1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or https://opensource.org/licenses/CDDL-1.0. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 23 */ 24 25 #if defined(__x86_64) && defined(HAVE_AES) 26 27 #include <sys/simd.h> 28 #include <sys/types.h> 29 30 /* These functions are used to execute AES-NI instructions: */ 31 extern int rijndael_key_setup_enc_intel(uint32_t rk[], 32 const uint32_t cipherKey[], uint64_t keyBits); 33 extern int rijndael_key_setup_dec_intel(uint32_t rk[], 34 const uint32_t cipherKey[], uint64_t keyBits); 35 extern void aes_encrypt_intel(const uint32_t rk[], int Nr, 36 const uint32_t pt[4], uint32_t ct[4]); 37 extern void aes_decrypt_intel(const uint32_t rk[], int Nr, 38 const uint32_t ct[4], uint32_t pt[4]); 39 40 41 #include <aes/aes_impl.h> 42 43 /* 44 * Expand the 32-bit AES cipher key array into the encryption and decryption 45 * key schedules. 46 * 47 * Parameters: 48 * key AES key schedule to be initialized 49 * keyarr32 User key 50 * keyBits AES key size (128, 192, or 256 bits) 51 */ 52 static void 53 aes_aesni_generate(aes_key_t *key, const uint32_t *keyarr32, int keybits) 54 { 55 kfpu_begin(); 56 key->nr = rijndael_key_setup_enc_intel(&(key->encr_ks.ks32[0]), 57 keyarr32, keybits); 58 key->nr = rijndael_key_setup_dec_intel(&(key->decr_ks.ks32[0]), 59 keyarr32, keybits); 60 kfpu_end(); 61 } 62 63 /* 64 * Encrypt one block of data. The block is assumed to be an array 65 * of four uint32_t values, so copy for alignment (and byte-order 66 * reversal for little endian systems might be necessary on the 67 * input and output byte streams. 68 * The size of the key schedule depends on the number of rounds 69 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 70 * 71 * Parameters: 72 * rk Key schedule, of aes_ks_t (60 32-bit integers) 73 * Nr Number of rounds 74 * pt Input block (plain text) 75 * ct Output block (crypto text). Can overlap with pt 76 */ 77 static void 78 aes_aesni_encrypt(const uint32_t rk[], int Nr, const uint32_t pt[4], 79 uint32_t ct[4]) 80 { 81 kfpu_begin(); 82 aes_encrypt_intel(rk, Nr, pt, ct); 83 kfpu_end(); 84 } 85 86 /* 87 * Decrypt one block of data. The block is assumed to be an array 88 * of four uint32_t values, so copy for alignment (and byte-order 89 * reversal for little endian systems might be necessary on the 90 * input and output byte streams. 91 * The size of the key schedule depends on the number of rounds 92 * (which can be computed from the size of the key), i.e. 4*(Nr + 1). 93 * 94 * Parameters: 95 * rk Key schedule, of aes_ks_t (60 32-bit integers) 96 * Nr Number of rounds 97 * ct Input block (crypto text) 98 * pt Output block (plain text). Can overlap with pt 99 */ 100 static void 101 aes_aesni_decrypt(const uint32_t rk[], int Nr, const uint32_t ct[4], 102 uint32_t pt[4]) 103 { 104 kfpu_begin(); 105 aes_decrypt_intel(rk, Nr, ct, pt); 106 kfpu_end(); 107 } 108 109 static boolean_t 110 aes_aesni_will_work(void) 111 { 112 return (kfpu_allowed() && zfs_aes_available()); 113 } 114 115 const aes_impl_ops_t aes_aesni_impl = { 116 .generate = &aes_aesni_generate, 117 .encrypt = &aes_aesni_encrypt, 118 .decrypt = &aes_aesni_decrypt, 119 .is_supported = &aes_aesni_will_work, 120 .needs_byteswap = B_FALSE, 121 .name = "aesni" 122 }; 123 124 #endif /* defined(__x86_64) && defined(HAVE_AES) */ 125