Rewrite the cpacf implementations to use the generic AES helper functions from crypto/aes-helpers.c
Signed-off-by: Harald Freudenberger <[email protected]> --- target/s390x/tcg/cpacf_aes.c | 124 ++++++++++------------------------- 1 file changed, 36 insertions(+), 88 deletions(-) diff --git a/target/s390x/tcg/cpacf_aes.c b/target/s390x/tcg/cpacf_aes.c index 98d5134d5f..9935b6b39c 100644 --- a/target/s390x/tcg/cpacf_aes.c +++ b/target/s390x/tcg/cpacf_aes.c @@ -119,20 +119,13 @@ int cpacf_aes_ecb(CPUS390XState *env, const int mmu_idx, uintptr_t ra, return !len ? 0 : 3; } -static void aes_xor(const uint8_t *src1, const uint8_t *src2, uint8_t *dst) -{ - for (int i = 0; i < AES_BLOCK_SIZE; i++) { - dst[i] = src1[i] ^ src2[i]; - } -} - int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE }; - uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx); uint64_t addr, len = *src_len_reg, done = 0; int i, keysize, addr_reg_size = 64; @@ -188,19 +181,11 @@ int cpacf_aes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++) { aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt in => buf */ - AES_decrypt(in, buf, &exkey); - /* buf xor iv => out */ - aes_xor(buf, iv, out); - /* prep iv for next round */ - memcpy(iv, in, AES_BLOCK_SIZE); + /* decrypt in => out */ + AES_cbc_decrypt(in, out, iv, &exkey); } else { - /* in xor iv => buf */ - aes_xor(in, iv, buf); - /* encrypt buf => out */ - AES_encrypt(buf, out, &exkey); - /* prep iv for next round */ - memcpy(iv, out, AES_BLOCK_SIZE); + /* encrypt in => out */ + AES_cbc_encrypt(in, out, iv, &exkey); } aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -= AES_BLOCK_SIZE, done += AES_BLOCK_SIZE; @@ -229,11 +214,10 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, { enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE }; const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx); - uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; uint64_t addr, len = *src_len_reg, done = 0; + uint8_t ctr[AES_BLOCK_SIZE], key[32]; int i, keysize, addr_reg_size = 64; - uint8_t key[32]; AES_KEY exkey; g_assert(type == S390_FEAT_TYPE_KMCTR); @@ -275,12 +259,10 @@ int cpacf_aes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++) { /* read in nonce/ctr => ctr */ aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); - /* encrypt ctr => buf */ - AES_encrypt(ctr, buf, &exkey); /* read in one block of input data => in */ aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); - /* exor input data with encrypted ctr => out */ - aes_xor(in, buf, out); + /* encrypt ctr and xor with in => out */ + AES_ctr_encrypt(in, out, ctr, &exkey); /* write out the processed block */ aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -= AES_BLOCK_SIZE, done += AES_BLOCK_SIZE; @@ -361,28 +343,13 @@ int cpacf_aes_pcc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, return 0; } -static void aes_xts_prep_next_tweak(uint8_t tweak[AES_BLOCK_SIZE]) -{ - uint8_t carry; - int i; - - carry = tweak[AES_BLOCK_SIZE - 1] >> 7; - - for (i = AES_BLOCK_SIZE - 1; i > 0; i--) { - tweak[i] = (uint8_t)((tweak[i] << 1) | (tweak[i - 1] >> 7)); - } - - tweak[i] = (uint8_t)(tweak[i] << 1); - tweak[i] ^= (uint8_t)(0x87 & (uint8_t)(-(int8_t)carry)); -} - int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint64_t param_addr, uint64_t *dst_ptr_reg, uint64_t *src_ptr_reg, uint64_t *src_len_reg, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE }; - uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx); uint64_t addr, len = *src_len_reg, done = 0; uint8_t key[32], tweak[AES_BLOCK_SIZE]; @@ -433,23 +400,19 @@ int cpacf_aes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, /* process up to MAX_BLOCKS_PER_RUN aes blocks */ for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++) { - /* fetch one AES block into buf1 */ - aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra); - /* buf1 xor tweak => buf2 */ - aes_xor(buf1, tweak, buf2); + /* fetch one AES block into in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt buf2 => buf1 */ - AES_decrypt(buf2, buf1, &exkey); + /* decrypt in => out */ + AES_xts_decrypt(in, out, tweak, &exkey); } else { - /* encrypt buf2 => buf1 */ - AES_encrypt(buf2, buf1, &exkey); + /* encrypt in => out */ + AES_xts_encrypt(in, out, tweak, &exkey); } - /* buf1 xor tweak => buf2 */ - aes_xor(buf1, tweak, buf2); /* prep tweak for next round */ - aes_xts_prep_next_tweak(tweak); - /* write out this processed block from buf2 */ - aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra); + AES_xts_prep_next_tweak(tweak); + /* write out this processed block from out */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -= AES_BLOCK_SIZE, done += AES_BLOCK_SIZE; } @@ -627,7 +590,7 @@ int cpacf_paes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE }; - uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx); uint8_t key[32], wkvp[32], iv[AES_BLOCK_SIZE]; uint64_t addr, len = *src_len_reg, done = 0; @@ -697,19 +660,11 @@ int cpacf_paes_cbc(CPUS390XState *env, const int mmu_idx, uintptr_t ra, for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++) { aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt in => buf */ - AES_decrypt(in, buf, &exkey); - /* buf xor iv => out */ - aes_xor(buf, iv, out); - /* prep iv for next round */ - memcpy(iv, in, AES_BLOCK_SIZE); + /* decrypt in => out */ + AES_cbc_decrypt(in, out, iv, &exkey); } else { - /* in xor iv => buf */ - aes_xor(in, iv, buf); - /* encrypt buf => out */ - AES_encrypt(buf, out, &exkey); - /* prep iv for next round */ - memcpy(iv, out, AES_BLOCK_SIZE); + /* encrypt in => out */ + AES_cbc_encrypt(in, out, iv, &exkey); } aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -= AES_BLOCK_SIZE, done += AES_BLOCK_SIZE; @@ -738,11 +693,10 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, { enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE }; const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx); - uint8_t ctr[AES_BLOCK_SIZE], buf[AES_BLOCK_SIZE]; uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; + uint8_t ctr[AES_BLOCK_SIZE], key[32], wkvp[32]; uint64_t addr, len = *src_len_reg, done = 0; int i, keysize, addr_reg_size = 64; - uint8_t key[32], wkvp[32]; AES_KEY exkey; g_assert(type == S390_FEAT_TYPE_KMCTR); @@ -798,12 +752,10 @@ int cpacf_paes_ctr(CPUS390XState *env, const int mmu_idx, uintptr_t ra, for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++) { /* read in nonce/ctr => ctr */ aes_read_block(env, mmu_idx, *ctr_ptr_reg + done, ctr, ra); - /* encrypt ctr => buf */ - AES_encrypt(ctr, buf, &exkey); /* read in one block of input data => in */ aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); - /* exor input data with encrypted ctr => out */ - aes_xor(in, buf, out); + /* encrypt ctr and xor with in => out */ + AES_ctr_encrypt(in, out, ctr, &exkey); /* write out the processed block */ aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -= AES_BLOCK_SIZE, done += AES_BLOCK_SIZE; @@ -906,7 +858,7 @@ int cpacf_paes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, uint32_t type, uint8_t fc, uint8_t mod) { enum { MAX_BLOCKS_PER_RUN = 8192 / AES_BLOCK_SIZE }; - uint8_t buf1[AES_BLOCK_SIZE], buf2[AES_BLOCK_SIZE]; + uint8_t in[AES_BLOCK_SIZE], out[AES_BLOCK_SIZE]; const MemOpIdx oi = make_memop_idx(MO_8, mmu_idx); uint8_t key[32], wkvp[32], tweak[AES_BLOCK_SIZE]; uint64_t addr, len = *src_len_reg, done = 0; @@ -971,23 +923,19 @@ int cpacf_paes_xts(CPUS390XState *env, const int mmu_idx, uintptr_t ra, /* process up to MAX_BLOCKS_PER_RUN aes blocks */ for (i = 0; i < MAX_BLOCKS_PER_RUN && len >= AES_BLOCK_SIZE; i++) { - /* fetch one AES block into buf1 */ - aes_read_block(env, mmu_idx, *src_ptr_reg + done, buf1, ra); - /* buf1 xor tweak => buf2 */ - aes_xor(buf1, tweak, buf2); + /* fetch one AES block into in */ + aes_read_block(env, mmu_idx, *src_ptr_reg + done, in, ra); if (mod) { - /* decrypt buf2 => buf1 */ - AES_decrypt(buf2, buf1, &exkey); + /* decrypt in => out */ + AES_xts_decrypt(in, out, tweak, &exkey); } else { - /* encrypt buf2 => buf1 */ - AES_encrypt(buf2, buf1, &exkey); + /* encrypt in => out */ + AES_xts_encrypt(in, out, tweak, &exkey); } - /* buf1 xor tweak => buf2 */ - aes_xor(buf1, tweak, buf2); /* prep tweak for next round */ - aes_xts_prep_next_tweak(tweak); - /* write out this processed block from buf2 */ - aes_write_block(env, mmu_idx, *dst_ptr_reg + done, buf2, ra); + AES_xts_prep_next_tweak(tweak); + /* write out this processed block from out */ + aes_write_block(env, mmu_idx, *dst_ptr_reg + done, out, ra); len -= AES_BLOCK_SIZE, done += AES_BLOCK_SIZE; } -- 2.43.0
