Commit a44b419f authored by Dave Watson's avatar Dave Watson Committed by Herbert Xu

crypto: aesni - Fill in new context data structures

Fill in aadhash, aadlen, pblocklen, curcount with appropriate values.
pblocklen, aadhash, and pblockenckey are also updated at the end
of each scatter/gather operation, to be carried over to the next
operation.
Signed-off-by: default avatarDave Watson <davejwatson@fb.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 1cb1bcbb
...@@ -297,7 +297,9 @@ VARIABLE_OFFSET = 16*8 ...@@ -297,7 +297,9 @@ VARIABLE_OFFSET = 16*8
# clobbering all xmm registers # clobbering all xmm registers
# clobbering r10, r11, r12, r13, r14, r15 # clobbering r10, r11, r12, r13, r14, r15
.macro GCM_ENC_DEC INITIAL_BLOCKS GHASH_8_ENCRYPT_8_PARALLEL GHASH_LAST_8 GHASH_MUL ENC_DEC REP .macro GCM_ENC_DEC INITIAL_BLOCKS GHASH_8_ENCRYPT_8_PARALLEL GHASH_LAST_8 GHASH_MUL ENC_DEC REP
vmovdqu AadHash(arg2), %xmm8
vmovdqu HashKey(arg2), %xmm13 # xmm13 = HashKey vmovdqu HashKey(arg2), %xmm13 # xmm13 = HashKey
add arg5, InLen(arg2)
mov arg5, %r13 # save the number of bytes of plaintext/ciphertext mov arg5, %r13 # save the number of bytes of plaintext/ciphertext
and $-16, %r13 # r13 = r13 - (r13 mod 16) and $-16, %r13 # r13 = r13 - (r13 mod 16)
...@@ -410,6 +412,9 @@ _eight_cipher_left\@: ...@@ -410,6 +412,9 @@ _eight_cipher_left\@:
_zero_cipher_left\@: _zero_cipher_left\@:
vmovdqu %xmm14, AadHash(arg2)
vmovdqu %xmm9, CurCount(arg2)
cmp $16, arg5 cmp $16, arg5
jl _only_less_than_16\@ jl _only_less_than_16\@
...@@ -420,10 +425,14 @@ _zero_cipher_left\@: ...@@ -420,10 +425,14 @@ _zero_cipher_left\@:
# handle the last <16 Byte block seperately # handle the last <16 Byte block seperately
mov %r13, PBlockLen(arg2)
vpaddd ONE(%rip), %xmm9, %xmm9 # INCR CNT to get Yn vpaddd ONE(%rip), %xmm9, %xmm9 # INCR CNT to get Yn
vmovdqu %xmm9, CurCount(arg2)
vpshufb SHUF_MASK(%rip), %xmm9, %xmm9 vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
ENCRYPT_SINGLE_BLOCK \REP, %xmm9 # E(K, Yn) ENCRYPT_SINGLE_BLOCK \REP, %xmm9 # E(K, Yn)
vmovdqu %xmm9, PBlockEncKey(arg2)
sub $16, %r11 sub $16, %r11
add %r13, %r11 add %r13, %r11
...@@ -451,6 +460,7 @@ _only_less_than_16\@: ...@@ -451,6 +460,7 @@ _only_less_than_16\@:
vpshufb SHUF_MASK(%rip), %xmm9, %xmm9 vpshufb SHUF_MASK(%rip), %xmm9, %xmm9
ENCRYPT_SINGLE_BLOCK \REP, %xmm9 # E(K, Yn) ENCRYPT_SINGLE_BLOCK \REP, %xmm9 # E(K, Yn)
vmovdqu %xmm9, PBlockEncKey(arg2)
lea SHIFT_MASK+16(%rip), %r12 lea SHIFT_MASK+16(%rip), %r12
sub %r13, %r12 # adjust the shuffle mask pointer to be sub %r13, %r12 # adjust the shuffle mask pointer to be
...@@ -480,6 +490,7 @@ _final_ghash_mul\@: ...@@ -480,6 +490,7 @@ _final_ghash_mul\@:
vpxor %xmm2, %xmm14, %xmm14 vpxor %xmm2, %xmm14, %xmm14
#GHASH computation for the last <16 Byte block #GHASH computation for the last <16 Byte block
\GHASH_MUL %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6 \GHASH_MUL %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6
vmovdqu %xmm14, AadHash(arg2)
sub %r13, %r11 sub %r13, %r11
add $16, %r11 add $16, %r11
.else .else
...@@ -491,6 +502,7 @@ _final_ghash_mul\@: ...@@ -491,6 +502,7 @@ _final_ghash_mul\@:
vpxor %xmm9, %xmm14, %xmm14 vpxor %xmm9, %xmm14, %xmm14
#GHASH computation for the last <16 Byte block #GHASH computation for the last <16 Byte block
\GHASH_MUL %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6 \GHASH_MUL %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6
vmovdqu %xmm14, AadHash(arg2)
sub %r13, %r11 sub %r13, %r11
add $16, %r11 add $16, %r11
vpshufb SHUF_MASK(%rip), %xmm9, %xmm9 # shuffle xmm9 back to output as ciphertext vpshufb SHUF_MASK(%rip), %xmm9, %xmm9 # shuffle xmm9 back to output as ciphertext
...@@ -526,12 +538,16 @@ _multiple_of_16_bytes\@: ...@@ -526,12 +538,16 @@ _multiple_of_16_bytes\@:
# Output: Authorization Tag (AUTH_TAG) # Output: Authorization Tag (AUTH_TAG)
# Clobbers rax, r10-r12, and xmm0, xmm1, xmm5-xmm15 # Clobbers rax, r10-r12, and xmm0, xmm1, xmm5-xmm15
.macro GCM_COMPLETE GHASH_MUL REP .macro GCM_COMPLETE GHASH_MUL REP
mov arg8, %r12 # r12 = aadLen (number of bytes) vmovdqu AadHash(arg2), %xmm14
vmovdqu HashKey(arg2), %xmm13
mov AadLen(arg2), %r12 # r12 = aadLen (number of bytes)
shl $3, %r12 # convert into number of bits shl $3, %r12 # convert into number of bits
vmovd %r12d, %xmm15 # len(A) in xmm15 vmovd %r12d, %xmm15 # len(A) in xmm15
shl $3, arg5 # len(C) in bits (*128) mov InLen(arg2), %r12
vmovq arg5, %xmm1 shl $3, %r12 # len(C) in bits (*128)
vmovq %r12, %xmm1
vpslldq $8, %xmm15, %xmm15 # xmm15 = len(A)|| 0x0000000000000000 vpslldq $8, %xmm15, %xmm15 # xmm15 = len(A)|| 0x0000000000000000
vpxor %xmm1, %xmm15, %xmm15 # xmm15 = len(A)||len(C) vpxor %xmm1, %xmm15, %xmm15 # xmm15 = len(A)||len(C)
...@@ -539,8 +555,7 @@ _multiple_of_16_bytes\@: ...@@ -539,8 +555,7 @@ _multiple_of_16_bytes\@:
\GHASH_MUL %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6 # final GHASH computation \GHASH_MUL %xmm14, %xmm13, %xmm0, %xmm10, %xmm11, %xmm5, %xmm6 # final GHASH computation
vpshufb SHUF_MASK(%rip), %xmm14, %xmm14 # perform a 16Byte swap vpshufb SHUF_MASK(%rip), %xmm14, %xmm14 # perform a 16Byte swap
mov arg6, %rax # rax = *Y0 vmovdqu OrigIV(arg2), %xmm9
vmovdqu (%rax), %xmm9 # xmm9 = Y0
ENCRYPT_SINGLE_BLOCK \REP, %xmm9 # E(K, Y0) ENCRYPT_SINGLE_BLOCK \REP, %xmm9 # E(K, Y0)
...@@ -662,6 +677,20 @@ _get_AAD_done\@: ...@@ -662,6 +677,20 @@ _get_AAD_done\@:
.endm .endm
.macro INIT GHASH_MUL PRECOMPUTE .macro INIT GHASH_MUL PRECOMPUTE
mov arg6, %r11
mov %r11, AadLen(arg2) # ctx_data.aad_length = aad_length
xor %r11d, %r11d
mov %r11, InLen(arg2) # ctx_data.in_length = 0
mov %r11, PBlockLen(arg2) # ctx_data.partial_block_length = 0
mov %r11, PBlockEncKey(arg2) # ctx_data.partial_block_enc_key = 0
mov arg4, %rax
movdqu (%rax), %xmm0
movdqu %xmm0, OrigIV(arg2) # ctx_data.orig_IV = iv
vpshufb SHUF_MASK(%rip), %xmm0, %xmm0
movdqu %xmm0, CurCount(arg2) # ctx_data.current_counter = iv
vmovdqu (arg3), %xmm6 # xmm6 = HashKey vmovdqu (arg3), %xmm6 # xmm6 = HashKey
vpshufb SHUF_MASK(%rip), %xmm6, %xmm6 vpshufb SHUF_MASK(%rip), %xmm6, %xmm6
...@@ -809,10 +838,7 @@ _get_AAD_done\@: ...@@ -809,10 +838,7 @@ _get_AAD_done\@:
xor %r11d, %r11d xor %r11d, %r11d
# start AES for num_initial_blocks blocks # start AES for num_initial_blocks blocks
mov arg6, %rax # rax = *Y0 vmovdqu CurCount(arg2), \CTR
vmovdqu (%rax), \CTR # CTR = Y0
vpshufb SHUF_MASK(%rip), \CTR, \CTR
i = (9-\num_initial_blocks) i = (9-\num_initial_blocks)
setreg setreg
...@@ -1754,10 +1780,7 @@ ENDPROC(aesni_gcm_dec_avx_gen2) ...@@ -1754,10 +1780,7 @@ ENDPROC(aesni_gcm_dec_avx_gen2)
xor %r11d, %r11d xor %r11d, %r11d
# start AES for num_initial_blocks blocks # start AES for num_initial_blocks blocks
mov arg6, %rax # rax = *Y0 vmovdqu CurCount(arg2), \CTR
vmovdqu (%rax), \CTR # CTR = Y0
vpshufb SHUF_MASK(%rip), \CTR, \CTR
i = (9-\num_initial_blocks) i = (9-\num_initial_blocks)
setreg setreg
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment