4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
25 #include <sys/zfs_context.h>
26 #include <sys/crypto/icp.h>
27 #include <sys/crypto/spi.h>
29 #include <modes/modes.h>
30 #include <aes/aes_impl.h>
33 * Initialize AES encryption and decryption key schedules.
37 * keyBits AES key size (128, 192, or 256 bits)
38 * keysched AES key schedule to be initialized, of type aes_key_t.
39 * Allocated by aes_alloc_keysched().
42 aes_init_keysched(const uint8_t *cipherKey, uint_t keyBits, void *keysched)
44 const aes_impl_ops_t *ops = aes_impl_get_ops();
45 aes_key_t *newbie = keysched;
66 /* should never get here */
69 keysize = CRYPTO_BITS2BYTES(keyBits);
72 * Generic C implementation requires byteswap for little endian
73 * machines, various accelerated implementations for various
74 * architectures may not.
76 if (!ops->needs_byteswap) {
77 /* no byteswap needed */
78 if (IS_P2ALIGNED(cipherKey, sizeof (uint64_t))) {
79 for (i = 0, j = 0; j < keysize; i++, j += 8) {
80 /* LINTED: pointer alignment */
81 keyarr.ka64[i] = *((uint64_t *)&cipherKey[j]);
84 bcopy(cipherKey, keyarr.ka32, keysize);
88 for (i = 0, j = 0; j < keysize; i++, j += 4) {
90 htonl(*(uint32_t *)(void *)&cipherKey[j]);
94 ops->generate(newbie, keyarr.ka32, keyBits);
98 * Note: if there are systems that need the AES_64BIT_KS type in the
99 * future, move setting key schedule type to individual implementations
101 newbie->type = AES_32BIT_KS;
106 * Encrypt one block using AES.
107 * Align if needed and (for x86 32-bit only) byte-swap.
110 * ks Key schedule, of type aes_key_t
111 * pt Input block (plain text)
112 * ct Output block (crypto text). Can overlap with pt
115 aes_encrypt_block(const void *ks, const uint8_t *pt, uint8_t *ct)
117 aes_key_t *ksch = (aes_key_t *)ks;
118 const aes_impl_ops_t *ops = ksch->ops;
120 if (IS_P2ALIGNED2(pt, ct, sizeof (uint32_t)) && !ops->needs_byteswap) {
121 /* LINTED: pointer alignment */
122 ops->encrypt(&ksch->encr_ks.ks32[0], ksch->nr,
123 /* LINTED: pointer alignment */
124 (uint32_t *)pt, (uint32_t *)ct);
126 uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)];
128 /* Copy input block into buffer */
129 if (ops->needs_byteswap) {
130 buffer[0] = htonl(*(uint32_t *)(void *)&pt[0]);
131 buffer[1] = htonl(*(uint32_t *)(void *)&pt[4]);
132 buffer[2] = htonl(*(uint32_t *)(void *)&pt[8]);
133 buffer[3] = htonl(*(uint32_t *)(void *)&pt[12]);
135 bcopy(pt, &buffer, AES_BLOCK_LEN);
137 ops->encrypt(&ksch->encr_ks.ks32[0], ksch->nr, buffer, buffer);
139 /* Copy result from buffer to output block */
140 if (ops->needs_byteswap) {
141 *(uint32_t *)(void *)&ct[0] = htonl(buffer[0]);
142 *(uint32_t *)(void *)&ct[4] = htonl(buffer[1]);
143 *(uint32_t *)(void *)&ct[8] = htonl(buffer[2]);
144 *(uint32_t *)(void *)&ct[12] = htonl(buffer[3]);
146 bcopy(&buffer, ct, AES_BLOCK_LEN);
148 return (CRYPTO_SUCCESS);
153 * Decrypt one block using AES.
154 * Align and byte-swap if needed.
157 * ks Key schedule, of type aes_key_t
158 * ct Input block (crypto text)
159 * pt Output block (plain text). Can overlap with pt
162 aes_decrypt_block(const void *ks, const uint8_t *ct, uint8_t *pt)
164 aes_key_t *ksch = (aes_key_t *)ks;
165 const aes_impl_ops_t *ops = ksch->ops;
167 if (IS_P2ALIGNED2(ct, pt, sizeof (uint32_t)) && !ops->needs_byteswap) {
168 /* LINTED: pointer alignment */
169 ops->decrypt(&ksch->decr_ks.ks32[0], ksch->nr,
170 /* LINTED: pointer alignment */
171 (uint32_t *)ct, (uint32_t *)pt);
173 uint32_t buffer[AES_BLOCK_LEN / sizeof (uint32_t)];
175 /* Copy input block into buffer */
176 if (ops->needs_byteswap) {
177 buffer[0] = htonl(*(uint32_t *)(void *)&ct[0]);
178 buffer[1] = htonl(*(uint32_t *)(void *)&ct[4]);
179 buffer[2] = htonl(*(uint32_t *)(void *)&ct[8]);
180 buffer[3] = htonl(*(uint32_t *)(void *)&ct[12]);
182 bcopy(ct, &buffer, AES_BLOCK_LEN);
184 ops->decrypt(&ksch->decr_ks.ks32[0], ksch->nr, buffer, buffer);
186 /* Copy result from buffer to output block */
187 if (ops->needs_byteswap) {
188 *(uint32_t *)(void *)&pt[0] = htonl(buffer[0]);
189 *(uint32_t *)(void *)&pt[4] = htonl(buffer[1]);
190 *(uint32_t *)(void *)&pt[8] = htonl(buffer[2]);
191 *(uint32_t *)(void *)&pt[12] = htonl(buffer[3]);
193 bcopy(&buffer, pt, AES_BLOCK_LEN);
195 return (CRYPTO_SUCCESS);
200 * Allocate key schedule for AES.
202 * Return the pointer and set size to the number of bytes allocated.
203 * Memory allocated must be freed by the caller when done.
206 * size Size of key schedule allocated, in bytes
207 * kmflag Flag passed to kmem_alloc(9F); ignored in userland.
211 aes_alloc_keysched(size_t *size, int kmflag)
215 keysched = (aes_key_t *)kmem_alloc(sizeof (aes_key_t), kmflag);
216 if (keysched != NULL) {
217 *size = sizeof (aes_key_t);
223 /* AES implementation that contains the fastest methods */
224 static aes_impl_ops_t aes_fastest_impl = {
228 /* All compiled in implementations */
229 const aes_impl_ops_t *aes_all_impl[] = {
231 #if defined(__x86_64)
234 #if defined(__x86_64) && defined(HAVE_AES)
239 /* Indicate that benchmark has been completed */
240 static boolean_t aes_impl_initialized = B_FALSE;
242 /* Select aes implementation */
243 #define IMPL_FASTEST (UINT32_MAX)
244 #define IMPL_CYCLE (UINT32_MAX-1)
246 #define AES_IMPL_READ(i) (*(volatile uint32_t *) &(i))
248 static uint32_t icp_aes_impl = IMPL_FASTEST;
249 static uint32_t user_sel_impl = IMPL_FASTEST;
251 /* Hold all supported implementations */
252 static size_t aes_supp_impl_cnt = 0;
253 static aes_impl_ops_t *aes_supp_impl[ARRAY_SIZE(aes_all_impl)];
256 * Returns the AES operations for encrypt/decrypt/key setup. When a
257 * SIMD implementation is not allowed in the current context, then
258 * fallback to the fastest generic implementation.
260 const aes_impl_ops_t *
261 aes_impl_get_ops(void)
264 return (&aes_generic_impl);
266 const aes_impl_ops_t *ops = NULL;
267 const uint32_t impl = AES_IMPL_READ(icp_aes_impl);
271 ASSERT(aes_impl_initialized);
272 ops = &aes_fastest_impl;
275 /* Cycle through supported implementations */
276 ASSERT(aes_impl_initialized);
277 ASSERT3U(aes_supp_impl_cnt, >, 0);
278 static size_t cycle_impl_idx = 0;
279 size_t idx = (++cycle_impl_idx) % aes_supp_impl_cnt;
280 ops = aes_supp_impl[idx];
283 ASSERT3U(impl, <, aes_supp_impl_cnt);
284 ASSERT3U(aes_supp_impl_cnt, >, 0);
285 if (impl < ARRAY_SIZE(aes_all_impl))
286 ops = aes_supp_impl[impl];
290 ASSERT3P(ops, !=, NULL);
296 * Initialize all supported implementations.
301 aes_impl_ops_t *curr_impl;
304 /* Move supported implementations into aes_supp_impls */
305 for (i = 0, c = 0; i < ARRAY_SIZE(aes_all_impl); i++) {
306 curr_impl = (aes_impl_ops_t *)aes_all_impl[i];
308 if (curr_impl->is_supported())
309 aes_supp_impl[c++] = (aes_impl_ops_t *)curr_impl;
311 aes_supp_impl_cnt = c;
314 * Set the fastest implementation given the assumption that the
315 * hardware accelerated version is the fastest.
317 #if defined(__x86_64)
318 #if defined(HAVE_AES)
319 if (aes_aesni_impl.is_supported()) {
320 memcpy(&aes_fastest_impl, &aes_aesni_impl,
321 sizeof (aes_fastest_impl));
325 memcpy(&aes_fastest_impl, &aes_x86_64_impl,
326 sizeof (aes_fastest_impl));
329 memcpy(&aes_fastest_impl, &aes_generic_impl,
330 sizeof (aes_fastest_impl));
333 strcpy(aes_fastest_impl.name, "fastest");
335 /* Finish initialization */
336 atomic_swap_32(&icp_aes_impl, user_sel_impl);
337 aes_impl_initialized = B_TRUE;
340 static const struct {
343 } aes_impl_opts[] = {
344 { "cycle", IMPL_CYCLE },
345 { "fastest", IMPL_FASTEST },
349 * Function sets desired aes implementation.
351 * If we are called before init(), user preference will be saved in
352 * user_sel_impl, and applied in later init() call. This occurs when module
353 * parameter is specified on module load. Otherwise, directly update
356 * @val Name of aes implementation to use
360 aes_impl_set(const char *val)
363 char req_name[AES_IMPL_NAME_MAX];
364 uint32_t impl = AES_IMPL_READ(user_sel_impl);
368 i = strnlen(val, AES_IMPL_NAME_MAX);
369 if (i == 0 || i >= AES_IMPL_NAME_MAX)
372 strlcpy(req_name, val, AES_IMPL_NAME_MAX);
373 while (i > 0 && isspace(req_name[i-1]))
377 /* Check mandatory options */
378 for (i = 0; i < ARRAY_SIZE(aes_impl_opts); i++) {
379 if (strcmp(req_name, aes_impl_opts[i].name) == 0) {
380 impl = aes_impl_opts[i].sel;
386 /* check all supported impl if init() was already called */
387 if (err != 0 && aes_impl_initialized) {
388 /* check all supported implementations */
389 for (i = 0; i < aes_supp_impl_cnt; i++) {
390 if (strcmp(req_name, aes_supp_impl[i]->name) == 0) {
399 if (aes_impl_initialized)
400 atomic_swap_32(&icp_aes_impl, impl);
402 atomic_swap_32(&user_sel_impl, impl);
411 icp_aes_impl_set(const char *val, zfs_kernel_param_t *kp)
413 return (aes_impl_set(val));
417 icp_aes_impl_get(char *buffer, zfs_kernel_param_t *kp)
421 const uint32_t impl = AES_IMPL_READ(icp_aes_impl);
423 ASSERT(aes_impl_initialized);
425 /* list mandatory options */
426 for (i = 0; i < ARRAY_SIZE(aes_impl_opts); i++) {
427 fmt = (impl == aes_impl_opts[i].sel) ? "[%s] " : "%s ";
428 cnt += sprintf(buffer + cnt, fmt, aes_impl_opts[i].name);
431 /* list all supported implementations */
432 for (i = 0; i < aes_supp_impl_cnt; i++) {
433 fmt = (i == impl) ? "[%s] " : "%s ";
434 cnt += sprintf(buffer + cnt, fmt, aes_supp_impl[i]->name);
440 module_param_call(icp_aes_impl, icp_aes_impl_set, icp_aes_impl_get,
442 MODULE_PARM_DESC(icp_aes_impl, "Select aes implementation.");
projects / zfs / blob