1eda14cbcSMatt Macy /* 2eda14cbcSMatt Macy * CDDL HEADER START 3eda14cbcSMatt Macy * 4eda14cbcSMatt Macy * The contents of this file are subject to the terms of the 5eda14cbcSMatt Macy * Common Development and Distribution License (the "License"). 6eda14cbcSMatt Macy * You may not use this file except in compliance with the License. 7eda14cbcSMatt Macy * 8eda14cbcSMatt Macy * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9271171e0SMartin Matuska * or https://opensource.org/licenses/CDDL-1.0. 10eda14cbcSMatt Macy * See the License for the specific language governing permissions 11eda14cbcSMatt Macy * and limitations under the License. 12eda14cbcSMatt Macy * 13eda14cbcSMatt Macy * When distributing Covered Code, include this CDDL HEADER in each 14eda14cbcSMatt Macy * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15eda14cbcSMatt Macy * If applicable, add the following below this CDDL HEADER, with the 16eda14cbcSMatt Macy * fields enclosed by brackets "[]" replaced with your own identifying 17eda14cbcSMatt Macy * information: Portions Copyright [yyyy] [name of copyright owner] 18eda14cbcSMatt Macy * 19eda14cbcSMatt Macy * CDDL HEADER END 20eda14cbcSMatt Macy */ 21eda14cbcSMatt Macy /* 22eda14cbcSMatt Macy * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23eda14cbcSMatt Macy * Use is subject to license terms. 24eda14cbcSMatt Macy */ 25eda14cbcSMatt Macy 26eda14cbcSMatt Macy #ifndef _AES_IMPL_H 27eda14cbcSMatt Macy #define _AES_IMPL_H 28eda14cbcSMatt Macy 29eda14cbcSMatt Macy /* 30eda14cbcSMatt Macy * Common definitions used by AES. 31eda14cbcSMatt Macy */ 32eda14cbcSMatt Macy 33eda14cbcSMatt Macy #ifdef __cplusplus 34eda14cbcSMatt Macy extern "C" { 35eda14cbcSMatt Macy #endif 36eda14cbcSMatt Macy 37eda14cbcSMatt Macy #include <sys/zfs_context.h> 38eda14cbcSMatt Macy #include <sys/crypto/common.h> 39*15f0b8c3SMartin Matuska #include <sys/asm_linkage.h> 40eda14cbcSMatt Macy 41eda14cbcSMatt Macy /* Similar to sysmacros.h IS_P2ALIGNED, but checks two pointers: */ 42eda14cbcSMatt Macy #define IS_P2ALIGNED2(v, w, a) \ 43eda14cbcSMatt Macy ((((uintptr_t)(v) | (uintptr_t)(w)) & ((uintptr_t)(a) - 1)) == 0) 44eda14cbcSMatt Macy 45eda14cbcSMatt Macy #define AES_BLOCK_LEN 16 /* bytes */ 46eda14cbcSMatt Macy /* Round constant length, in number of 32-bit elements: */ 47eda14cbcSMatt Macy #define RC_LENGTH (5 * ((AES_BLOCK_LEN) / 4 - 2)) 48eda14cbcSMatt Macy 49eda14cbcSMatt Macy #define AES_COPY_BLOCK(src, dst) \ 50eda14cbcSMatt Macy (dst)[0] = (src)[0]; \ 51eda14cbcSMatt Macy (dst)[1] = (src)[1]; \ 52eda14cbcSMatt Macy (dst)[2] = (src)[2]; \ 53eda14cbcSMatt Macy (dst)[3] = (src)[3]; \ 54eda14cbcSMatt Macy (dst)[4] = (src)[4]; \ 55eda14cbcSMatt Macy (dst)[5] = (src)[5]; \ 56eda14cbcSMatt Macy (dst)[6] = (src)[6]; \ 57eda14cbcSMatt Macy (dst)[7] = (src)[7]; \ 58eda14cbcSMatt Macy (dst)[8] = (src)[8]; \ 59eda14cbcSMatt Macy (dst)[9] = (src)[9]; \ 60eda14cbcSMatt Macy (dst)[10] = (src)[10]; \ 61eda14cbcSMatt Macy (dst)[11] = (src)[11]; \ 62eda14cbcSMatt Macy (dst)[12] = (src)[12]; \ 63eda14cbcSMatt Macy (dst)[13] = (src)[13]; \ 64eda14cbcSMatt Macy (dst)[14] = (src)[14]; \ 65eda14cbcSMatt Macy (dst)[15] = (src)[15] 66eda14cbcSMatt Macy 67eda14cbcSMatt Macy #define AES_XOR_BLOCK(src, dst) \ 68eda14cbcSMatt Macy (dst)[0] ^= (src)[0]; \ 69eda14cbcSMatt Macy (dst)[1] ^= (src)[1]; \ 70eda14cbcSMatt Macy (dst)[2] ^= (src)[2]; \ 71eda14cbcSMatt Macy (dst)[3] ^= (src)[3]; \ 72eda14cbcSMatt Macy (dst)[4] ^= (src)[4]; \ 73eda14cbcSMatt Macy (dst)[5] ^= (src)[5]; \ 74eda14cbcSMatt Macy (dst)[6] ^= (src)[6]; \ 75eda14cbcSMatt Macy (dst)[7] ^= (src)[7]; \ 76eda14cbcSMatt Macy (dst)[8] ^= (src)[8]; \ 77eda14cbcSMatt Macy (dst)[9] ^= (src)[9]; \ 78eda14cbcSMatt Macy (dst)[10] ^= (src)[10]; \ 79eda14cbcSMatt Macy (dst)[11] ^= (src)[11]; \ 80eda14cbcSMatt Macy (dst)[12] ^= (src)[12]; \ 81eda14cbcSMatt Macy (dst)[13] ^= (src)[13]; \ 82eda14cbcSMatt Macy (dst)[14] ^= (src)[14]; \ 83eda14cbcSMatt Macy (dst)[15] ^= (src)[15] 84eda14cbcSMatt Macy 85eda14cbcSMatt Macy /* AES key size definitions */ 86eda14cbcSMatt Macy #define AES_MINBITS 128 87eda14cbcSMatt Macy #define AES_MAXBITS 256 88eda14cbcSMatt Macy 89eda14cbcSMatt Macy /* AES key schedule may be implemented with 32- or 64-bit elements: */ 90eda14cbcSMatt Macy #define AES_32BIT_KS 32 91eda14cbcSMatt Macy #define AES_64BIT_KS 64 92eda14cbcSMatt Macy 93eda14cbcSMatt Macy #define MAX_AES_NR 14 /* Maximum number of rounds */ 94eda14cbcSMatt Macy #define MAX_AES_NB 4 /* Number of columns comprising a state */ 95eda14cbcSMatt Macy 96eda14cbcSMatt Macy typedef union { 97eda14cbcSMatt Macy #ifdef sun4u 98eda14cbcSMatt Macy uint64_t ks64[((MAX_AES_NR) + 1) * (MAX_AES_NB)]; 99eda14cbcSMatt Macy #endif 100eda14cbcSMatt Macy uint32_t ks32[((MAX_AES_NR) + 1) * (MAX_AES_NB)]; 101eda14cbcSMatt Macy } aes_ks_t; 102eda14cbcSMatt Macy 103eda14cbcSMatt Macy typedef struct aes_impl_ops aes_impl_ops_t; 104eda14cbcSMatt Macy 105eda14cbcSMatt Macy /* 106eda14cbcSMatt Macy * The absolute offset of the encr_ks (0) and the nr (504) fields are hard 107eda14cbcSMatt Macy * coded in aesni-gcm-x86_64, so please don't change (or adjust accordingly). 108eda14cbcSMatt Macy */ 109eda14cbcSMatt Macy typedef struct aes_key aes_key_t; 110eda14cbcSMatt Macy struct aes_key { 111eda14cbcSMatt Macy aes_ks_t encr_ks; /* encryption key schedule */ 112eda14cbcSMatt Macy aes_ks_t decr_ks; /* decryption key schedule */ 113eda14cbcSMatt Macy #ifdef __amd64 114eda14cbcSMatt Macy long double align128; /* Align fields above for Intel AES-NI */ 115eda14cbcSMatt Macy #endif /* __amd64 */ 116eda14cbcSMatt Macy const aes_impl_ops_t *ops; /* ops associated with this schedule */ 117eda14cbcSMatt Macy int nr; /* number of rounds (10, 12, or 14) */ 118eda14cbcSMatt Macy int type; /* key schedule size (32 or 64 bits) */ 119eda14cbcSMatt Macy }; 120eda14cbcSMatt Macy 121eda14cbcSMatt Macy /* 122eda14cbcSMatt Macy * Core AES functions. 123eda14cbcSMatt Macy * ks and keysched are pointers to aes_key_t. 124eda14cbcSMatt Macy * They are declared void* as they are intended to be opaque types. 125eda14cbcSMatt Macy * Use function aes_alloc_keysched() to allocate memory for ks and keysched. 126eda14cbcSMatt Macy */ 127eda14cbcSMatt Macy extern void *aes_alloc_keysched(size_t *size, int kmflag); 128eda14cbcSMatt Macy extern void aes_init_keysched(const uint8_t *cipherKey, uint_t keyBits, 129eda14cbcSMatt Macy void *keysched); 130eda14cbcSMatt Macy extern int aes_encrypt_block(const void *ks, const uint8_t *pt, uint8_t *ct); 131eda14cbcSMatt Macy extern int aes_decrypt_block(const void *ks, const uint8_t *ct, uint8_t *pt); 132eda14cbcSMatt Macy 133eda14cbcSMatt Macy /* 134eda14cbcSMatt Macy * AES mode functions. 135eda14cbcSMatt Macy * The first 2 functions operate on 16-byte AES blocks. 136eda14cbcSMatt Macy */ 137eda14cbcSMatt Macy extern void aes_copy_block(uint8_t *in, uint8_t *out); 138eda14cbcSMatt Macy extern void aes_xor_block(uint8_t *data, uint8_t *dst); 139eda14cbcSMatt Macy 140eda14cbcSMatt Macy /* Note: ctx is a pointer to aes_ctx_t defined in modes.h */ 141eda14cbcSMatt Macy extern int aes_encrypt_contiguous_blocks(void *ctx, char *data, size_t length, 142eda14cbcSMatt Macy crypto_data_t *out); 143eda14cbcSMatt Macy extern int aes_decrypt_contiguous_blocks(void *ctx, char *data, size_t length, 144eda14cbcSMatt Macy crypto_data_t *out); 145eda14cbcSMatt Macy 146eda14cbcSMatt Macy /* 147eda14cbcSMatt Macy * The following definitions and declarations are only used by AES FIPS POST 148eda14cbcSMatt Macy */ 149eda14cbcSMatt Macy #ifdef _AES_IMPL 150eda14cbcSMatt Macy 151eda14cbcSMatt Macy typedef enum aes_mech_type { 152eda14cbcSMatt Macy AES_ECB_MECH_INFO_TYPE, /* SUN_CKM_AES_ECB */ 153eda14cbcSMatt Macy AES_CBC_MECH_INFO_TYPE, /* SUN_CKM_AES_CBC */ 154eda14cbcSMatt Macy AES_CBC_PAD_MECH_INFO_TYPE, /* SUN_CKM_AES_CBC_PAD */ 155eda14cbcSMatt Macy AES_CTR_MECH_INFO_TYPE, /* SUN_CKM_AES_CTR */ 156eda14cbcSMatt Macy AES_CCM_MECH_INFO_TYPE, /* SUN_CKM_AES_CCM */ 157eda14cbcSMatt Macy AES_GCM_MECH_INFO_TYPE, /* SUN_CKM_AES_GCM */ 158eda14cbcSMatt Macy AES_GMAC_MECH_INFO_TYPE /* SUN_CKM_AES_GMAC */ 159eda14cbcSMatt Macy } aes_mech_type_t; 160eda14cbcSMatt Macy 161eda14cbcSMatt Macy #endif /* _AES_IMPL */ 162eda14cbcSMatt Macy 163eda14cbcSMatt Macy /* 164eda14cbcSMatt Macy * Methods used to define AES implementation 165eda14cbcSMatt Macy * 166eda14cbcSMatt Macy * @aes_gen_f Key generation 167eda14cbcSMatt Macy * @aes_enc_f Function encrypts one block 168eda14cbcSMatt Macy * @aes_dec_f Function decrypts one block 169eda14cbcSMatt Macy * @aes_will_work_f Function tests whether method will function 170eda14cbcSMatt Macy */ 171eda14cbcSMatt Macy typedef void (*aes_generate_f)(aes_key_t *, const uint32_t *, int); 172eda14cbcSMatt Macy typedef void (*aes_encrypt_f)(const uint32_t[], int, 173eda14cbcSMatt Macy const uint32_t[4], uint32_t[4]); 174eda14cbcSMatt Macy typedef void (*aes_decrypt_f)(const uint32_t[], int, 175eda14cbcSMatt Macy const uint32_t[4], uint32_t[4]); 176eda14cbcSMatt Macy typedef boolean_t (*aes_will_work_f)(void); 177eda14cbcSMatt Macy 178eda14cbcSMatt Macy #define AES_IMPL_NAME_MAX (16) 179eda14cbcSMatt Macy 180eda14cbcSMatt Macy struct aes_impl_ops { 181eda14cbcSMatt Macy aes_generate_f generate; 182eda14cbcSMatt Macy aes_encrypt_f encrypt; 183eda14cbcSMatt Macy aes_decrypt_f decrypt; 184eda14cbcSMatt Macy aes_will_work_f is_supported; 185eda14cbcSMatt Macy boolean_t needs_byteswap; 186eda14cbcSMatt Macy char name[AES_IMPL_NAME_MAX]; 187eda14cbcSMatt Macy }; 188eda14cbcSMatt Macy 189eda14cbcSMatt Macy extern const aes_impl_ops_t aes_generic_impl; 190eda14cbcSMatt Macy #if defined(__x86_64) 191eda14cbcSMatt Macy extern const aes_impl_ops_t aes_x86_64_impl; 192eda14cbcSMatt Macy 193eda14cbcSMatt Macy /* These functions are used to execute amd64 instructions for AMD or Intel: */ 194*15f0b8c3SMartin Matuska extern ASMABI int rijndael_key_setup_enc_amd64(uint32_t rk[], 195eda14cbcSMatt Macy const uint32_t cipherKey[], int keyBits); 196*15f0b8c3SMartin Matuska extern ASMABI int rijndael_key_setup_dec_amd64(uint32_t rk[], 197eda14cbcSMatt Macy const uint32_t cipherKey[], int keyBits); 198*15f0b8c3SMartin Matuska extern ASMABI void aes_encrypt_amd64(const uint32_t rk[], int Nr, 199eda14cbcSMatt Macy const uint32_t pt[4], uint32_t ct[4]); 200*15f0b8c3SMartin Matuska extern ASMABI void aes_decrypt_amd64(const uint32_t rk[], int Nr, 201eda14cbcSMatt Macy const uint32_t ct[4], uint32_t pt[4]); 202eda14cbcSMatt Macy #endif 203eda14cbcSMatt Macy #if defined(__x86_64) && defined(HAVE_AES) 204eda14cbcSMatt Macy extern const aes_impl_ops_t aes_aesni_impl; 205eda14cbcSMatt Macy #endif 206eda14cbcSMatt Macy 207eda14cbcSMatt Macy /* 208eda14cbcSMatt Macy * Initializes fastest implementation 209eda14cbcSMatt Macy */ 210eda14cbcSMatt Macy void aes_impl_init(void); 211eda14cbcSMatt Macy 212eda14cbcSMatt Macy /* 213eda14cbcSMatt Macy * Returns optimal allowed AES implementation 214eda14cbcSMatt Macy */ 215eda14cbcSMatt Macy const struct aes_impl_ops *aes_impl_get_ops(void); 216eda14cbcSMatt Macy 217eda14cbcSMatt Macy #ifdef __cplusplus 218eda14cbcSMatt Macy } 219eda14cbcSMatt Macy #endif 220eda14cbcSMatt Macy 221eda14cbcSMatt Macy #endif /* _AES_IMPL_H */ 222