1 // SPDX-License-Identifier: CDDL-1.0 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or https://opensource.org/licenses/CDDL-1.0. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _AES_IMPL_H 28 #define _AES_IMPL_H 29 30 /* 31 * Common definitions used by AES. 32 */ 33 34 #ifdef __cplusplus 35 extern "C" { 36 #endif 37 38 #include <sys/zfs_context.h> 39 #include <sys/crypto/common.h> 40 #include <sys/asm_linkage.h> 41 42 /* Similar to sysmacros.h IS_P2ALIGNED, but checks two pointers: */ 43 #define IS_P2ALIGNED2(v, w, a) \ 44 ((((uintptr_t)(v) | (uintptr_t)(w)) & ((uintptr_t)(a) - 1)) == 0) 45 46 #define AES_BLOCK_LEN 16 /* bytes */ 47 /* Round constant length, in number of 32-bit elements: */ 48 #define RC_LENGTH (5 * ((AES_BLOCK_LEN) / 4 - 2)) 49 50 #define AES_COPY_BLOCK(src, dst) \ 51 (dst)[0] = (src)[0]; \ 52 (dst)[1] = (src)[1]; \ 53 (dst)[2] = (src)[2]; \ 54 (dst)[3] = (src)[3]; \ 55 (dst)[4] = (src)[4]; \ 56 (dst)[5] = (src)[5]; \ 57 (dst)[6] = (src)[6]; \ 58 (dst)[7] = (src)[7]; \ 59 (dst)[8] = (src)[8]; \ 60 (dst)[9] = (src)[9]; \ 61 (dst)[10] = (src)[10]; \ 62 (dst)[11] = (src)[11]; \ 63 (dst)[12] = (src)[12]; \ 64 (dst)[13] = (src)[13]; \ 65 (dst)[14] = (src)[14]; \ 66 (dst)[15] = (src)[15] 67 68 #define AES_XOR_BLOCK(src, dst) \ 69 (dst)[0] ^= (src)[0]; \ 70 (dst)[1] ^= (src)[1]; \ 71 (dst)[2] ^= (src)[2]; \ 72 (dst)[3] ^= (src)[3]; \ 73 (dst)[4] ^= (src)[4]; \ 74 (dst)[5] ^= (src)[5]; \ 75 (dst)[6] ^= (src)[6]; \ 76 (dst)[7] ^= (src)[7]; \ 77 (dst)[8] ^= (src)[8]; \ 78 (dst)[9] ^= (src)[9]; \ 79 (dst)[10] ^= (src)[10]; \ 80 (dst)[11] ^= (src)[11]; \ 81 (dst)[12] ^= (src)[12]; \ 82 (dst)[13] ^= (src)[13]; \ 83 (dst)[14] ^= (src)[14]; \ 84 (dst)[15] ^= (src)[15] 85 86 /* AES key size definitions */ 87 #define AES_MINBITS 128 88 #define AES_MAXBITS 256 89 90 /* AES key schedule may be implemented with 32- or 64-bit elements: */ 91 #define AES_32BIT_KS 32 92 #define AES_64BIT_KS 64 93 94 #define MAX_AES_NR 14 /* Maximum number of rounds */ 95 #define MAX_AES_NB 4 /* Number of columns comprising a state */ 96 97 typedef union { 98 #ifdef sun4u 99 uint64_t ks64[((MAX_AES_NR) + 1) * (MAX_AES_NB)]; 100 #endif 101 uint32_t ks32[((MAX_AES_NR) + 1) * (MAX_AES_NB)]; 102 } aes_ks_t; 103 104 typedef struct aes_impl_ops aes_impl_ops_t; 105 106 /* 107 * The absolute offset of the encr_ks (0) and the nr (504) fields are hard 108 * coded in aesni-gcm-x86_64, so please don't change (or adjust accordingly). 109 */ 110 typedef struct aes_key aes_key_t; 111 struct aes_key { 112 aes_ks_t encr_ks; /* encryption key schedule */ 113 aes_ks_t decr_ks; /* decryption key schedule */ 114 #ifdef __amd64 115 long double align128; /* Align fields above for Intel AES-NI */ 116 #endif /* __amd64 */ 117 const aes_impl_ops_t *ops; /* ops associated with this schedule */ 118 int nr; /* number of rounds (10, 12, or 14) */ 119 int type; /* key schedule size (32 or 64 bits) */ 120 }; 121 122 /* 123 * Core AES functions. 124 * ks and keysched are pointers to aes_key_t. 125 * They are declared void* as they are intended to be opaque types. 126 * Use function aes_alloc_keysched() to allocate memory for ks and keysched. 127 */ 128 extern void *aes_alloc_keysched(size_t *size, int kmflag); 129 extern void aes_init_keysched(const uint8_t *cipherKey, uint_t keyBits, 130 void *keysched); 131 extern int aes_encrypt_block(const void *ks, const uint8_t *pt, uint8_t *ct); 132 extern int aes_decrypt_block(const void *ks, const uint8_t *ct, uint8_t *pt); 133 134 /* 135 * AES mode functions. 136 * The first 2 functions operate on 16-byte AES blocks. 137 */ 138 extern void aes_copy_block(uint8_t *in, uint8_t *out); 139 extern void aes_xor_block(uint8_t *data, uint8_t *dst); 140 141 /* Note: ctx is a pointer to aes_ctx_t defined in modes.h */ 142 extern int aes_encrypt_contiguous_blocks(void *ctx, char *data, size_t length, 143 crypto_data_t *out); 144 extern int aes_decrypt_contiguous_blocks(void *ctx, char *data, size_t length, 145 crypto_data_t *out); 146 147 /* 148 * The following definitions and declarations are only used by AES FIPS POST 149 */ 150 #ifdef _AES_IMPL 151 152 typedef enum aes_mech_type { 153 AES_CCM_MECH_INFO_TYPE, /* SUN_CKM_AES_CCM */ 154 AES_GCM_MECH_INFO_TYPE, /* SUN_CKM_AES_GCM */ 155 } aes_mech_type_t; 156 157 #endif /* _AES_IMPL */ 158 159 /* 160 * Methods used to define AES implementation 161 * 162 * @aes_gen_f Key generation 163 * @aes_enc_f Function encrypts one block 164 * @aes_dec_f Function decrypts one block 165 * @aes_will_work_f Function tests whether method will function 166 */ 167 typedef void (*aes_generate_f)(aes_key_t *, const uint32_t *, int); 168 typedef void (*aes_encrypt_f)(const uint32_t[], int, 169 const uint32_t[4], uint32_t[4]); 170 typedef void (*aes_decrypt_f)(const uint32_t[], int, 171 const uint32_t[4], uint32_t[4]); 172 typedef boolean_t (*aes_will_work_f)(void); 173 174 #define AES_IMPL_NAME_MAX (16) 175 176 struct aes_impl_ops { 177 aes_generate_f generate; 178 aes_encrypt_f encrypt; 179 aes_decrypt_f decrypt; 180 aes_will_work_f is_supported; 181 boolean_t needs_byteswap; 182 char name[AES_IMPL_NAME_MAX]; 183 }; 184 185 extern const aes_impl_ops_t aes_generic_impl; 186 #if defined(__x86_64) 187 extern const aes_impl_ops_t aes_x86_64_impl; 188 189 /* These functions are used to execute amd64 instructions for AMD or Intel: */ 190 extern ASMABI int rijndael_key_setup_enc_amd64(uint32_t rk[], 191 const uint32_t cipherKey[], int keyBits); 192 extern ASMABI int rijndael_key_setup_dec_amd64(uint32_t rk[], 193 const uint32_t cipherKey[], int keyBits); 194 extern ASMABI void aes_encrypt_amd64(const uint32_t rk[], int Nr, 195 const uint32_t pt[4], uint32_t ct[4]); 196 extern ASMABI void aes_decrypt_amd64(const uint32_t rk[], int Nr, 197 const uint32_t ct[4], uint32_t pt[4]); 198 #endif 199 #if defined(__x86_64) && defined(HAVE_AES) 200 extern const aes_impl_ops_t aes_aesni_impl; 201 #endif 202 203 /* 204 * Initializes fastest implementation 205 */ 206 void aes_impl_init(void); 207 208 /* 209 * Returns optimal allowed AES implementation 210 */ 211 const struct aes_impl_ops *aes_impl_get_ops(void); 212 213 #ifdef __cplusplus 214 } 215 #endif 216 217 #endif /* _AES_IMPL_H */ 218