hi,
i need to change aesni_ctr_enc a bit to pass an already constructed
initial counter block (ICB) rather than do it in the function itself.
this will allow me to share the code with aes-gcm.
if i won't hear any objections, i'll commit this on wednesday.
works for me without issues.
Index: aes_intel.S
===================================================================
RCS file: /home/cvs/src/sys/arch/amd64/amd64/aes_intel.S,v
retrieving revision 1.2
diff -u -p -r1.2 aes_intel.S
--- aes_intel.S 22 Jul 2010 12:47:40 -0000 1.2
+++ aes_intel.S 5 Nov 2010 16:04:34 -0000
@@ -66,13 +66,13 @@
#define BSWAP_MASK %xmm10
#define CTR %xmm11
#define INC %xmm12
-#define NONCE %xmm13
#define KEYP %rdi
#define OUTP %rsi
#define INP %rdx
#define LEN %rcx
#define IVP %r8
+#define ICBP %r8
#define KLEN %r9d
#define T1 %r10
#define TKEYP T1
@@ -772,22 +772,22 @@ ENTRY(aesni_cbc_dec)
* _aesni_inc_init: internal ABI
* setup registers used by _aesni_inc
* input:
- * IV
+ * ICB
* output:
- * CTR: == IV, in little endian
+ * CTR: == CTR, in little endian
+ * IV: == IV, in big endian
* TCTR_LOW: == lower dword of CTR
* INC: == 1, in little endian
* BSWAP_MASK == endian swapping mask
*/
_aesni_inc_init:
- movaps .Lbswap_mask, BSWAP_MASK
- movaps IV, CTR
- pslldq $4, CTR
- por NONCE, CTR
- pshufb BSWAP_MASK, CTR
- mov $1, TCTR_LOW
- movd TCTR_LOW, INC
- movd CTR, TCTR_LOW
+ movdqa CTR, IV
+ pslldq $8, IV
+ movdqa .Lbswap_mask, BSWAP_MASK
+ pshufb BSWAP_MASK, CTR
+ mov $1, TCTR_LOW
+ movd TCTR_LOW, INC
+ movd CTR, TCTR_LOW
ret
/*
@@ -819,14 +819,13 @@ _aesni_inc:
/*
* void aesni_ctr_enc(struct aesni_sess *ses, uint8_t *dst, uint8_t *src,
- * size_t len, uint8_t *iv)
+ * size_t len, uint8_t *icb)
*/
ENTRY(aesni_ctr_enc)
cmp $16, LEN
jb .Lctr_enc_just_ret
mov 480(KEYP), KLEN
- movd 484(KEYP), NONCE
- movq (IVP), IV
+ movdqu (ICBP), CTR
call _aesni_inc_init
cmp $64, LEN
jb .Lctr_enc_loop1
Index: aesni.c
===================================================================
RCS file: /home/cvs/src/sys/arch/amd64/amd64/aesni.c,v
retrieving revision 1.9
diff -u -p -r1.9 aesni.c
--- aesni.c 7 Sep 2010 15:51:00 -0000 1.9
+++ aesni.c 8 Nov 2010 10:13:00 -0000
@@ -77,7 +77,7 @@ extern void aesni_cbc_dec(struct aesni_s
/* assembler-assisted CTR mode */
extern void aesni_ctr_enc(struct aesni_sess *ses, uint8_t *dst,
- uint8_t *src, size_t len, uint8_t *iv);
+ uint8_t *src, size_t len, uint8_t *icb);
void aesni_setup(void);
int aesni_newsession(u_int32_t *, struct cryptoini *);
@@ -314,6 +314,7 @@ aesni_encdec(struct cryptop *crp, struct
struct aesni_sess *ses)
{
uint8_t iv[EALG_MAX_BLOCK_LEN];
+ uint8_t icb[EALG_MAX_BLOCK_LEN];
uint8_t *buf = aesni_sc->sc_buf;
int ivlen = 0;
int err = 0;
@@ -396,7 +397,10 @@ aesni_encdec(struct cryptop *crp, struct
else
aesni_cbc_dec(ses, buf, buf, crd->crd_len, iv);
} else if (crd->crd_alg == CRYPTO_AES_CTR) {
- aesni_ctr_enc(ses, buf, buf, crd->crd_len, iv);
+ bzero(icb, sizeof(icb));
+ bcopy(ses->ses_nonce, icb, AESCTR_NONCESIZE);
+ bcopy(iv, icb + AESCTR_NONCESIZE, AESCTR_IVSIZE);
+ aesni_ctr_enc(ses, buf, buf, crd->crd_len, icb);
}
fpu_kernel_exit();
