Commit | Line | Data |
---|---|---|
09c434b8 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
1da177e4 LT |
2 | /* |
3 | * Cryptographic API. | |
4 | * | |
5 | * Support for VIA PadLock hardware crypto engine. | |
6 | * | |
7 | * Copyright (c) 2004 Michal Ludvig <michal@logix.cz> | |
8 | * | |
1da177e4 LT |
9 | */ |
10 | ||
28ce728a | 11 | #include <crypto/algapi.h> |
89e12654 | 12 | #include <crypto/aes.h> |
713b2e72 | 13 | #include <crypto/internal/skcipher.h> |
21493088 | 14 | #include <crypto/padlock.h> |
1da177e4 LT |
15 | #include <linux/module.h> |
16 | #include <linux/init.h> | |
17 | #include <linux/types.h> | |
18 | #include <linux/errno.h> | |
1da177e4 | 19 | #include <linux/interrupt.h> |
6789b2dc | 20 | #include <linux/kernel.h> |
0c3dc787 | 21 | #include <linux/mm.h> |
420a4b20 HX |
22 | #include <linux/percpu.h> |
23 | #include <linux/smp.h> | |
5a0e3ad6 | 24 | #include <linux/slab.h> |
3bd391f0 | 25 | #include <asm/cpu_device_id.h> |
1da177e4 | 26 | #include <asm/byteorder.h> |
a76c1c23 | 27 | #include <asm/processor.h> |
df6b35f4 | 28 | #include <asm/fpu/api.h> |
1da177e4 | 29 | |
8d8409f7 CE |
30 | /* |
31 | * Number of data blocks actually fetched for each xcrypt insn. | |
32 | * Processors with prefetch errata will fetch extra blocks. | |
33 | */ | |
a76c1c23 | 34 | static unsigned int ecb_fetch_blocks = 2; |
8d8409f7 | 35 | #define MAX_ECB_FETCH_BLOCKS (8) |
a76c1c23 | 36 | #define ecb_fetch_bytes (ecb_fetch_blocks * AES_BLOCK_SIZE) |
8d8409f7 CE |
37 | |
38 | static unsigned int cbc_fetch_blocks = 1; | |
39 | #define MAX_CBC_FETCH_BLOCKS (4) | |
a76c1c23 CE |
40 | #define cbc_fetch_bytes (cbc_fetch_blocks * AES_BLOCK_SIZE) |
41 | ||
ccc17c34 ML |
42 | /* Control word. */ |
43 | struct cword { | |
44 | unsigned int __attribute__ ((__packed__)) | |
45 | rounds:4, | |
46 | algo:3, | |
47 | keygen:1, | |
48 | interm:1, | |
49 | encdec:1, | |
50 | ksize:2; | |
51 | } __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); | |
52 | ||
cc08632f ML |
53 | /* Whenever making any changes to the following |
54 | * structure *make sure* you keep E, d_data | |
7dc748e4 SS |
55 | * and cword aligned on 16 Bytes boundaries and |
56 | * the Hardware can access 16 * 16 bytes of E and d_data | |
57 | * (only the first 15 * 16 bytes matter but the HW reads | |
58 | * more). | |
59 | */ | |
1da177e4 | 60 | struct aes_ctx { |
7dc748e4 SS |
61 | u32 E[AES_MAX_KEYLENGTH_U32] |
62 | __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); | |
63 | u32 d_data[AES_MAX_KEYLENGTH_U32] | |
64 | __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); | |
6789b2dc HX |
65 | struct { |
66 | struct cword encrypt; | |
67 | struct cword decrypt; | |
68 | } cword; | |
82062c72 | 69 | u32 *D; |
1da177e4 LT |
70 | }; |
71 | ||
390dfd95 | 72 | static DEFINE_PER_CPU(struct cword *, paes_last_cword); |
420a4b20 | 73 | |
1da177e4 LT |
74 | /* Tells whether the ACE is capable to generate |
75 | the extended key for a given key_len. */ | |
76 | static inline int | |
77 | aes_hw_extkey_available(uint8_t key_len) | |
78 | { | |
79 | /* TODO: We should check the actual CPU model/stepping | |
80 | as it's possible that the capability will be | |
81 | added in the next CPU revisions. */ | |
82 | if (key_len == 16) | |
83 | return 1; | |
84 | return 0; | |
85 | } | |
86 | ||
28ce728a | 87 | static inline struct aes_ctx *aes_ctx_common(void *ctx) |
6789b2dc | 88 | { |
28ce728a | 89 | unsigned long addr = (unsigned long)ctx; |
f10b7897 HX |
90 | unsigned long align = PADLOCK_ALIGNMENT; |
91 | ||
92 | if (align <= crypto_tfm_ctx_alignment()) | |
93 | align = 1; | |
6c2bb98b | 94 | return (struct aes_ctx *)ALIGN(addr, align); |
6789b2dc HX |
95 | } |
96 | ||
28ce728a HX |
97 | static inline struct aes_ctx *aes_ctx(struct crypto_tfm *tfm) |
98 | { | |
99 | return aes_ctx_common(crypto_tfm_ctx(tfm)); | |
100 | } | |
101 | ||
713b2e72 | 102 | static inline struct aes_ctx *skcipher_aes_ctx(struct crypto_skcipher *tfm) |
28ce728a | 103 | { |
713b2e72 | 104 | return aes_ctx_common(crypto_skcipher_ctx(tfm)); |
28ce728a HX |
105 | } |
106 | ||
6c2bb98b | 107 | static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, |
560c06ae | 108 | unsigned int key_len) |
1da177e4 | 109 | { |
6c2bb98b | 110 | struct aes_ctx *ctx = aes_ctx(tfm); |
06ace7a9 | 111 | const __le32 *key = (const __le32 *)in_key; |
7dc748e4 | 112 | struct crypto_aes_ctx gen_aes; |
420a4b20 | 113 | int cpu; |
1da177e4 | 114 | |
674f368a | 115 | if (key_len % 8) |
1da177e4 | 116 | return -EINVAL; |
1da177e4 | 117 | |
6789b2dc HX |
118 | /* |
119 | * If the hardware is capable of generating the extended key | |
120 | * itself we must supply the plain key for both encryption | |
121 | * and decryption. | |
122 | */ | |
82062c72 | 123 | ctx->D = ctx->E; |
1da177e4 | 124 | |
7dc748e4 SS |
125 | ctx->E[0] = le32_to_cpu(key[0]); |
126 | ctx->E[1] = le32_to_cpu(key[1]); | |
127 | ctx->E[2] = le32_to_cpu(key[2]); | |
128 | ctx->E[3] = le32_to_cpu(key[3]); | |
1da177e4 | 129 | |
6789b2dc HX |
130 | /* Prepare control words. */ |
131 | memset(&ctx->cword, 0, sizeof(ctx->cword)); | |
132 | ||
133 | ctx->cword.decrypt.encdec = 1; | |
134 | ctx->cword.encrypt.rounds = 10 + (key_len - 16) / 4; | |
135 | ctx->cword.decrypt.rounds = ctx->cword.encrypt.rounds; | |
136 | ctx->cword.encrypt.ksize = (key_len - 16) / 8; | |
137 | ctx->cword.decrypt.ksize = ctx->cword.encrypt.ksize; | |
138 | ||
1da177e4 LT |
139 | /* Don't generate extended keys if the hardware can do it. */ |
140 | if (aes_hw_extkey_available(key_len)) | |
420a4b20 | 141 | goto ok; |
1da177e4 | 142 | |
6789b2dc HX |
143 | ctx->D = ctx->d_data; |
144 | ctx->cword.encrypt.keygen = 1; | |
145 | ctx->cword.decrypt.keygen = 1; | |
146 | ||
674f368a | 147 | if (aes_expandkey(&gen_aes, in_key, key_len)) |
7dc748e4 | 148 | return -EINVAL; |
1da177e4 | 149 | |
7dc748e4 SS |
150 | memcpy(ctx->E, gen_aes.key_enc, AES_MAX_KEYLENGTH); |
151 | memcpy(ctx->D, gen_aes.key_dec, AES_MAX_KEYLENGTH); | |
420a4b20 HX |
152 | |
153 | ok: | |
154 | for_each_online_cpu(cpu) | |
390dfd95 TH |
155 | if (&ctx->cword.encrypt == per_cpu(paes_last_cword, cpu) || |
156 | &ctx->cword.decrypt == per_cpu(paes_last_cword, cpu)) | |
157 | per_cpu(paes_last_cword, cpu) = NULL; | |
420a4b20 | 158 | |
1da177e4 LT |
159 | return 0; |
160 | } | |
161 | ||
713b2e72 EB |
162 | static int aes_set_key_skcipher(struct crypto_skcipher *tfm, const u8 *in_key, |
163 | unsigned int key_len) | |
164 | { | |
165 | return aes_set_key(crypto_skcipher_tfm(tfm), in_key, key_len); | |
166 | } | |
167 | ||
1da177e4 LT |
168 | /* ====== Encryption/decryption routines ====== */ |
169 | ||
28e8c3ad | 170 | /* These are the real call to PadLock. */ |
420a4b20 HX |
171 | static inline void padlock_reset_key(struct cword *cword) |
172 | { | |
173 | int cpu = raw_smp_processor_id(); | |
174 | ||
390dfd95 | 175 | if (cword != per_cpu(paes_last_cword, cpu)) |
d1c8b0a7 | 176 | #ifndef CONFIG_X86_64 |
420a4b20 | 177 | asm volatile ("pushfl; popfl"); |
d1c8b0a7 SAS |
178 | #else |
179 | asm volatile ("pushfq; popfq"); | |
180 | #endif | |
420a4b20 HX |
181 | } |
182 | ||
183 | static inline void padlock_store_cword(struct cword *cword) | |
866cd902 | 184 | { |
390dfd95 | 185 | per_cpu(paes_last_cword, raw_smp_processor_id()) = cword; |
866cd902 HX |
186 | } |
187 | ||
e4914012 SS |
188 | /* |
189 | * While the padlock instructions don't use FP/SSE registers, they | |
5a83d60c AL |
190 | * generate a spurious DNA fault when CR0.TS is '1'. Fortunately, |
191 | * the kernel doesn't use CR0.TS. | |
e4914012 SS |
192 | */ |
193 | ||
8d8409f7 | 194 | static inline void rep_xcrypt_ecb(const u8 *input, u8 *output, void *key, |
a76c1c23 | 195 | struct cword *control_word, int count) |
d4a7dd8e HX |
196 | { |
197 | asm volatile (".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ | |
198 | : "+S"(input), "+D"(output) | |
a76c1c23 | 199 | : "d"(control_word), "b"(key), "c"(count)); |
d4a7dd8e HX |
200 | } |
201 | ||
8d8409f7 CE |
202 | static inline u8 *rep_xcrypt_cbc(const u8 *input, u8 *output, void *key, |
203 | u8 *iv, struct cword *control_word, int count) | |
204 | { | |
205 | asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */ | |
206 | : "+S" (input), "+D" (output), "+a" (iv) | |
207 | : "d" (control_word), "b" (key), "c" (count)); | |
208 | return iv; | |
209 | } | |
210 | ||
211 | static void ecb_crypt_copy(const u8 *in, u8 *out, u32 *key, | |
a76c1c23 | 212 | struct cword *cword, int count) |
d4a7dd8e | 213 | { |
a76c1c23 CE |
214 | /* |
215 | * Padlock prefetches extra data so we must provide mapped input buffers. | |
216 | * Assume there are at least 16 bytes of stack already in use. | |
217 | */ | |
8d8409f7 | 218 | u8 buf[AES_BLOCK_SIZE * (MAX_ECB_FETCH_BLOCKS - 1) + PADLOCK_ALIGNMENT - 1]; |
490fe3f0 | 219 | u8 *tmp = PTR_ALIGN(&buf[0], PADLOCK_ALIGNMENT); |
d4a7dd8e | 220 | |
a76c1c23 | 221 | memcpy(tmp, in, count * AES_BLOCK_SIZE); |
8d8409f7 | 222 | rep_xcrypt_ecb(tmp, out, key, cword, count); |
d4a7dd8e HX |
223 | } |
224 | ||
8d8409f7 CE |
225 | static u8 *cbc_crypt_copy(const u8 *in, u8 *out, u32 *key, |
226 | u8 *iv, struct cword *cword, int count) | |
227 | { | |
228 | /* | |
229 | * Padlock prefetches extra data so we must provide mapped input buffers. | |
230 | * Assume there are at least 16 bytes of stack already in use. | |
231 | */ | |
232 | u8 buf[AES_BLOCK_SIZE * (MAX_CBC_FETCH_BLOCKS - 1) + PADLOCK_ALIGNMENT - 1]; | |
233 | u8 *tmp = PTR_ALIGN(&buf[0], PADLOCK_ALIGNMENT); | |
234 | ||
235 | memcpy(tmp, in, count * AES_BLOCK_SIZE); | |
236 | return rep_xcrypt_cbc(tmp, out, key, iv, cword, count); | |
237 | } | |
238 | ||
239 | static inline void ecb_crypt(const u8 *in, u8 *out, u32 *key, | |
a76c1c23 | 240 | struct cword *cword, int count) |
d4a7dd8e | 241 | { |
a76c1c23 CE |
242 | /* Padlock in ECB mode fetches at least ecb_fetch_bytes of data. |
243 | * We could avoid some copying here but it's probably not worth it. | |
244 | */ | |
1d4bbc5a | 245 | if (unlikely(offset_in_page(in) + ecb_fetch_bytes > PAGE_SIZE)) { |
8d8409f7 | 246 | ecb_crypt_copy(in, out, key, cword, count); |
d4a7dd8e HX |
247 | return; |
248 | } | |
249 | ||
8d8409f7 CE |
250 | rep_xcrypt_ecb(in, out, key, cword, count); |
251 | } | |
252 | ||
253 | static inline u8 *cbc_crypt(const u8 *in, u8 *out, u32 *key, | |
254 | u8 *iv, struct cword *cword, int count) | |
255 | { | |
256 | /* Padlock in CBC mode fetches at least cbc_fetch_bytes of data. */ | |
1d4bbc5a | 257 | if (unlikely(offset_in_page(in) + cbc_fetch_bytes > PAGE_SIZE)) |
8d8409f7 CE |
258 | return cbc_crypt_copy(in, out, key, iv, cword, count); |
259 | ||
260 | return rep_xcrypt_cbc(in, out, key, iv, cword, count); | |
d4a7dd8e HX |
261 | } |
262 | ||
6789b2dc HX |
263 | static inline void padlock_xcrypt_ecb(const u8 *input, u8 *output, void *key, |
264 | void *control_word, u32 count) | |
1da177e4 | 265 | { |
a76c1c23 CE |
266 | u32 initial = count & (ecb_fetch_blocks - 1); |
267 | ||
268 | if (count < ecb_fetch_blocks) { | |
8d8409f7 | 269 | ecb_crypt(input, output, key, control_word, count); |
d4a7dd8e HX |
270 | return; |
271 | } | |
272 | ||
46d8c4b2 HX |
273 | count -= initial; |
274 | ||
a76c1c23 CE |
275 | if (initial) |
276 | asm volatile (".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ | |
277 | : "+S"(input), "+D"(output) | |
278 | : "d"(control_word), "b"(key), "c"(initial)); | |
279 | ||
280 | asm volatile (".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ | |
1da177e4 | 281 | : "+S"(input), "+D"(output) |
46d8c4b2 | 282 | : "d"(control_word), "b"(key), "c"(count)); |
1da177e4 LT |
283 | } |
284 | ||
476df259 HX |
285 | static inline u8 *padlock_xcrypt_cbc(const u8 *input, u8 *output, void *key, |
286 | u8 *iv, void *control_word, u32 count) | |
28e8c3ad | 287 | { |
8d8409f7 CE |
288 | u32 initial = count & (cbc_fetch_blocks - 1); |
289 | ||
290 | if (count < cbc_fetch_blocks) | |
291 | return cbc_crypt(input, output, key, iv, control_word, count); | |
292 | ||
46d8c4b2 HX |
293 | count -= initial; |
294 | ||
8d8409f7 CE |
295 | if (initial) |
296 | asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */ | |
297 | : "+S" (input), "+D" (output), "+a" (iv) | |
c054a076 | 298 | : "d" (control_word), "b" (key), "c" (initial)); |
8d8409f7 CE |
299 | |
300 | asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */ | |
28e8c3ad | 301 | : "+S" (input), "+D" (output), "+a" (iv) |
46d8c4b2 | 302 | : "d" (control_word), "b" (key), "c" (count)); |
476df259 | 303 | return iv; |
28e8c3ad HX |
304 | } |
305 | ||
724ecd3c | 306 | static void padlock_aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
1da177e4 | 307 | { |
6c2bb98b | 308 | struct aes_ctx *ctx = aes_ctx(tfm); |
e4914012 | 309 | |
420a4b20 | 310 | padlock_reset_key(&ctx->cword.encrypt); |
8d8409f7 | 311 | ecb_crypt(in, out, ctx->E, &ctx->cword.encrypt, 1); |
420a4b20 | 312 | padlock_store_cword(&ctx->cword.encrypt); |
1da177e4 LT |
313 | } |
314 | ||
724ecd3c | 315 | static void padlock_aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
1da177e4 | 316 | { |
6c2bb98b | 317 | struct aes_ctx *ctx = aes_ctx(tfm); |
e4914012 | 318 | |
420a4b20 | 319 | padlock_reset_key(&ctx->cword.encrypt); |
8d8409f7 | 320 | ecb_crypt(in, out, ctx->D, &ctx->cword.decrypt, 1); |
420a4b20 | 321 | padlock_store_cword(&ctx->cword.encrypt); |
1da177e4 LT |
322 | } |
323 | ||
324 | static struct crypto_alg aes_alg = { | |
325 | .cra_name = "aes", | |
c8a19c91 | 326 | .cra_driver_name = "aes-padlock", |
ccc17c34 | 327 | .cra_priority = PADLOCK_CRA_PRIORITY, |
1da177e4 LT |
328 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, |
329 | .cra_blocksize = AES_BLOCK_SIZE, | |
fbdae9f3 | 330 | .cra_ctxsize = sizeof(struct aes_ctx), |
6789b2dc | 331 | .cra_alignmask = PADLOCK_ALIGNMENT - 1, |
1da177e4 | 332 | .cra_module = THIS_MODULE, |
1da177e4 LT |
333 | .cra_u = { |
334 | .cipher = { | |
335 | .cia_min_keysize = AES_MIN_KEY_SIZE, | |
336 | .cia_max_keysize = AES_MAX_KEY_SIZE, | |
337 | .cia_setkey = aes_set_key, | |
724ecd3c AB |
338 | .cia_encrypt = padlock_aes_encrypt, |
339 | .cia_decrypt = padlock_aes_decrypt, | |
1da177e4 LT |
340 | } |
341 | } | |
342 | }; | |
343 | ||
713b2e72 | 344 | static int ecb_aes_encrypt(struct skcipher_request *req) |
28ce728a | 345 | { |
713b2e72 EB |
346 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); |
347 | struct aes_ctx *ctx = skcipher_aes_ctx(tfm); | |
348 | struct skcipher_walk walk; | |
349 | unsigned int nbytes; | |
28ce728a HX |
350 | int err; |
351 | ||
420a4b20 | 352 | padlock_reset_key(&ctx->cword.encrypt); |
866cd902 | 353 | |
713b2e72 | 354 | err = skcipher_walk_virt(&walk, req, false); |
28ce728a | 355 | |
713b2e72 | 356 | while ((nbytes = walk.nbytes) != 0) { |
28ce728a HX |
357 | padlock_xcrypt_ecb(walk.src.virt.addr, walk.dst.virt.addr, |
358 | ctx->E, &ctx->cword.encrypt, | |
359 | nbytes / AES_BLOCK_SIZE); | |
360 | nbytes &= AES_BLOCK_SIZE - 1; | |
713b2e72 | 361 | err = skcipher_walk_done(&walk, nbytes); |
28ce728a HX |
362 | } |
363 | ||
420a4b20 HX |
364 | padlock_store_cword(&ctx->cword.encrypt); |
365 | ||
28ce728a HX |
366 | return err; |
367 | } | |
368 | ||
713b2e72 | 369 | static int ecb_aes_decrypt(struct skcipher_request *req) |
28ce728a | 370 | { |
713b2e72 EB |
371 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); |
372 | struct aes_ctx *ctx = skcipher_aes_ctx(tfm); | |
373 | struct skcipher_walk walk; | |
374 | unsigned int nbytes; | |
28ce728a HX |
375 | int err; |
376 | ||
420a4b20 | 377 | padlock_reset_key(&ctx->cword.decrypt); |
866cd902 | 378 | |
713b2e72 | 379 | err = skcipher_walk_virt(&walk, req, false); |
28ce728a | 380 | |
713b2e72 | 381 | while ((nbytes = walk.nbytes) != 0) { |
28ce728a HX |
382 | padlock_xcrypt_ecb(walk.src.virt.addr, walk.dst.virt.addr, |
383 | ctx->D, &ctx->cword.decrypt, | |
384 | nbytes / AES_BLOCK_SIZE); | |
385 | nbytes &= AES_BLOCK_SIZE - 1; | |
713b2e72 | 386 | err = skcipher_walk_done(&walk, nbytes); |
28ce728a | 387 | } |
420a4b20 HX |
388 | |
389 | padlock_store_cword(&ctx->cword.encrypt); | |
390 | ||
28ce728a HX |
391 | return err; |
392 | } | |
393 | ||
713b2e72 EB |
394 | static struct skcipher_alg ecb_aes_alg = { |
395 | .base.cra_name = "ecb(aes)", | |
396 | .base.cra_driver_name = "ecb-aes-padlock", | |
397 | .base.cra_priority = PADLOCK_COMPOSITE_PRIORITY, | |
398 | .base.cra_blocksize = AES_BLOCK_SIZE, | |
399 | .base.cra_ctxsize = sizeof(struct aes_ctx), | |
400 | .base.cra_alignmask = PADLOCK_ALIGNMENT - 1, | |
401 | .base.cra_module = THIS_MODULE, | |
402 | .min_keysize = AES_MIN_KEY_SIZE, | |
403 | .max_keysize = AES_MAX_KEY_SIZE, | |
404 | .setkey = aes_set_key_skcipher, | |
405 | .encrypt = ecb_aes_encrypt, | |
406 | .decrypt = ecb_aes_decrypt, | |
28ce728a HX |
407 | }; |
408 | ||
713b2e72 | 409 | static int cbc_aes_encrypt(struct skcipher_request *req) |
28ce728a | 410 | { |
713b2e72 EB |
411 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); |
412 | struct aes_ctx *ctx = skcipher_aes_ctx(tfm); | |
413 | struct skcipher_walk walk; | |
414 | unsigned int nbytes; | |
28ce728a HX |
415 | int err; |
416 | ||
420a4b20 | 417 | padlock_reset_key(&ctx->cword.encrypt); |
866cd902 | 418 | |
713b2e72 | 419 | err = skcipher_walk_virt(&walk, req, false); |
28ce728a | 420 | |
713b2e72 | 421 | while ((nbytes = walk.nbytes) != 0) { |
28ce728a HX |
422 | u8 *iv = padlock_xcrypt_cbc(walk.src.virt.addr, |
423 | walk.dst.virt.addr, ctx->E, | |
424 | walk.iv, &ctx->cword.encrypt, | |
425 | nbytes / AES_BLOCK_SIZE); | |
426 | memcpy(walk.iv, iv, AES_BLOCK_SIZE); | |
427 | nbytes &= AES_BLOCK_SIZE - 1; | |
713b2e72 | 428 | err = skcipher_walk_done(&walk, nbytes); |
28ce728a HX |
429 | } |
430 | ||
420a4b20 HX |
431 | padlock_store_cword(&ctx->cword.decrypt); |
432 | ||
28ce728a HX |
433 | return err; |
434 | } | |
435 | ||
713b2e72 | 436 | static int cbc_aes_decrypt(struct skcipher_request *req) |
28ce728a | 437 | { |
713b2e72 EB |
438 | struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); |
439 | struct aes_ctx *ctx = skcipher_aes_ctx(tfm); | |
440 | struct skcipher_walk walk; | |
441 | unsigned int nbytes; | |
28ce728a HX |
442 | int err; |
443 | ||
420a4b20 | 444 | padlock_reset_key(&ctx->cword.encrypt); |
866cd902 | 445 | |
713b2e72 | 446 | err = skcipher_walk_virt(&walk, req, false); |
28ce728a | 447 | |
713b2e72 | 448 | while ((nbytes = walk.nbytes) != 0) { |
28ce728a HX |
449 | padlock_xcrypt_cbc(walk.src.virt.addr, walk.dst.virt.addr, |
450 | ctx->D, walk.iv, &ctx->cword.decrypt, | |
451 | nbytes / AES_BLOCK_SIZE); | |
452 | nbytes &= AES_BLOCK_SIZE - 1; | |
713b2e72 | 453 | err = skcipher_walk_done(&walk, nbytes); |
28ce728a HX |
454 | } |
455 | ||
420a4b20 HX |
456 | padlock_store_cword(&ctx->cword.encrypt); |
457 | ||
28ce728a HX |
458 | return err; |
459 | } | |
460 | ||
713b2e72 EB |
461 | static struct skcipher_alg cbc_aes_alg = { |
462 | .base.cra_name = "cbc(aes)", | |
463 | .base.cra_driver_name = "cbc-aes-padlock", | |
464 | .base.cra_priority = PADLOCK_COMPOSITE_PRIORITY, | |
465 | .base.cra_blocksize = AES_BLOCK_SIZE, | |
466 | .base.cra_ctxsize = sizeof(struct aes_ctx), | |
467 | .base.cra_alignmask = PADLOCK_ALIGNMENT - 1, | |
468 | .base.cra_module = THIS_MODULE, | |
469 | .min_keysize = AES_MIN_KEY_SIZE, | |
470 | .max_keysize = AES_MAX_KEY_SIZE, | |
471 | .ivsize = AES_BLOCK_SIZE, | |
472 | .setkey = aes_set_key_skcipher, | |
473 | .encrypt = cbc_aes_encrypt, | |
474 | .decrypt = cbc_aes_decrypt, | |
28ce728a HX |
475 | }; |
476 | ||
d9893645 | 477 | static const struct x86_cpu_id padlock_cpu_id[] = { |
f30cfaca | 478 | X86_MATCH_FEATURE(X86_FEATURE_XCRYPT, NULL), |
3bd391f0 AK |
479 | {} |
480 | }; | |
481 | MODULE_DEVICE_TABLE(x86cpu, padlock_cpu_id); | |
482 | ||
1191f0a4 | 483 | static int __init padlock_init(void) |
1da177e4 | 484 | { |
1191f0a4 | 485 | int ret; |
a76c1c23 | 486 | struct cpuinfo_x86 *c = &cpu_data(0); |
1191f0a4 | 487 | |
3bd391f0 | 488 | if (!x86_match_cpu(padlock_cpu_id)) |
1191f0a4 | 489 | return -ENODEV; |
1191f0a4 | 490 | |
362f924b | 491 | if (!boot_cpu_has(X86_FEATURE_XCRYPT_EN)) { |
b43e726b | 492 | printk(KERN_NOTICE PFX "VIA PadLock detected, but not enabled. Hmm, strange...\n"); |
1191f0a4 ML |
493 | return -ENODEV; |
494 | } | |
1da177e4 | 495 | |
713b2e72 | 496 | if ((ret = crypto_register_alg(&aes_alg)) != 0) |
28ce728a HX |
497 | goto aes_err; |
498 | ||
713b2e72 | 499 | if ((ret = crypto_register_skcipher(&ecb_aes_alg)) != 0) |
28ce728a HX |
500 | goto ecb_aes_err; |
501 | ||
713b2e72 | 502 | if ((ret = crypto_register_skcipher(&cbc_aes_alg)) != 0) |
28ce728a | 503 | goto cbc_aes_err; |
1191f0a4 ML |
504 | |
505 | printk(KERN_NOTICE PFX "Using VIA PadLock ACE for AES algorithm.\n"); | |
506 | ||
b399151c | 507 | if (c->x86 == 6 && c->x86_model == 15 && c->x86_stepping == 2) { |
8d8409f7 CE |
508 | ecb_fetch_blocks = MAX_ECB_FETCH_BLOCKS; |
509 | cbc_fetch_blocks = MAX_CBC_FETCH_BLOCKS; | |
a76c1c23 CE |
510 | printk(KERN_NOTICE PFX "VIA Nano stepping 2 detected: enabling workaround.\n"); |
511 | } | |
512 | ||
28ce728a | 513 | out: |
1191f0a4 | 514 | return ret; |
28ce728a HX |
515 | |
516 | cbc_aes_err: | |
713b2e72 | 517 | crypto_unregister_skcipher(&ecb_aes_alg); |
28ce728a HX |
518 | ecb_aes_err: |
519 | crypto_unregister_alg(&aes_alg); | |
520 | aes_err: | |
521 | printk(KERN_ERR PFX "VIA PadLock AES initialization failed.\n"); | |
522 | goto out; | |
1da177e4 LT |
523 | } |
524 | ||
1191f0a4 | 525 | static void __exit padlock_fini(void) |
1da177e4 | 526 | { |
713b2e72 EB |
527 | crypto_unregister_skcipher(&cbc_aes_alg); |
528 | crypto_unregister_skcipher(&ecb_aes_alg); | |
1da177e4 LT |
529 | crypto_unregister_alg(&aes_alg); |
530 | } | |
1191f0a4 ML |
531 | |
532 | module_init(padlock_init); | |
533 | module_exit(padlock_fini); | |
534 | ||
535 | MODULE_DESCRIPTION("VIA PadLock AES algorithm support"); | |
536 | MODULE_LICENSE("GPL"); | |
537 | MODULE_AUTHOR("Michal Ludvig"); | |
538 | ||
5d26a105 | 539 | MODULE_ALIAS_CRYPTO("aes"); |