Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Cryptographic API. | |
3 | * | |
4 | * Support for VIA PadLock hardware crypto engine. | |
5 | * | |
6 | * Copyright (c) 2004 Michal Ludvig <michal@logix.cz> | |
7 | * | |
1da177e4 LT |
8 | */ |
9 | ||
28ce728a | 10 | #include <crypto/algapi.h> |
89e12654 | 11 | #include <crypto/aes.h> |
1da177e4 LT |
12 | #include <linux/module.h> |
13 | #include <linux/init.h> | |
14 | #include <linux/types.h> | |
15 | #include <linux/errno.h> | |
1da177e4 | 16 | #include <linux/interrupt.h> |
6789b2dc | 17 | #include <linux/kernel.h> |
420a4b20 HX |
18 | #include <linux/percpu.h> |
19 | #include <linux/smp.h> | |
5a0e3ad6 | 20 | #include <linux/slab.h> |
1da177e4 | 21 | #include <asm/byteorder.h> |
a76c1c23 | 22 | #include <asm/processor.h> |
e4914012 | 23 | #include <asm/i387.h> |
1da177e4 LT |
24 | #include "padlock.h" |
25 | ||
8d8409f7 CE |
26 | /* |
27 | * Number of data blocks actually fetched for each xcrypt insn. | |
28 | * Processors with prefetch errata will fetch extra blocks. | |
29 | */ | |
a76c1c23 | 30 | static unsigned int ecb_fetch_blocks = 2; |
8d8409f7 | 31 | #define MAX_ECB_FETCH_BLOCKS (8) |
a76c1c23 | 32 | #define ecb_fetch_bytes (ecb_fetch_blocks * AES_BLOCK_SIZE) |
8d8409f7 CE |
33 | |
34 | static unsigned int cbc_fetch_blocks = 1; | |
35 | #define MAX_CBC_FETCH_BLOCKS (4) | |
a76c1c23 CE |
36 | #define cbc_fetch_bytes (cbc_fetch_blocks * AES_BLOCK_SIZE) |
37 | ||
ccc17c34 ML |
38 | /* Control word. */ |
39 | struct cword { | |
40 | unsigned int __attribute__ ((__packed__)) | |
41 | rounds:4, | |
42 | algo:3, | |
43 | keygen:1, | |
44 | interm:1, | |
45 | encdec:1, | |
46 | ksize:2; | |
47 | } __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); | |
48 | ||
cc08632f ML |
49 | /* Whenever making any changes to the following |
50 | * structure *make sure* you keep E, d_data | |
7dc748e4 SS |
51 | * and cword aligned on 16 Bytes boundaries and |
52 | * the Hardware can access 16 * 16 bytes of E and d_data | |
53 | * (only the first 15 * 16 bytes matter but the HW reads | |
54 | * more). | |
55 | */ | |
1da177e4 | 56 | struct aes_ctx { |
7dc748e4 SS |
57 | u32 E[AES_MAX_KEYLENGTH_U32] |
58 | __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); | |
59 | u32 d_data[AES_MAX_KEYLENGTH_U32] | |
60 | __attribute__ ((__aligned__(PADLOCK_ALIGNMENT))); | |
6789b2dc HX |
61 | struct { |
62 | struct cword encrypt; | |
63 | struct cword decrypt; | |
64 | } cword; | |
82062c72 | 65 | u32 *D; |
1da177e4 LT |
66 | }; |
67 | ||
390dfd95 | 68 | static DEFINE_PER_CPU(struct cword *, paes_last_cword); |
420a4b20 | 69 | |
1da177e4 LT |
70 | /* Tells whether the ACE is capable to generate |
71 | the extended key for a given key_len. */ | |
72 | static inline int | |
73 | aes_hw_extkey_available(uint8_t key_len) | |
74 | { | |
75 | /* TODO: We should check the actual CPU model/stepping | |
76 | as it's possible that the capability will be | |
77 | added in the next CPU revisions. */ | |
78 | if (key_len == 16) | |
79 | return 1; | |
80 | return 0; | |
81 | } | |
82 | ||
28ce728a | 83 | static inline struct aes_ctx *aes_ctx_common(void *ctx) |
6789b2dc | 84 | { |
28ce728a | 85 | unsigned long addr = (unsigned long)ctx; |
f10b7897 HX |
86 | unsigned long align = PADLOCK_ALIGNMENT; |
87 | ||
88 | if (align <= crypto_tfm_ctx_alignment()) | |
89 | align = 1; | |
6c2bb98b | 90 | return (struct aes_ctx *)ALIGN(addr, align); |
6789b2dc HX |
91 | } |
92 | ||
28ce728a HX |
93 | static inline struct aes_ctx *aes_ctx(struct crypto_tfm *tfm) |
94 | { | |
95 | return aes_ctx_common(crypto_tfm_ctx(tfm)); | |
96 | } | |
97 | ||
98 | static inline struct aes_ctx *blk_aes_ctx(struct crypto_blkcipher *tfm) | |
99 | { | |
100 | return aes_ctx_common(crypto_blkcipher_ctx(tfm)); | |
101 | } | |
102 | ||
6c2bb98b | 103 | static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, |
560c06ae | 104 | unsigned int key_len) |
1da177e4 | 105 | { |
6c2bb98b | 106 | struct aes_ctx *ctx = aes_ctx(tfm); |
06ace7a9 | 107 | const __le32 *key = (const __le32 *)in_key; |
560c06ae | 108 | u32 *flags = &tfm->crt_flags; |
7dc748e4 | 109 | struct crypto_aes_ctx gen_aes; |
420a4b20 | 110 | int cpu; |
1da177e4 | 111 | |
560c06ae | 112 | if (key_len % 8) { |
1da177e4 LT |
113 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; |
114 | return -EINVAL; | |
115 | } | |
116 | ||
6789b2dc HX |
117 | /* |
118 | * If the hardware is capable of generating the extended key | |
119 | * itself we must supply the plain key for both encryption | |
120 | * and decryption. | |
121 | */ | |
82062c72 | 122 | ctx->D = ctx->E; |
1da177e4 | 123 | |
7dc748e4 SS |
124 | ctx->E[0] = le32_to_cpu(key[0]); |
125 | ctx->E[1] = le32_to_cpu(key[1]); | |
126 | ctx->E[2] = le32_to_cpu(key[2]); | |
127 | ctx->E[3] = le32_to_cpu(key[3]); | |
1da177e4 | 128 | |
6789b2dc HX |
129 | /* Prepare control words. */ |
130 | memset(&ctx->cword, 0, sizeof(ctx->cword)); | |
131 | ||
132 | ctx->cword.decrypt.encdec = 1; | |
133 | ctx->cword.encrypt.rounds = 10 + (key_len - 16) / 4; | |
134 | ctx->cword.decrypt.rounds = ctx->cword.encrypt.rounds; | |
135 | ctx->cword.encrypt.ksize = (key_len - 16) / 8; | |
136 | ctx->cword.decrypt.ksize = ctx->cword.encrypt.ksize; | |
137 | ||
1da177e4 LT |
138 | /* Don't generate extended keys if the hardware can do it. */ |
139 | if (aes_hw_extkey_available(key_len)) | |
420a4b20 | 140 | goto ok; |
1da177e4 | 141 | |
6789b2dc HX |
142 | ctx->D = ctx->d_data; |
143 | ctx->cword.encrypt.keygen = 1; | |
144 | ctx->cword.decrypt.keygen = 1; | |
145 | ||
7dc748e4 SS |
146 | if (crypto_aes_expand_key(&gen_aes, in_key, key_len)) { |
147 | *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN; | |
148 | return -EINVAL; | |
1da177e4 LT |
149 | } |
150 | ||
7dc748e4 SS |
151 | memcpy(ctx->E, gen_aes.key_enc, AES_MAX_KEYLENGTH); |
152 | memcpy(ctx->D, gen_aes.key_dec, AES_MAX_KEYLENGTH); | |
420a4b20 HX |
153 | |
154 | ok: | |
155 | for_each_online_cpu(cpu) | |
390dfd95 TH |
156 | if (&ctx->cword.encrypt == per_cpu(paes_last_cword, cpu) || |
157 | &ctx->cword.decrypt == per_cpu(paes_last_cword, cpu)) | |
158 | per_cpu(paes_last_cword, cpu) = NULL; | |
420a4b20 | 159 | |
1da177e4 LT |
160 | return 0; |
161 | } | |
162 | ||
163 | /* ====== Encryption/decryption routines ====== */ | |
164 | ||
28e8c3ad | 165 | /* These are the real call to PadLock. */ |
420a4b20 HX |
166 | static inline void padlock_reset_key(struct cword *cword) |
167 | { | |
168 | int cpu = raw_smp_processor_id(); | |
169 | ||
390dfd95 | 170 | if (cword != per_cpu(paes_last_cword, cpu)) |
d1c8b0a7 | 171 | #ifndef CONFIG_X86_64 |
420a4b20 | 172 | asm volatile ("pushfl; popfl"); |
d1c8b0a7 SAS |
173 | #else |
174 | asm volatile ("pushfq; popfq"); | |
175 | #endif | |
420a4b20 HX |
176 | } |
177 | ||
178 | static inline void padlock_store_cword(struct cword *cword) | |
866cd902 | 179 | { |
390dfd95 | 180 | per_cpu(paes_last_cword, raw_smp_processor_id()) = cword; |
866cd902 HX |
181 | } |
182 | ||
e4914012 SS |
183 | /* |
184 | * While the padlock instructions don't use FP/SSE registers, they | |
185 | * generate a spurious DNA fault when cr0.ts is '1'. These instructions | |
186 | * should be used only inside the irq_ts_save/restore() context | |
187 | */ | |
188 | ||
8d8409f7 | 189 | static inline void rep_xcrypt_ecb(const u8 *input, u8 *output, void *key, |
a76c1c23 | 190 | struct cword *control_word, int count) |
d4a7dd8e HX |
191 | { |
192 | asm volatile (".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ | |
193 | : "+S"(input), "+D"(output) | |
a76c1c23 | 194 | : "d"(control_word), "b"(key), "c"(count)); |
d4a7dd8e HX |
195 | } |
196 | ||
8d8409f7 CE |
197 | static inline u8 *rep_xcrypt_cbc(const u8 *input, u8 *output, void *key, |
198 | u8 *iv, struct cword *control_word, int count) | |
199 | { | |
200 | asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */ | |
201 | : "+S" (input), "+D" (output), "+a" (iv) | |
202 | : "d" (control_word), "b" (key), "c" (count)); | |
203 | return iv; | |
204 | } | |
205 | ||
206 | static void ecb_crypt_copy(const u8 *in, u8 *out, u32 *key, | |
a76c1c23 | 207 | struct cword *cword, int count) |
d4a7dd8e | 208 | { |
a76c1c23 CE |
209 | /* |
210 | * Padlock prefetches extra data so we must provide mapped input buffers. | |
211 | * Assume there are at least 16 bytes of stack already in use. | |
212 | */ | |
8d8409f7 | 213 | u8 buf[AES_BLOCK_SIZE * (MAX_ECB_FETCH_BLOCKS - 1) + PADLOCK_ALIGNMENT - 1]; |
490fe3f0 | 214 | u8 *tmp = PTR_ALIGN(&buf[0], PADLOCK_ALIGNMENT); |
d4a7dd8e | 215 | |
a76c1c23 | 216 | memcpy(tmp, in, count * AES_BLOCK_SIZE); |
8d8409f7 | 217 | rep_xcrypt_ecb(tmp, out, key, cword, count); |
d4a7dd8e HX |
218 | } |
219 | ||
8d8409f7 CE |
220 | static u8 *cbc_crypt_copy(const u8 *in, u8 *out, u32 *key, |
221 | u8 *iv, struct cword *cword, int count) | |
222 | { | |
223 | /* | |
224 | * Padlock prefetches extra data so we must provide mapped input buffers. | |
225 | * Assume there are at least 16 bytes of stack already in use. | |
226 | */ | |
227 | u8 buf[AES_BLOCK_SIZE * (MAX_CBC_FETCH_BLOCKS - 1) + PADLOCK_ALIGNMENT - 1]; | |
228 | u8 *tmp = PTR_ALIGN(&buf[0], PADLOCK_ALIGNMENT); | |
229 | ||
230 | memcpy(tmp, in, count * AES_BLOCK_SIZE); | |
231 | return rep_xcrypt_cbc(tmp, out, key, iv, cword, count); | |
232 | } | |
233 | ||
234 | static inline void ecb_crypt(const u8 *in, u8 *out, u32 *key, | |
a76c1c23 | 235 | struct cword *cword, int count) |
d4a7dd8e | 236 | { |
a76c1c23 CE |
237 | /* Padlock in ECB mode fetches at least ecb_fetch_bytes of data. |
238 | * We could avoid some copying here but it's probably not worth it. | |
239 | */ | |
e8edb3cb | 240 | if (unlikely(((unsigned long)in & ~PAGE_MASK) + ecb_fetch_bytes > PAGE_SIZE)) { |
8d8409f7 | 241 | ecb_crypt_copy(in, out, key, cword, count); |
d4a7dd8e HX |
242 | return; |
243 | } | |
244 | ||
8d8409f7 CE |
245 | rep_xcrypt_ecb(in, out, key, cword, count); |
246 | } | |
247 | ||
248 | static inline u8 *cbc_crypt(const u8 *in, u8 *out, u32 *key, | |
249 | u8 *iv, struct cword *cword, int count) | |
250 | { | |
251 | /* Padlock in CBC mode fetches at least cbc_fetch_bytes of data. */ | |
e8edb3cb | 252 | if (unlikely(((unsigned long)in & ~PAGE_MASK) + cbc_fetch_bytes > PAGE_SIZE)) |
8d8409f7 CE |
253 | return cbc_crypt_copy(in, out, key, iv, cword, count); |
254 | ||
255 | return rep_xcrypt_cbc(in, out, key, iv, cword, count); | |
d4a7dd8e HX |
256 | } |
257 | ||
6789b2dc HX |
258 | static inline void padlock_xcrypt_ecb(const u8 *input, u8 *output, void *key, |
259 | void *control_word, u32 count) | |
1da177e4 | 260 | { |
a76c1c23 CE |
261 | u32 initial = count & (ecb_fetch_blocks - 1); |
262 | ||
263 | if (count < ecb_fetch_blocks) { | |
8d8409f7 | 264 | ecb_crypt(input, output, key, control_word, count); |
d4a7dd8e HX |
265 | return; |
266 | } | |
267 | ||
a76c1c23 CE |
268 | if (initial) |
269 | asm volatile (".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ | |
270 | : "+S"(input), "+D"(output) | |
271 | : "d"(control_word), "b"(key), "c"(initial)); | |
272 | ||
273 | asm volatile (".byte 0xf3,0x0f,0xa7,0xc8" /* rep xcryptecb */ | |
1da177e4 | 274 | : "+S"(input), "+D"(output) |
a76c1c23 | 275 | : "d"(control_word), "b"(key), "c"(count - initial)); |
1da177e4 LT |
276 | } |
277 | ||
476df259 HX |
278 | static inline u8 *padlock_xcrypt_cbc(const u8 *input, u8 *output, void *key, |
279 | u8 *iv, void *control_word, u32 count) | |
28e8c3ad | 280 | { |
8d8409f7 CE |
281 | u32 initial = count & (cbc_fetch_blocks - 1); |
282 | ||
283 | if (count < cbc_fetch_blocks) | |
284 | return cbc_crypt(input, output, key, iv, control_word, count); | |
285 | ||
286 | if (initial) | |
287 | asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */ | |
288 | : "+S" (input), "+D" (output), "+a" (iv) | |
289 | : "d" (control_word), "b" (key), "c" (count)); | |
290 | ||
291 | asm volatile (".byte 0xf3,0x0f,0xa7,0xd0" /* rep xcryptcbc */ | |
28e8c3ad | 292 | : "+S" (input), "+D" (output), "+a" (iv) |
8d8409f7 | 293 | : "d" (control_word), "b" (key), "c" (count-initial)); |
476df259 | 294 | return iv; |
28e8c3ad HX |
295 | } |
296 | ||
6c2bb98b | 297 | static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
1da177e4 | 298 | { |
6c2bb98b | 299 | struct aes_ctx *ctx = aes_ctx(tfm); |
e4914012 | 300 | int ts_state; |
e4914012 | 301 | |
420a4b20 | 302 | padlock_reset_key(&ctx->cword.encrypt); |
e4914012 | 303 | ts_state = irq_ts_save(); |
8d8409f7 | 304 | ecb_crypt(in, out, ctx->E, &ctx->cword.encrypt, 1); |
e4914012 | 305 | irq_ts_restore(ts_state); |
420a4b20 | 306 | padlock_store_cword(&ctx->cword.encrypt); |
1da177e4 LT |
307 | } |
308 | ||
6c2bb98b | 309 | static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) |
1da177e4 | 310 | { |
6c2bb98b | 311 | struct aes_ctx *ctx = aes_ctx(tfm); |
e4914012 | 312 | int ts_state; |
e4914012 | 313 | |
420a4b20 | 314 | padlock_reset_key(&ctx->cword.encrypt); |
e4914012 | 315 | ts_state = irq_ts_save(); |
8d8409f7 | 316 | ecb_crypt(in, out, ctx->D, &ctx->cword.decrypt, 1); |
e4914012 | 317 | irq_ts_restore(ts_state); |
420a4b20 | 318 | padlock_store_cword(&ctx->cword.encrypt); |
1da177e4 LT |
319 | } |
320 | ||
321 | static struct crypto_alg aes_alg = { | |
322 | .cra_name = "aes", | |
c8a19c91 | 323 | .cra_driver_name = "aes-padlock", |
ccc17c34 | 324 | .cra_priority = PADLOCK_CRA_PRIORITY, |
1da177e4 LT |
325 | .cra_flags = CRYPTO_ALG_TYPE_CIPHER, |
326 | .cra_blocksize = AES_BLOCK_SIZE, | |
fbdae9f3 | 327 | .cra_ctxsize = sizeof(struct aes_ctx), |
6789b2dc | 328 | .cra_alignmask = PADLOCK_ALIGNMENT - 1, |
1da177e4 LT |
329 | .cra_module = THIS_MODULE, |
330 | .cra_list = LIST_HEAD_INIT(aes_alg.cra_list), | |
331 | .cra_u = { | |
332 | .cipher = { | |
333 | .cia_min_keysize = AES_MIN_KEY_SIZE, | |
334 | .cia_max_keysize = AES_MAX_KEY_SIZE, | |
335 | .cia_setkey = aes_set_key, | |
336 | .cia_encrypt = aes_encrypt, | |
28e8c3ad | 337 | .cia_decrypt = aes_decrypt, |
1da177e4 LT |
338 | } |
339 | } | |
340 | }; | |
341 | ||
28ce728a HX |
342 | static int ecb_aes_encrypt(struct blkcipher_desc *desc, |
343 | struct scatterlist *dst, struct scatterlist *src, | |
344 | unsigned int nbytes) | |
345 | { | |
346 | struct aes_ctx *ctx = blk_aes_ctx(desc->tfm); | |
347 | struct blkcipher_walk walk; | |
348 | int err; | |
e4914012 | 349 | int ts_state; |
28ce728a | 350 | |
420a4b20 | 351 | padlock_reset_key(&ctx->cword.encrypt); |
866cd902 | 352 | |
28ce728a HX |
353 | blkcipher_walk_init(&walk, dst, src, nbytes); |
354 | err = blkcipher_walk_virt(desc, &walk); | |
355 | ||
e4914012 | 356 | ts_state = irq_ts_save(); |
28ce728a HX |
357 | while ((nbytes = walk.nbytes)) { |
358 | padlock_xcrypt_ecb(walk.src.virt.addr, walk.dst.virt.addr, | |
359 | ctx->E, &ctx->cword.encrypt, | |
360 | nbytes / AES_BLOCK_SIZE); | |
361 | nbytes &= AES_BLOCK_SIZE - 1; | |
362 | err = blkcipher_walk_done(desc, &walk, nbytes); | |
363 | } | |
e4914012 | 364 | irq_ts_restore(ts_state); |
28ce728a | 365 | |
420a4b20 HX |
366 | padlock_store_cword(&ctx->cword.encrypt); |
367 | ||
28ce728a HX |
368 | return err; |
369 | } | |
370 | ||
371 | static int ecb_aes_decrypt(struct blkcipher_desc *desc, | |
372 | struct scatterlist *dst, struct scatterlist *src, | |
373 | unsigned int nbytes) | |
374 | { | |
375 | struct aes_ctx *ctx = blk_aes_ctx(desc->tfm); | |
376 | struct blkcipher_walk walk; | |
377 | int err; | |
e4914012 | 378 | int ts_state; |
28ce728a | 379 | |
420a4b20 | 380 | padlock_reset_key(&ctx->cword.decrypt); |
866cd902 | 381 | |
28ce728a HX |
382 | blkcipher_walk_init(&walk, dst, src, nbytes); |
383 | err = blkcipher_walk_virt(desc, &walk); | |
384 | ||
e4914012 | 385 | ts_state = irq_ts_save(); |
28ce728a HX |
386 | while ((nbytes = walk.nbytes)) { |
387 | padlock_xcrypt_ecb(walk.src.virt.addr, walk.dst.virt.addr, | |
388 | ctx->D, &ctx->cword.decrypt, | |
389 | nbytes / AES_BLOCK_SIZE); | |
390 | nbytes &= AES_BLOCK_SIZE - 1; | |
391 | err = blkcipher_walk_done(desc, &walk, nbytes); | |
392 | } | |
e4914012 | 393 | irq_ts_restore(ts_state); |
420a4b20 HX |
394 | |
395 | padlock_store_cword(&ctx->cword.encrypt); | |
396 | ||
28ce728a HX |
397 | return err; |
398 | } | |
399 | ||
400 | static struct crypto_alg ecb_aes_alg = { | |
401 | .cra_name = "ecb(aes)", | |
402 | .cra_driver_name = "ecb-aes-padlock", | |
403 | .cra_priority = PADLOCK_COMPOSITE_PRIORITY, | |
404 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, | |
405 | .cra_blocksize = AES_BLOCK_SIZE, | |
406 | .cra_ctxsize = sizeof(struct aes_ctx), | |
407 | .cra_alignmask = PADLOCK_ALIGNMENT - 1, | |
408 | .cra_type = &crypto_blkcipher_type, | |
409 | .cra_module = THIS_MODULE, | |
410 | .cra_list = LIST_HEAD_INIT(ecb_aes_alg.cra_list), | |
411 | .cra_u = { | |
412 | .blkcipher = { | |
413 | .min_keysize = AES_MIN_KEY_SIZE, | |
414 | .max_keysize = AES_MAX_KEY_SIZE, | |
415 | .setkey = aes_set_key, | |
416 | .encrypt = ecb_aes_encrypt, | |
417 | .decrypt = ecb_aes_decrypt, | |
418 | } | |
419 | } | |
420 | }; | |
421 | ||
422 | static int cbc_aes_encrypt(struct blkcipher_desc *desc, | |
423 | struct scatterlist *dst, struct scatterlist *src, | |
424 | unsigned int nbytes) | |
425 | { | |
426 | struct aes_ctx *ctx = blk_aes_ctx(desc->tfm); | |
427 | struct blkcipher_walk walk; | |
428 | int err; | |
e4914012 | 429 | int ts_state; |
28ce728a | 430 | |
420a4b20 | 431 | padlock_reset_key(&ctx->cword.encrypt); |
866cd902 | 432 | |
28ce728a HX |
433 | blkcipher_walk_init(&walk, dst, src, nbytes); |
434 | err = blkcipher_walk_virt(desc, &walk); | |
435 | ||
e4914012 | 436 | ts_state = irq_ts_save(); |
28ce728a HX |
437 | while ((nbytes = walk.nbytes)) { |
438 | u8 *iv = padlock_xcrypt_cbc(walk.src.virt.addr, | |
439 | walk.dst.virt.addr, ctx->E, | |
440 | walk.iv, &ctx->cword.encrypt, | |
441 | nbytes / AES_BLOCK_SIZE); | |
442 | memcpy(walk.iv, iv, AES_BLOCK_SIZE); | |
443 | nbytes &= AES_BLOCK_SIZE - 1; | |
444 | err = blkcipher_walk_done(desc, &walk, nbytes); | |
445 | } | |
e4914012 | 446 | irq_ts_restore(ts_state); |
28ce728a | 447 | |
420a4b20 HX |
448 | padlock_store_cword(&ctx->cword.decrypt); |
449 | ||
28ce728a HX |
450 | return err; |
451 | } | |
452 | ||
453 | static int cbc_aes_decrypt(struct blkcipher_desc *desc, | |
454 | struct scatterlist *dst, struct scatterlist *src, | |
455 | unsigned int nbytes) | |
456 | { | |
457 | struct aes_ctx *ctx = blk_aes_ctx(desc->tfm); | |
458 | struct blkcipher_walk walk; | |
459 | int err; | |
e4914012 | 460 | int ts_state; |
28ce728a | 461 | |
420a4b20 | 462 | padlock_reset_key(&ctx->cword.encrypt); |
866cd902 | 463 | |
28ce728a HX |
464 | blkcipher_walk_init(&walk, dst, src, nbytes); |
465 | err = blkcipher_walk_virt(desc, &walk); | |
466 | ||
e4914012 | 467 | ts_state = irq_ts_save(); |
28ce728a HX |
468 | while ((nbytes = walk.nbytes)) { |
469 | padlock_xcrypt_cbc(walk.src.virt.addr, walk.dst.virt.addr, | |
470 | ctx->D, walk.iv, &ctx->cword.decrypt, | |
471 | nbytes / AES_BLOCK_SIZE); | |
472 | nbytes &= AES_BLOCK_SIZE - 1; | |
473 | err = blkcipher_walk_done(desc, &walk, nbytes); | |
474 | } | |
475 | ||
e4914012 | 476 | irq_ts_restore(ts_state); |
420a4b20 HX |
477 | |
478 | padlock_store_cword(&ctx->cword.encrypt); | |
479 | ||
28ce728a HX |
480 | return err; |
481 | } | |
482 | ||
483 | static struct crypto_alg cbc_aes_alg = { | |
484 | .cra_name = "cbc(aes)", | |
485 | .cra_driver_name = "cbc-aes-padlock", | |
486 | .cra_priority = PADLOCK_COMPOSITE_PRIORITY, | |
487 | .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, | |
488 | .cra_blocksize = AES_BLOCK_SIZE, | |
489 | .cra_ctxsize = sizeof(struct aes_ctx), | |
490 | .cra_alignmask = PADLOCK_ALIGNMENT - 1, | |
491 | .cra_type = &crypto_blkcipher_type, | |
492 | .cra_module = THIS_MODULE, | |
493 | .cra_list = LIST_HEAD_INIT(cbc_aes_alg.cra_list), | |
494 | .cra_u = { | |
495 | .blkcipher = { | |
496 | .min_keysize = AES_MIN_KEY_SIZE, | |
497 | .max_keysize = AES_MAX_KEY_SIZE, | |
498 | .ivsize = AES_BLOCK_SIZE, | |
499 | .setkey = aes_set_key, | |
500 | .encrypt = cbc_aes_encrypt, | |
501 | .decrypt = cbc_aes_decrypt, | |
502 | } | |
503 | } | |
504 | }; | |
505 | ||
1191f0a4 | 506 | static int __init padlock_init(void) |
1da177e4 | 507 | { |
1191f0a4 | 508 | int ret; |
a76c1c23 | 509 | struct cpuinfo_x86 *c = &cpu_data(0); |
1191f0a4 ML |
510 | |
511 | if (!cpu_has_xcrypt) { | |
b43e726b | 512 | printk(KERN_NOTICE PFX "VIA PadLock not detected.\n"); |
1191f0a4 ML |
513 | return -ENODEV; |
514 | } | |
515 | ||
516 | if (!cpu_has_xcrypt_enabled) { | |
b43e726b | 517 | printk(KERN_NOTICE PFX "VIA PadLock detected, but not enabled. Hmm, strange...\n"); |
1191f0a4 ML |
518 | return -ENODEV; |
519 | } | |
1da177e4 | 520 | |
28ce728a HX |
521 | if ((ret = crypto_register_alg(&aes_alg))) |
522 | goto aes_err; | |
523 | ||
524 | if ((ret = crypto_register_alg(&ecb_aes_alg))) | |
525 | goto ecb_aes_err; | |
526 | ||
527 | if ((ret = crypto_register_alg(&cbc_aes_alg))) | |
528 | goto cbc_aes_err; | |
1191f0a4 ML |
529 | |
530 | printk(KERN_NOTICE PFX "Using VIA PadLock ACE for AES algorithm.\n"); | |
531 | ||
a76c1c23 | 532 | if (c->x86 == 6 && c->x86_model == 15 && c->x86_mask == 2) { |
8d8409f7 CE |
533 | ecb_fetch_blocks = MAX_ECB_FETCH_BLOCKS; |
534 | cbc_fetch_blocks = MAX_CBC_FETCH_BLOCKS; | |
a76c1c23 CE |
535 | printk(KERN_NOTICE PFX "VIA Nano stepping 2 detected: enabling workaround.\n"); |
536 | } | |
537 | ||
28ce728a | 538 | out: |
1191f0a4 | 539 | return ret; |
28ce728a HX |
540 | |
541 | cbc_aes_err: | |
542 | crypto_unregister_alg(&ecb_aes_alg); | |
543 | ecb_aes_err: | |
544 | crypto_unregister_alg(&aes_alg); | |
545 | aes_err: | |
546 | printk(KERN_ERR PFX "VIA PadLock AES initialization failed.\n"); | |
547 | goto out; | |
1da177e4 LT |
548 | } |
549 | ||
1191f0a4 | 550 | static void __exit padlock_fini(void) |
1da177e4 | 551 | { |
28ce728a HX |
552 | crypto_unregister_alg(&cbc_aes_alg); |
553 | crypto_unregister_alg(&ecb_aes_alg); | |
1da177e4 LT |
554 | crypto_unregister_alg(&aes_alg); |
555 | } | |
1191f0a4 ML |
556 | |
557 | module_init(padlock_init); | |
558 | module_exit(padlock_fini); | |
559 | ||
560 | MODULE_DESCRIPTION("VIA PadLock AES algorithm support"); | |
561 | MODULE_LICENSE("GPL"); | |
562 | MODULE_AUTHOR("Michal Ludvig"); | |
563 | ||
acd246b7 | 564 | MODULE_ALIAS("aes"); |