Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/crypto/aes/arch/arm Implement AES-CCM with NEON.



details:   https://anonhg.NetBSD.org/src/rev/ea18195ce7f3
branches:  trunk
changeset: 974152:ea18195ce7f3
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Sat Jul 25 22:36:06 2020 +0000

description:
Implement AES-CCM with NEON.

diffstat:

 sys/crypto/aes/arch/arm/aes_neon.h      |   8 ++-
 sys/crypto/aes/arch/arm/aes_neon_impl.c |  40 ++++++++++++++-
 sys/crypto/aes/arch/arm/aes_neon_subr.c |  89 ++++++++++++++++++++++++++++++++-
 sys/crypto/aes/arch/arm/arm_neon.h      |  22 +++++++-
 4 files changed, 153 insertions(+), 6 deletions(-)

diffs (241 lines):

diff -r ebc81c59c841 -r ea18195ce7f3 sys/crypto/aes/arch/arm/aes_neon.h
--- a/sys/crypto/aes/arch/arm/aes_neon.h        Sat Jul 25 22:33:04 2020 +0000
+++ b/sys/crypto/aes/arch/arm/aes_neon.h        Sat Jul 25 22:36:06 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: aes_neon.h,v 1.2 2020/07/25 22:12:57 riastradh Exp $   */
+/*     $NetBSD: aes_neon.h,v 1.3 2020/07/25 22:36:06 riastradh Exp $   */
 
 /*-
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -59,6 +59,12 @@
     uint8_t[static 16], size_t, uint8_t[static 16], uint32_t);
 void aes_neon_xts_dec(const struct aesdec *, const uint8_t[static 16],
     uint8_t[static 16], size_t, uint8_t[static 16], uint32_t);
+void aes_neon_cbcmac_update1(const struct aesenc *, const uint8_t[static 16],
+    size_t, uint8_t[static 16], uint32_t);
+void aes_neon_ccm_enc1(const struct aesenc *, const uint8_t[static 16],
+    uint8_t[static 16], size_t, uint8_t[static 32], uint32_t);
+void aes_neon_ccm_dec1(const struct aesenc *, const uint8_t[static 16],
+    uint8_t[static 16], size_t, uint8_t[static 32], uint32_t);
 
 int aes_neon_selftest(void);
 
diff -r ebc81c59c841 -r ea18195ce7f3 sys/crypto/aes/arch/arm/aes_neon_impl.c
--- a/sys/crypto/aes/arch/arm/aes_neon_impl.c   Sat Jul 25 22:33:04 2020 +0000
+++ b/sys/crypto/aes/arch/arm/aes_neon_impl.c   Sat Jul 25 22:36:06 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: aes_neon_impl.c,v 1.3 2020/07/25 22:12:57 riastradh Exp $      */
+/*     $NetBSD: aes_neon_impl.c,v 1.4 2020/07/25 22:36:06 riastradh Exp $      */
 
 /*-
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: aes_neon_impl.c,v 1.3 2020/07/25 22:12:57 riastradh Exp $");
+__KERNEL_RCSID(1, "$NetBSD: aes_neon_impl.c,v 1.4 2020/07/25 22:36:06 riastradh Exp $");
 
 #include <sys/types.h>
 #include <sys/proc.h>
@@ -144,6 +144,39 @@
        fpu_kern_leave();
 }
 
+static void
+aes_neon_cbcmac_update1_impl(const struct aesenc *enc,
+    const uint8_t in[static 16], size_t nbytes, uint8_t auth[static 16],
+    uint32_t nrounds)
+{
+
+       fpu_kern_enter();
+       aes_neon_cbcmac_update1(enc, in, nbytes, auth, nrounds);
+       fpu_kern_leave();
+}
+
+static void
+aes_neon_ccm_enc1_impl(const struct aesenc *enc, const uint8_t in[static 16],
+    uint8_t out[static 16], size_t nbytes, uint8_t authctr[static 32],
+    uint32_t nrounds)
+{
+
+       fpu_kern_enter();
+       aes_neon_ccm_enc1(enc, in, out, nbytes, authctr, nrounds);
+       fpu_kern_leave();
+}
+
+static void
+aes_neon_ccm_dec1_impl(const struct aesenc *enc, const uint8_t in[static 16],
+    uint8_t out[static 16], size_t nbytes, uint8_t authctr[static 32],
+    uint32_t nrounds)
+{
+
+       fpu_kern_enter();
+       aes_neon_ccm_dec1(enc, in, out, nbytes, authctr, nrounds);
+       fpu_kern_leave();
+}
+
 static int
 aes_neon_probe(void)
 {
@@ -204,4 +237,7 @@
        .ai_cbc_dec = aes_neon_cbc_dec_impl,
        .ai_xts_enc = aes_neon_xts_enc_impl,
        .ai_xts_dec = aes_neon_xts_dec_impl,
+       .ai_cbcmac_update1 = aes_neon_cbcmac_update1_impl,
+       .ai_ccm_enc1 = aes_neon_ccm_enc1_impl,
+       .ai_ccm_dec1 = aes_neon_ccm_dec1_impl,
 };
diff -r ebc81c59c841 -r ea18195ce7f3 sys/crypto/aes/arch/arm/aes_neon_subr.c
--- a/sys/crypto/aes/arch/arm/aes_neon_subr.c   Sat Jul 25 22:33:04 2020 +0000
+++ b/sys/crypto/aes/arch/arm/aes_neon_subr.c   Sat Jul 25 22:36:06 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: aes_neon_subr.c,v 1.2 2020/06/30 20:32:11 riastradh Exp $      */
+/*     $NetBSD: aes_neon_subr.c,v 1.3 2020/07/25 22:36:06 riastradh Exp $      */
 
 /*-
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -27,7 +27,9 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: aes_neon_subr.c,v 1.2 2020/06/30 20:32:11 riastradh Exp $");
+__KERNEL_RCSID(1, "$NetBSD: aes_neon_subr.c,v 1.3 2020/07/25 22:36:06 riastradh Exp $");
+
+#include <sys/endian.h>
 
 #ifdef _KERNEL
 #include <sys/systm.h>
@@ -213,6 +215,89 @@
        storeblock(tweak, t);
 }
 
+void
+aes_neon_cbcmac_update1(const struct aesenc *enc, const uint8_t in[static 16],
+    size_t nbytes, uint8_t auth0[static 16], uint32_t nrounds)
+{
+       uint8x16_t auth;
+
+       KASSERT(nbytes);
+       KASSERT(nbytes % 16 == 0);
+
+       auth = loadblock(auth0);
+       for (; nbytes; nbytes -= 16, in += 16)
+               auth = aes_neon_enc1(enc, auth ^ loadblock(in), nrounds);
+       storeblock(auth0, auth);
+}
+
+/*
+ * XXX On aarch64, we have enough registers that we should be able to
+ * pipeline two simultaneous vpaes computations in an `aes_neon_enc2'
+ * function, which should substantially improve CCM throughput.
+ */
+
+#if _BYTE_ORDER == _LITTLE_ENDIAN
+#define        vbetoh32q_u8    vrev32q_u8
+#define        vhtobe32q_u8    vrev32q_u8
+#elif _BYTE_ORDER == _BIG_ENDIAN
+#define        vbetoh32q_u8(x) (x)
+#define        vhtobe32q_u8(x) (x)
+#else
+#error what kind of endian are you anyway
+#endif
+
+void
+aes_neon_ccm_enc1(const struct aesenc *enc, const uint8_t in[static 16],
+    uint8_t out[static 16], size_t nbytes, uint8_t authctr[static 32],
+    uint32_t nrounds)
+{
+       const uint32x4_t ctr32_inc = {0, 0, 0, 1};
+       uint8x16_t auth, ptxt, ctr_be;
+       uint32x4_t ctr;
+
+       KASSERT(nbytes);
+       KASSERT(nbytes % 16 == 0);
+
+       auth = loadblock(authctr);
+       ctr_be = loadblock(authctr + 16);
+       ctr = vreinterpretq_u32_u8(vbetoh32q_u8(ctr_be));
+       for (; nbytes; nbytes -= 16, in += 16, out += 16) {
+               ptxt = loadblock(in);
+               auth = aes_neon_enc1(enc, auth ^ ptxt, nrounds);
+               ctr = vaddq_u32(ctr, ctr32_inc);
+               ctr_be = vhtobe32q_u8(vreinterpretq_u8_u32(ctr));
+               storeblock(out, ptxt ^ aes_neon_enc1(enc, ctr_be, nrounds));
+       }
+       storeblock(authctr, auth);
+       storeblock(authctr + 16, ctr_be);
+}
+
+void
+aes_neon_ccm_dec1(const struct aesenc *enc, const uint8_t in[static 16],
+    uint8_t out[static 16], size_t nbytes, uint8_t authctr[static 32],
+    uint32_t nrounds)
+{
+       const uint32x4_t ctr32_inc = {0, 0, 0, 1};
+       uint8x16_t auth, ctr_be, ptxt;
+       uint32x4_t ctr;
+
+       KASSERT(nbytes);
+       KASSERT(nbytes % 16 == 0);
+
+       auth = loadblock(authctr);
+       ctr_be = loadblock(authctr + 16);
+       ctr = vreinterpretq_u32_u8(vbetoh32q_u8(ctr_be));
+       for (; nbytes; nbytes -= 16, in += 16, out += 16) {
+               ctr = vaddq_u32(ctr, ctr32_inc);
+               ctr_be = vhtobe32q_u8(vreinterpretq_u8_u32(ctr));
+               ptxt = loadblock(in) ^ aes_neon_enc1(enc, ctr_be, nrounds);
+               storeblock(out, ptxt);
+               auth = aes_neon_enc1(enc, auth ^ ptxt, nrounds);
+       }
+       storeblock(authctr, auth);
+       storeblock(authctr + 16, ctr_be);
+}
+
 int
 aes_neon_selftest(void)
 {
diff -r ebc81c59c841 -r ea18195ce7f3 sys/crypto/aes/arch/arm/arm_neon.h
--- a/sys/crypto/aes/arch/arm/arm_neon.h        Sat Jul 25 22:33:04 2020 +0000
+++ b/sys/crypto/aes/arch/arm/arm_neon.h        Sat Jul 25 22:36:06 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: arm_neon.h,v 1.3 2020/07/23 11:33:01 ryo Exp $ */
+/*     $NetBSD: arm_neon.h,v 1.4 2020/07/25 22:36:06 riastradh Exp $   */
 
 /*-
  * Copyright (c) 2020 The NetBSD Foundation, Inc.
@@ -91,6 +91,13 @@
 
 _INTRINSATTR
 static __inline uint32x4_t
+vaddq_u32(uint32x4_t __v0, uint32x4_t __v1)
+{
+       return __v0 + __v1;
+}
+
+_INTRINSATTR
+static __inline uint32x4_t
 vcltq_s32(int32x4_t __v0, int32x4_t __v1)
 {
        return (uint32x4_t)(__v0 < __v1);
@@ -328,6 +335,19 @@
        return (uint8x16_t)__v;
 }
 
+_INTRINSATTR
+static __inline uint8x16_t
+vrev32q_u8(uint8x16_t __v)
+{
+#if defined(__GNUC__) && !defined(__clang__)
+       return __builtin_shuffle(__v,
+           (uint8x16_t) { 3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12 });
+#elif defined(__clang__)
+       return __builtin_shufflevector(__v,
+           3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12);
+#endif
+}
+
 #if defined(__GNUC__) && !defined(__clang__)
 _INTRINSATTR
 static __inline uint32x4_t



Home | Main Index | Thread Index | Old Index