arch/x86/crypto/morus640_glue.c

   1 /*
   2  * The MORUS-640 Authenticated-Encryption Algorithm
   3  *   Common x86 SIMD glue skeleton
   4  *
   5  * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
   6  * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
   7  *
   8  * This program is free software; you can redistribute it and/or modify it
   9  * under the terms of the GNU General Public License as published by the Free
  10  * Software Foundation; either version 2 of the License, or (at your option)
  11  * any later version.
  12  */
  13
  14 #include <crypto/cryptd.h>
  15 #include <crypto/internal/aead.h>
  16 #include <crypto/internal/skcipher.h>
  17 #include <crypto/morus640_glue.h>
  18 #include <crypto/scatterwalk.h>
  19 #include <linux/err.h>
  20 #include <linux/init.h>
  21 #include <linux/kernel.h>
  22 #include <linux/module.h>
  23 #include <linux/scatterlist.h>
  24 #include <asm/fpu/api.h>
  25
  26 struct morus640_state {
  27         struct morus640_block s[MORUS_STATE_BLOCKS];
  28 };
  29
  30 struct morus640_ops {
  31         int (*skcipher_walk_init)(struct skcipher_walk *walk,
  32                                   struct aead_request *req, bool atomic);
  33
  34         void (*crypt_blocks)(void *state, const void *src, void *dst,
  35                              unsigned int length);
  36         void (*crypt_tail)(void *state, const void *src, void *dst,
  37                            unsigned int length);
  38 };
  39
  40 static void crypto_morus640_glue_process_ad(
  41                 struct morus640_state *state,
  42                 const struct morus640_glue_ops *ops,
  43                 struct scatterlist *sg_src, unsigned int assoclen)
  44 {
  45         struct scatter_walk walk;
  46         struct morus640_block buf;
  47         unsigned int pos = 0;
  48
  49         scatterwalk_start(&walk, sg_src);
  50         while (assoclen != 0) {
  51                 unsigned int size = scatterwalk_clamp(&walk, assoclen);
  52                 unsigned int left = size;
  53                 void *mapped = scatterwalk_map(&walk);
  54                 const u8 *src = (const u8 *)mapped;
  55
  56                 if (pos + size >= MORUS640_BLOCK_SIZE) {
  57                         if (pos > 0) {
  58                                 unsigned int fill = MORUS640_BLOCK_SIZE - pos;
  59                                 memcpy(buf.bytes + pos, src, fill);
  60                                 ops->ad(state, buf.bytes, MORUS640_BLOCK_SIZE);
  61                                 pos = 0;
  62                                 left -= fill;
  63                                 src += fill;
  64                         }
  65
  66                         ops->ad(state, src, left);
  67                         src += left & ~(MORUS640_BLOCK_SIZE - 1);
  68                         left &= MORUS640_BLOCK_SIZE - 1;
  69                 }
  70
  71                 memcpy(buf.bytes + pos, src, left);
  72
  73                 pos += left;
  74                 assoclen -= size;
  75                 scatterwalk_unmap(mapped);
  76                 scatterwalk_advance(&walk, size);
  77                 scatterwalk_done(&walk, 0, assoclen);
  78         }
  79
  80         if (pos > 0) {
  81                 memset(buf.bytes + pos, 0, MORUS640_BLOCK_SIZE - pos);
  82                 ops->ad(state, buf.bytes, MORUS640_BLOCK_SIZE);
  83         }
  84 }
  85
  86 static void crypto_morus640_glue_process_crypt(struct morus640_state *state,
  87                                                struct morus640_ops ops,
  88                                                struct skcipher_walk *walk)
  89 {
  90         while (walk->nbytes >= MORUS640_BLOCK_SIZE) {
  91                 ops.crypt_blocks(state, walk->src.virt.addr,
  92                                  walk->dst.virt.addr,
  93                                  round_down(walk->nbytes, MORUS640_BLOCK_SIZE));
  94                 skcipher_walk_done(walk, walk->nbytes % MORUS640_BLOCK_SIZE);
  95         }
  96
  97         if (walk->nbytes) {
  98                 ops.crypt_tail(state, walk->src.virt.addr, walk->dst.virt.addr,
  99                                walk->nbytes);
 100                 skcipher_walk_done(walk, 0);
 101         }
 102 }
 103
 104 int crypto_morus640_glue_setkey(struct crypto_aead *aead, const u8 *key,
 105                                 unsigned int keylen)
 106 {
 107         struct morus640_ctx *ctx = crypto_aead_ctx(aead);
 108
 109         if (keylen != MORUS640_BLOCK_SIZE) {
 110                 crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
 111                 return -EINVAL;
 112         }
 113
 114         memcpy(ctx->key.bytes, key, MORUS640_BLOCK_SIZE);
 115         return 0;
 116 }
 117 EXPORT_SYMBOL_GPL(crypto_morus640_glue_setkey);
 118
 119 int crypto_morus640_glue_setauthsize(struct crypto_aead *tfm,
 120                                      unsigned int authsize)
 121 {
 122         return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL;
 123 }
 124 EXPORT_SYMBOL_GPL(crypto_morus640_glue_setauthsize);
 125
 126 static void crypto_morus640_glue_crypt(struct aead_request *req,
 127                                        struct morus640_ops ops,
 128                                        unsigned int cryptlen,
 129                                        struct morus640_block *tag_xor)
 130 {
 131         struct crypto_aead *tfm = crypto_aead_reqtfm(req);
 132         struct morus640_ctx *ctx = crypto_aead_ctx(tfm);
 133         struct morus640_state state;
 134         struct skcipher_walk walk;
 135
 136         ops.skcipher_walk_init(&walk, req, true);
 137
 138         kernel_fpu_begin();
 139
 140         ctx->ops->init(&state, &ctx->key, req->iv);
 141         crypto_morus640_glue_process_ad(&state, ctx->ops, req->src, req->assoclen);
 142         crypto_morus640_glue_process_crypt(&state, ops, &walk);
 143         ctx->ops->final(&state, tag_xor, req->assoclen, cryptlen);
 144
 145         kernel_fpu_end();
 146 }
 147
 148 int crypto_morus640_glue_encrypt(struct aead_request *req)
 149 {
 150         struct crypto_aead *tfm = crypto_aead_reqtfm(req);
 151         struct morus640_ctx *ctx = crypto_aead_ctx(tfm);
 152         struct morus640_ops OPS = {
 153                 .skcipher_walk_init = skcipher_walk_aead_encrypt,
 154                 .crypt_blocks = ctx->ops->enc,
 155                 .crypt_tail = ctx->ops->enc_tail,
 156         };
 157
 158         struct morus640_block tag = {};
 159         unsigned int authsize = crypto_aead_authsize(tfm);
 160         unsigned int cryptlen = req->cryptlen;
 161
 162         crypto_morus640_glue_crypt(req, OPS, cryptlen, &tag);
 163
 164         scatterwalk_map_and_copy(tag.bytes, req->dst,
 165                                  req->assoclen + cryptlen, authsize, 1);
 166         return 0;
 167 }
 168 EXPORT_SYMBOL_GPL(crypto_morus640_glue_encrypt);
 169
 170 int crypto_morus640_glue_decrypt(struct aead_request *req)
 171 {
 172         static const u8 zeros[MORUS640_BLOCK_SIZE] = {};
 173
 174         struct crypto_aead *tfm = crypto_aead_reqtfm(req);
 175         struct morus640_ctx *ctx = crypto_aead_ctx(tfm);
 176         struct morus640_ops OPS = {
 177                 .skcipher_walk_init = skcipher_walk_aead_decrypt,
 178                 .crypt_blocks = ctx->ops->dec,
 179                 .crypt_tail = ctx->ops->dec_tail,
 180         };
 181
 182         struct morus640_block tag;
 183         unsigned int authsize = crypto_aead_authsize(tfm);
 184         unsigned int cryptlen = req->cryptlen - authsize;
 185
 186         scatterwalk_map_and_copy(tag.bytes, req->src,
 187                                  req->assoclen + cryptlen, authsize, 0);
 188
 189         crypto_morus640_glue_crypt(req, OPS, cryptlen, &tag);
 190
 191         return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
 192 }
 193 EXPORT_SYMBOL_GPL(crypto_morus640_glue_decrypt);
 194
 195 void crypto_morus640_glue_init_ops(struct crypto_aead *aead,
 196                                    const struct morus640_glue_ops *ops)
 197 {
 198         struct morus640_ctx *ctx = crypto_aead_ctx(aead);
 199         ctx->ops = ops;
 200 }
 201 EXPORT_SYMBOL_GPL(crypto_morus640_glue_init_ops);
 202
 203 int cryptd_morus640_glue_setkey(struct crypto_aead *aead, const u8 *key,
 204                                 unsigned int keylen)
 205 {
 206         struct cryptd_aead **ctx = crypto_aead_ctx(aead);
 207         struct cryptd_aead *cryptd_tfm = *ctx;
 208
 209         return crypto_aead_setkey(&cryptd_tfm->base, key, keylen);
 210 }
 211 EXPORT_SYMBOL_GPL(cryptd_morus640_glue_setkey);
 212
 213 int cryptd_morus640_glue_setauthsize(struct crypto_aead *aead,
 214                                      unsigned int authsize)
 215 {
 216         struct cryptd_aead **ctx = crypto_aead_ctx(aead);
 217         struct cryptd_aead *cryptd_tfm = *ctx;
 218
 219         return crypto_aead_setauthsize(&cryptd_tfm->base, authsize);
 220 }
 221 EXPORT_SYMBOL_GPL(cryptd_morus640_glue_setauthsize);
 222
 223 int cryptd_morus640_glue_encrypt(struct aead_request *req)
 224 {
 225         struct crypto_aead *aead = crypto_aead_reqtfm(req);
 226         struct cryptd_aead **ctx = crypto_aead_ctx(aead);
 227         struct cryptd_aead *cryptd_tfm = *ctx;
 228
 229         aead = &cryptd_tfm->base;
 230         if (irq_fpu_usable() && (!in_atomic() ||
 231                                  !cryptd_aead_queued(cryptd_tfm)))
 232                 aead = cryptd_aead_child(cryptd_tfm);
 233
 234         aead_request_set_tfm(req, aead);
 235
 236         return crypto_aead_encrypt(req);
 237 }
 238 EXPORT_SYMBOL_GPL(cryptd_morus640_glue_encrypt);
 239
 240 int cryptd_morus640_glue_decrypt(struct aead_request *req)
 241 {
 242         struct crypto_aead *aead = crypto_aead_reqtfm(req);
 243         struct cryptd_aead **ctx = crypto_aead_ctx(aead);
 244         struct cryptd_aead *cryptd_tfm = *ctx;
 245
 246         aead = &cryptd_tfm->base;
 247         if (irq_fpu_usable() && (!in_atomic() ||
 248                                  !cryptd_aead_queued(cryptd_tfm)))
 249                 aead = cryptd_aead_child(cryptd_tfm);
 250
 251         aead_request_set_tfm(req, aead);
 252
 253         return crypto_aead_decrypt(req);
 254 }
 255 EXPORT_SYMBOL_GPL(cryptd_morus640_glue_decrypt);
 256
 257 int cryptd_morus640_glue_init_tfm(struct crypto_aead *aead)
 258 {
 259         struct cryptd_aead *cryptd_tfm;
 260         struct cryptd_aead **ctx = crypto_aead_ctx(aead);
 261         const char *name = crypto_aead_alg(aead)->base.cra_driver_name;
 262         char internal_name[CRYPTO_MAX_ALG_NAME];
 263
 264         if (snprintf(internal_name, CRYPTO_MAX_ALG_NAME, "__%s", name)
 265                         >= CRYPTO_MAX_ALG_NAME)
 266                 return -ENAMETOOLONG;
 267
 268         cryptd_tfm = cryptd_alloc_aead(internal_name, CRYPTO_ALG_INTERNAL,
 269                                        CRYPTO_ALG_INTERNAL);
 270         if (IS_ERR(cryptd_tfm))
 271                 return PTR_ERR(cryptd_tfm);
 272
 273         *ctx = cryptd_tfm;
 274         crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base));
 275         return 0;
 276 }
 277 EXPORT_SYMBOL_GPL(cryptd_morus640_glue_init_tfm);
 278
 279 void cryptd_morus640_glue_exit_tfm(struct crypto_aead *aead)
 280 {
 281         struct cryptd_aead **ctx = crypto_aead_ctx(aead);
 282
 283         cryptd_free_aead(*ctx);
 284 }
 285 EXPORT_SYMBOL_GPL(cryptd_morus640_glue_exit_tfm);
 286
 287 MODULE_LICENSE("GPL");
 288 MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
 289 MODULE_DESCRIPTION("MORUS-640 AEAD mode -- glue for x86 optimizations");