - /* with_ghash */ 0, /* is_encrypt */ 1); - return aesni_gcm_ghash_last (T, kd, d, 3, n_left); - } - else if (n_left > 16) - { - n_left &= 0x0f; - aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 2, n_left, - /* with_ghash */ 0, /* is_encrypt */ 1); - return aesni_gcm_ghash_last (T, kd, d, 2, n_left); - } - else - { - n_left &= 0x0f; - aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 1, n_left, - /* with_ghash */ 0, /* is_encrypt */ 1); - return aesni_gcm_ghash_last (T, kd, d, 1, n_left); - } - } - - aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 4, 0, - /* with_ghash */ 0, /* is_encrypt */ 1); - - /* next */ - n_left -= 64; - outv += 4; - inv += 4; - - while (n_left >= 128) - { - T = aesni_gcm_calc_double (T, kd, d, &Y, &ctr, inv, outv, rounds, - /* is_encrypt */ 1); - - /* next */ - n_left -= 128; - outv += 8; - inv += 8; - } - - if (n_left >= 64) - { - T = aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 4, 0, - /* with_ghash */ 1, /* is_encrypt */ 1); - - /* next */ - n_left -= 64; - outv += 4; - inv += 4; - } - - if (n_left == 0) - return aesni_gcm_ghash_last (T, kd, d, 4, 0); - - if (n_left > 48) - { - n_left &= 0x0f; - T = aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 4, n_left, - /* with_ghash */ 1, /* is_encrypt */ 1); - return aesni_gcm_ghash_last (T, kd, d, 4, n_left); - } - - if (n_left > 32) - { - n_left &= 0x0f; - T = aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 3, n_left, - /* with_ghash */ 1, /* is_encrypt */ 1); - return aesni_gcm_ghash_last (T, kd, d, 3, n_left); - } - - if (n_left > 16) - { - n_left &= 0x0f; - T = aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 2, n_left, - /* with_ghash */ 1, /* is_encrypt */ 1); - return aesni_gcm_ghash_last (T, kd, d, 2, n_left); - } - - n_left &= 0x0f; - T = aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 1, n_left, - /* with_ghash */ 1, /* is_encrypt */ 1); - return aesni_gcm_ghash_last (T, kd, d, 1, n_left); -} - -static_always_inline __m128i -aesni_gcm_dec (__m128i T, aes_gcm_key_data_t * kd, __m128i Y, const u8 * in, - const u8 * out, u32 n_left, int rounds) -{ - __m128i *inv = (__m128i *) in, *outv = (__m128i *) out; - __m128i d[8]; - u32 ctr = 1; - - while (n_left >= 128) - { - T = aesni_gcm_calc_double (T, kd, d, &Y, &ctr, inv, outv, rounds, - /* is_encrypt */ 0); - - /* next */ - n_left -= 128; - outv += 8; - inv += 8; - } - - if (n_left >= 64) - { - T = aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 4, 0, 1, 0); - - /* next */ - n_left -= 64; - outv += 4; - inv += 4; - } - - if (n_left == 0) - return T; - - if (n_left > 48) - return aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 4, - n_left - 48, - /* with_ghash */ 1, /* is_encrypt */ 0); - - if (n_left > 32) - return aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 3, - n_left - 32, - /* with_ghash */ 1, /* is_encrypt */ 0); - - if (n_left > 16) - return aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 2, - n_left - 16, - /* with_ghash */ 1, /* is_encrypt */ 0); - - return aesni_gcm_calc (T, kd, d, &Y, &ctr, inv, outv, rounds, 1, n_left, - /* with_ghash */ 1, /* is_encrypt */ 0); -} - -static_always_inline int -aes_gcm (const u8 * in, u8 * out, const u8 * addt, const u8 * iv, u8 * tag, - u32 data_bytes, u32 aad_bytes, u8 tag_len, aes_gcm_key_data_t * kd, - int aes_rounds, int is_encrypt) -{ - int i; - __m128i r, Y0, T = { }; - ghash_data_t _gd, *gd = &_gd; - - _mm_prefetch (iv, _MM_HINT_T0); - _mm_prefetch (in, _MM_HINT_T0); - _mm_prefetch (in + CLIB_CACHE_LINE_BYTES, _MM_HINT_T0); - - /* calculate ghash for AAD - optimized for ipsec common cases */ - if (aad_bytes == 8) - T = aesni_gcm_ghash (T, kd, (__m128i *) addt, 8); - else if (aad_bytes == 12) - T = aesni_gcm_ghash (T, kd, (__m128i *) addt, 12); - else - T = aesni_gcm_ghash (T, kd, (__m128i *) addt, aad_bytes); - - /* initalize counter */ - Y0 = CLIB_MEM_OVERFLOW_LOAD (_mm_loadu_si128, (__m128i *) iv); - Y0 = _mm_insert_epi32 (Y0, clib_host_to_net_u32 (1), 3); - - /* ghash and encrypt/edcrypt */ - if (is_encrypt) - T = aesni_gcm_enc (T, kd, Y0, in, out, data_bytes, aes_rounds); - else - T = aesni_gcm_dec (T, kd, Y0, in, out, data_bytes, aes_rounds); - - _mm_prefetch (tag, _MM_HINT_T0); - - /* Finalize ghash */ - r[0] = data_bytes; - r[1] = aad_bytes; - - /* bytes to bits */ - r <<= 3; - - /* interleaved computation of final ghash and E(Y0, k) */ - ghash_mul_first (gd, r ^ T, kd->Hi[0]); - r = kd->Ke[0] ^ Y0; - for (i = 1; i < 5; i += 1) - r = _mm_aesenc_si128 (r, kd->Ke[i]); - ghash_reduce (gd); - ghash_reduce2 (gd); - for (; i < 9; i += 1) - r = _mm_aesenc_si128 (r, kd->Ke[i]); - T = ghash_final (gd); - for (; i < aes_rounds; i += 1) - r = _mm_aesenc_si128 (r, kd->Ke[i]); - r = _mm_aesenclast_si128 (r, kd->Ke[aes_rounds]); - T = aesni_gcm_bswap (T) ^ r; - - /* tag_len 16 -> 0 */ - tag_len &= 0xf; - - if (is_encrypt) - { - /* store tag */ - if (tag_len) - aesni_gcm_store_partial ((__m128i *) tag, T, (1 << tag_len) - 1); - else - _mm_storeu_si128 ((__m128i *) tag, T); - } - else - { - /* check tag */ - u16 tag_mask = tag_len ? (1 << tag_len) - 1 : 0xffff; - r = _mm_loadu_si128 ((__m128i *) tag); - if (_mm_movemask_epi8 (r == T) != tag_mask) - return 0; - } - return 1; -} - -static_always_inline u32 -aesni_ops_enc_aes_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], - u32 n_ops, aesni_key_size_t ks) -{ - crypto_ia32_main_t *cm = &crypto_ia32_main; - vnet_crypto_op_t *op = ops[0]; - aes_gcm_key_data_t *kd; - u32 n_left = n_ops; - - -next: - kd = (aes_gcm_key_data_t *) cm->key_data[op->key_index]; - aes_gcm (op->src, op->dst, op->aad, op->iv, op->tag, op->len, op->aad_len, - op->tag_len, kd, AESNI_KEY_ROUNDS (ks), /* is_encrypt */ 1); - op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; - - if (--n_left) - { - op += 1; - goto next; - } - - return n_ops; -} - -static_always_inline u32 -aesni_ops_dec_aes_gcm (vlib_main_t * vm, vnet_crypto_op_t * ops[], - u32 n_ops, aesni_key_size_t ks) -{ - crypto_ia32_main_t *cm = &crypto_ia32_main; - vnet_crypto_op_t *op = ops[0]; - aes_gcm_key_data_t *kd; - u32 n_left = n_ops; - int rv; - -next: - kd = (aes_gcm_key_data_t *) cm->key_data[op->key_index]; - rv = aes_gcm (op->src, op->dst, op->aad, op->iv, op->tag, op->len, - op->aad_len, op->tag_len, kd, AESNI_KEY_ROUNDS (ks), - /* is_encrypt */ 0); - - if (rv) - { - op->status = VNET_CRYPTO_OP_STATUS_COMPLETED; - } - else - { - op->status = VNET_CRYPTO_OP_STATUS_FAIL_BAD_HMAC; - n_ops--; - } - - if (--n_left) - { - op += 1; - goto next; - } - - return n_ops; -} - -static_always_inline void * -aesni_gcm_key_exp (vnet_crypto_key_t * key, aesni_key_size_t ks) -{ - aes_gcm_key_data_t *kd; - __m128i H; - int i; - - kd = clib_mem_alloc_aligned (sizeof (*kd), CLIB_CACHE_LINE_BYTES); - - /* expand AES key */ - aes_key_expand ((__m128i *) kd->Ke, key->data, ks); - - /* pre-calculate H */ - H = kd->Ke[0]; - for (i = 1; i < AESNI_KEY_ROUNDS (ks); i += 1) - H = _mm_aesenc_si128 (H, kd->Ke[i]); - H = _mm_aesenclast_si128 (H, kd->Ke[i]); - H = aesni_gcm_bswap (H); - ghash_precompute (H, (__m128i *) kd->Hi, 8); - return kd; -} - -#define foreach_aesni_gcm_handler_type _(128) _(192) _(256) - -#define _(x) \ -static u32 aesni_ops_dec_aes_gcm_##x \ -(vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops) \ -{ return aesni_ops_dec_aes_gcm (vm, ops, n_ops, AESNI_KEY_##x); } \ -static u32 aesni_ops_enc_aes_gcm_##x \ -(vlib_main_t * vm, vnet_crypto_op_t * ops[], u32 n_ops) \ -{ return aesni_ops_enc_aes_gcm (vm, ops, n_ops, AESNI_KEY_##x); } \ -static void * aesni_gcm_key_exp_##x (vnet_crypto_key_t *key) \ -{ return aesni_gcm_key_exp (key, AESNI_KEY_##x); } - -foreach_aesni_gcm_handler_type; -#undef _ - -clib_error_t * -#ifdef __VAES__ -crypto_ia32_aesni_gcm_init_vaes (vlib_main_t * vm) -#elif __AVX512F__ -crypto_ia32_aesni_gcm_init_avx512 (vlib_main_t * vm) -#elif __AVX2__ -crypto_ia32_aesni_gcm_init_avx2 (vlib_main_t * vm) -#else -crypto_ia32_aesni_gcm_init_sse42 (vlib_main_t * vm) -#endif -{ - crypto_ia32_main_t *cm = &crypto_ia32_main; - -#define _(x) \ - vnet_crypto_register_ops_handler (vm, cm->crypto_engine_index, \ - VNET_CRYPTO_OP_AES_##x##_GCM_ENC, \ - aesni_ops_enc_aes_gcm_##x); \ - vnet_crypto_register_ops_handler (vm, cm->crypto_engine_index, \ - VNET_CRYPTO_OP_AES_##x##_GCM_DEC, \ - aesni_ops_dec_aes_gcm_##x); \ - cm->key_fn[VNET_CRYPTO_ALG_AES_##x##_GCM] = aesni_gcm_key_exp_##x; - foreach_aesni_gcm_handler_type; -#undef _ - return 0; -} - -/* - * fd.io coding-style-patch-verification: ON - * - * Local Variables: - * eval: (c-set-style "gnu") - * End: - */ |