+4 -4

arch/x86/crypto/Kconfig

reviewed

··· 189 189 Processes 16 blocks in parallel. 190 190 191 191 config CRYPTO_SM4_AESNI_AVX_X86_64 192 192 - tristate "Ciphers: SM4 with modes: ECB, CBC, CFB, CTR (AES-NI/AVX)" 192 192 + tristate "Ciphers: SM4 with modes: ECB, CBC, CTR (AES-NI/AVX)" 193 193 depends on X86 && 64BIT 194 194 select CRYPTO_SKCIPHER 195 195 select CRYPTO_SIMD ··· 197 197 select CRYPTO_SM4 198 198 help 199 199 Length-preserving ciphers: SM4 cipher algorithms 200 200 - (OSCCA GB/T 32907-2016) with ECB, CBC, CFB, and CTR modes 200 200 + (OSCCA GB/T 32907-2016) with ECB, CBC, and CTR modes 201 201 202 202 Architecture: x86_64 using: 203 203 - AES-NI (AES New Instructions) ··· 210 210 If unsure, say N. 211 211 212 212 config CRYPTO_SM4_AESNI_AVX2_X86_64 213 213 - tristate "Ciphers: SM4 with modes: ECB, CBC, CFB, CTR (AES-NI/AVX2)" 213 213 + tristate "Ciphers: SM4 with modes: ECB, CBC, CTR (AES-NI/AVX2)" 214 214 depends on X86 && 64BIT 215 215 select CRYPTO_SKCIPHER 216 216 select CRYPTO_SIMD ··· 219 219 select CRYPTO_SM4_AESNI_AVX_X86_64 220 220 help 221 221 Length-preserving ciphers: SM4 cipher algorithms 222 222 - (OSCCA GB/T 32907-2016) with ECB, CBC, CFB, and CTR modes 222 222 + (OSCCA GB/T 32907-2016) with ECB, CBC, and CTR modes 223 223 224 224 Architecture: x86_64 using: 225 225 - AES-NI (AES New Instructions)

-52

arch/x86/crypto/sm4-aesni-avx-asm_64.S

reviewed

··· 534 534 FRAME_END 535 535 RET; 536 536 SYM_FUNC_END(sm4_aesni_avx_cbc_dec_blk8) 537 537 - 538 538 - /* 539 539 - * void sm4_aesni_avx_cfb_dec_blk8(const u32 *rk, u8 *dst, 540 540 - * const u8 *src, u8 *iv) 541 541 - */ 542 542 - SYM_TYPED_FUNC_START(sm4_aesni_avx_cfb_dec_blk8) 543 543 - /* input: 544 544 - * %rdi: round key array, CTX 545 545 - * %rsi: dst (8 blocks) 546 546 - * %rdx: src (8 blocks) 547 547 - * %rcx: iv 548 548 - */ 549 549 - FRAME_BEGIN 550 550 - 551 551 - /* Load input */ 552 552 - vmovdqu (%rcx), RA0; 553 553 - vmovdqu 0 * 16(%rdx), RA1; 554 554 - vmovdqu 1 * 16(%rdx), RA2; 555 555 - vmovdqu 2 * 16(%rdx), RA3; 556 556 - vmovdqu 3 * 16(%rdx), RB0; 557 557 - vmovdqu 4 * 16(%rdx), RB1; 558 558 - vmovdqu 5 * 16(%rdx), RB2; 559 559 - vmovdqu 6 * 16(%rdx), RB3; 560 560 - 561 561 - /* Update IV */ 562 562 - vmovdqu 7 * 16(%rdx), RNOT; 563 563 - vmovdqu RNOT, (%rcx); 564 564 - 565 565 - call __sm4_crypt_blk8; 566 566 - 567 567 - vpxor (0 * 16)(%rdx), RA0, RA0; 568 568 - vpxor (1 * 16)(%rdx), RA1, RA1; 569 569 - vpxor (2 * 16)(%rdx), RA2, RA2; 570 570 - vpxor (3 * 16)(%rdx), RA3, RA3; 571 571 - vpxor (4 * 16)(%rdx), RB0, RB0; 572 572 - vpxor (5 * 16)(%rdx), RB1, RB1; 573 573 - vpxor (6 * 16)(%rdx), RB2, RB2; 574 574 - vpxor (7 * 16)(%rdx), RB3, RB3; 575 575 - 576 576 - vmovdqu RA0, (0 * 16)(%rsi); 577 577 - vmovdqu RA1, (1 * 16)(%rsi); 578 578 - vmovdqu RA2, (2 * 16)(%rsi); 579 579 - vmovdqu RA3, (3 * 16)(%rsi); 580 580 - vmovdqu RB0, (4 * 16)(%rsi); 581 581 - vmovdqu RB1, (5 * 16)(%rsi); 582 582 - vmovdqu RB2, (6 * 16)(%rsi); 583 583 - vmovdqu RB3, (7 * 16)(%rsi); 584 584 - 585 585 - vzeroall; 586 586 - FRAME_END 587 587 - RET; 588 588 - SYM_FUNC_END(sm4_aesni_avx_cfb_dec_blk8)

-55

arch/x86/crypto/sm4-aesni-avx2-asm_64.S

reviewed

··· 439 439 FRAME_END 440 440 RET; 441 441 SYM_FUNC_END(sm4_aesni_avx2_cbc_dec_blk16) 442 442 - 443 443 - /* 444 444 - * void sm4_aesni_avx2_cfb_dec_blk16(const u32 *rk, u8 *dst, 445 445 - * const u8 *src, u8 *iv) 446 446 - */ 447 447 - SYM_TYPED_FUNC_START(sm4_aesni_avx2_cfb_dec_blk16) 448 448 - /* input: 449 449 - * %rdi: round key array, CTX 450 450 - * %rsi: dst (16 blocks) 451 451 - * %rdx: src (16 blocks) 452 452 - * %rcx: iv 453 453 - */ 454 454 - FRAME_BEGIN 455 455 - 456 456 - vzeroupper; 457 457 - 458 458 - /* Load input */ 459 459 - vmovdqu (%rcx), RNOTx; 460 460 - vinserti128 $1, (%rdx), RNOT, RA0; 461 461 - vmovdqu (0 * 32 + 16)(%rdx), RA1; 462 462 - vmovdqu (1 * 32 + 16)(%rdx), RA2; 463 463 - vmovdqu (2 * 32 + 16)(%rdx), RA3; 464 464 - vmovdqu (3 * 32 + 16)(%rdx), RB0; 465 465 - vmovdqu (4 * 32 + 16)(%rdx), RB1; 466 466 - vmovdqu (5 * 32 + 16)(%rdx), RB2; 467 467 - vmovdqu (6 * 32 + 16)(%rdx), RB3; 468 468 - 469 469 - /* Update IV */ 470 470 - vmovdqu (7 * 32 + 16)(%rdx), RNOTx; 471 471 - vmovdqu RNOTx, (%rcx); 472 472 - 473 473 - call __sm4_crypt_blk16; 474 474 - 475 475 - vpxor (0 * 32)(%rdx), RA0, RA0; 476 476 - vpxor (1 * 32)(%rdx), RA1, RA1; 477 477 - vpxor (2 * 32)(%rdx), RA2, RA2; 478 478 - vpxor (3 * 32)(%rdx), RA3, RA3; 479 479 - vpxor (4 * 32)(%rdx), RB0, RB0; 480 480 - vpxor (5 * 32)(%rdx), RB1, RB1; 481 481 - vpxor (6 * 32)(%rdx), RB2, RB2; 482 482 - vpxor (7 * 32)(%rdx), RB3, RB3; 483 483 - 484 484 - vmovdqu RA0, (0 * 32)(%rsi); 485 485 - vmovdqu RA1, (1 * 32)(%rsi); 486 486 - vmovdqu RA2, (2 * 32)(%rsi); 487 487 - vmovdqu RA3, (3 * 32)(%rsi); 488 488 - vmovdqu RB0, (4 * 32)(%rsi); 489 489 - vmovdqu RB1, (5 * 32)(%rsi); 490 490 - vmovdqu RB2, (6 * 32)(%rsi); 491 491 - vmovdqu RB3, (7 * 32)(%rsi); 492 492 - 493 493 - vzeroall; 494 494 - FRAME_END 495 495 - RET; 496 496 - SYM_FUNC_END(sm4_aesni_avx2_cfb_dec_blk16)

-4

arch/x86/crypto/sm4-avx.h

reviewed

··· 14 14 int sm4_avx_cbc_decrypt(struct skcipher_request *req, 15 15 unsigned int bsize, sm4_crypt_func func); 16 16 17 17 - int sm4_cfb_encrypt(struct skcipher_request *req); 18 18 - int sm4_avx_cfb_decrypt(struct skcipher_request *req, 19 19 - unsigned int bsize, sm4_crypt_func func); 20 20 - 21 17 int sm4_avx_ctr_crypt(struct skcipher_request *req, 22 18 unsigned int bsize, sm4_crypt_func func); 23 19

-26

arch/x86/crypto/sm4_aesni_avx2_glue.c

reviewed

··· 23 23 const u8 *src, u8 *iv); 24 24 asmlinkage void sm4_aesni_avx2_cbc_dec_blk16(const u32 *rk, u8 *dst, 25 25 const u8 *src, u8 *iv); 26 26 - asmlinkage void sm4_aesni_avx2_cfb_dec_blk16(const u32 *rk, u8 *dst, 27 27 - const u8 *src, u8 *iv); 28 26 29 27 static int sm4_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, 30 28 unsigned int key_len) ··· 38 40 sm4_aesni_avx2_cbc_dec_blk16); 39 41 } 40 42 41 41 - 42 42 - static int cfb_decrypt(struct skcipher_request *req) 43 43 - { 44 44 - return sm4_avx_cfb_decrypt(req, SM4_CRYPT16_BLOCK_SIZE, 45 45 - sm4_aesni_avx2_cfb_dec_blk16); 46 46 - } 47 43 48 44 static int ctr_crypt(struct skcipher_request *req) 49 45 { ··· 79 87 .setkey = sm4_skcipher_setkey, 80 88 .encrypt = sm4_cbc_encrypt, 81 89 .decrypt = cbc_decrypt, 82 82 - }, { 83 83 - .base = { 84 84 - .cra_name = "__cfb(sm4)", 85 85 - .cra_driver_name = "__cfb-sm4-aesni-avx2", 86 86 - .cra_priority = 500, 87 87 - .cra_flags = CRYPTO_ALG_INTERNAL, 88 88 - .cra_blocksize = 1, 89 89 - .cra_ctxsize = sizeof(struct sm4_ctx), 90 90 - .cra_module = THIS_MODULE, 91 91 - }, 92 92 - .min_keysize = SM4_KEY_SIZE, 93 93 - .max_keysize = SM4_KEY_SIZE, 94 94 - .ivsize = SM4_BLOCK_SIZE, 95 95 - .chunksize = SM4_BLOCK_SIZE, 96 96 - .walksize = 16 * SM4_BLOCK_SIZE, 97 97 - .setkey = sm4_skcipher_setkey, 98 98 - .encrypt = sm4_cfb_encrypt, 99 99 - .decrypt = cfb_decrypt, 100 90 }, { 101 91 .base = { 102 92 .cra_name = "__ctr(sm4)",

-130

arch/x86/crypto/sm4_aesni_avx_glue.c

reviewed

··· 27 27 const u8 *src, u8 *iv); 28 28 asmlinkage void sm4_aesni_avx_cbc_dec_blk8(const u32 *rk, u8 *dst, 29 29 const u8 *src, u8 *iv); 30 30 - asmlinkage void sm4_aesni_avx_cfb_dec_blk8(const u32 *rk, u8 *dst, 31 31 - const u8 *src, u8 *iv); 32 30 33 31 static int sm4_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, 34 32 unsigned int key_len) ··· 186 188 sm4_aesni_avx_cbc_dec_blk8); 187 189 } 188 190 189 189 - int sm4_cfb_encrypt(struct skcipher_request *req) 190 190 - { 191 191 - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 192 192 - struct sm4_ctx *ctx = crypto_skcipher_ctx(tfm); 193 193 - struct skcipher_walk walk; 194 194 - unsigned int nbytes; 195 195 - int err; 196 196 - 197 197 - err = skcipher_walk_virt(&walk, req, false); 198 198 - 199 199 - while ((nbytes = walk.nbytes) > 0) { 200 200 - u8 keystream[SM4_BLOCK_SIZE]; 201 201 - const u8 *iv = walk.iv; 202 202 - const u8 *src = walk.src.virt.addr; 203 203 - u8 *dst = walk.dst.virt.addr; 204 204 - 205 205 - while (nbytes >= SM4_BLOCK_SIZE) { 206 206 - sm4_crypt_block(ctx->rkey_enc, keystream, iv); 207 207 - crypto_xor_cpy(dst, src, keystream, SM4_BLOCK_SIZE); 208 208 - iv = dst; 209 209 - src += SM4_BLOCK_SIZE; 210 210 - dst += SM4_BLOCK_SIZE; 211 211 - nbytes -= SM4_BLOCK_SIZE; 212 212 - } 213 213 - if (iv != walk.iv) 214 214 - memcpy(walk.iv, iv, SM4_BLOCK_SIZE); 215 215 - 216 216 - /* tail */ 217 217 - if (walk.nbytes == walk.total && nbytes > 0) { 218 218 - sm4_crypt_block(ctx->rkey_enc, keystream, walk.iv); 219 219 - crypto_xor_cpy(dst, src, keystream, nbytes); 220 220 - nbytes = 0; 221 221 - } 222 222 - 223 223 - err = skcipher_walk_done(&walk, nbytes); 224 224 - } 225 225 - 226 226 - return err; 227 227 - } 228 228 - EXPORT_SYMBOL_GPL(sm4_cfb_encrypt); 229 229 - 230 230 - int sm4_avx_cfb_decrypt(struct skcipher_request *req, 231 231 - unsigned int bsize, sm4_crypt_func func) 232 232 - { 233 233 - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); 234 234 - struct sm4_ctx *ctx = crypto_skcipher_ctx(tfm); 235 235 - struct skcipher_walk walk; 236 236 - unsigned int nbytes; 237 237 - int err; 238 238 - 239 239 - err = skcipher_walk_virt(&walk, req, false); 240 240 - 241 241 - while ((nbytes = walk.nbytes) > 0) { 242 242 - const u8 *src = walk.src.virt.addr; 243 243 - u8 *dst = walk.dst.virt.addr; 244 244 - 245 245 - kernel_fpu_begin(); 246 246 - 247 247 - while (nbytes >= bsize) { 248 248 - func(ctx->rkey_enc, dst, src, walk.iv); 249 249 - dst += bsize; 250 250 - src += bsize; 251 251 - nbytes -= bsize; 252 252 - } 253 253 - 254 254 - while (nbytes >= SM4_BLOCK_SIZE) { 255 255 - u8 keystream[SM4_BLOCK_SIZE * 8]; 256 256 - unsigned int nblocks = min(nbytes >> 4, 8u); 257 257 - 258 258 - memcpy(keystream, walk.iv, SM4_BLOCK_SIZE); 259 259 - if (nblocks > 1) 260 260 - memcpy(&keystream[SM4_BLOCK_SIZE], src, 261 261 - (nblocks - 1) * SM4_BLOCK_SIZE); 262 262 - memcpy(walk.iv, src + (nblocks - 1) * SM4_BLOCK_SIZE, 263 263 - SM4_BLOCK_SIZE); 264 264 - 265 265 - sm4_aesni_avx_crypt8(ctx->rkey_enc, keystream, 266 266 - keystream, nblocks); 267 267 - 268 268 - crypto_xor_cpy(dst, src, keystream, 269 269 - nblocks * SM4_BLOCK_SIZE); 270 270 - dst += nblocks * SM4_BLOCK_SIZE; 271 271 - src += nblocks * SM4_BLOCK_SIZE; 272 272 - nbytes -= nblocks * SM4_BLOCK_SIZE; 273 273 - } 274 274 - 275 275 - kernel_fpu_end(); 276 276 - 277 277 - /* tail */ 278 278 - if (walk.nbytes == walk.total && nbytes > 0) { 279 279 - u8 keystream[SM4_BLOCK_SIZE]; 280 280 - 281 281 - sm4_crypt_block(ctx->rkey_enc, keystream, walk.iv); 282 282 - crypto_xor_cpy(dst, src, keystream, nbytes); 283 283 - nbytes = 0; 284 284 - } 285 285 - 286 286 - err = skcipher_walk_done(&walk, nbytes); 287 287 - } 288 288 - 289 289 - return err; 290 290 - } 291 291 - EXPORT_SYMBOL_GPL(sm4_avx_cfb_decrypt); 292 292 - 293 293 - static int cfb_decrypt(struct skcipher_request *req) 294 294 - { 295 295 - return sm4_avx_cfb_decrypt(req, SM4_CRYPT8_BLOCK_SIZE, 296 296 - sm4_aesni_avx_cfb_dec_blk8); 297 297 - } 298 298 - 299 191 int sm4_avx_ctr_crypt(struct skcipher_request *req, 300 192 unsigned int bsize, sm4_crypt_func func) 301 193 { ··· 294 406 .setkey = sm4_skcipher_setkey, 295 407 .encrypt = sm4_cbc_encrypt, 296 408 .decrypt = cbc_decrypt, 297 297 - }, { 298 298 - .base = { 299 299 - .cra_name = "__cfb(sm4)", 300 300 - .cra_driver_name = "__cfb-sm4-aesni-avx", 301 301 - .cra_priority = 400, 302 302 - .cra_flags = CRYPTO_ALG_INTERNAL, 303 303 - .cra_blocksize = 1, 304 304 - .cra_ctxsize = sizeof(struct sm4_ctx), 305 305 - .cra_module = THIS_MODULE, 306 306 - }, 307 307 - .min_keysize = SM4_KEY_SIZE, 308 308 - .max_keysize = SM4_KEY_SIZE, 309 309 - .ivsize = SM4_BLOCK_SIZE, 310 310 - .chunksize = SM4_BLOCK_SIZE, 311 311 - .walksize = 8 * SM4_BLOCK_SIZE, 312 312 - .setkey = sm4_skcipher_setkey, 313 313 - .encrypt = sm4_cfb_encrypt, 314 314 - .decrypt = cfb_decrypt, 315 409 }, { 316 410 .base = { 317 411 .cra_name = "__ctr(sm4)",