#ifdef SAMBA_RIJNDAEL
#include "rijndael-alg-fst.h"
+#if defined(HAVE_AESNI_INTEL)
+
+/*
+ * NB. HAVE_AESNI_INTEL is only defined if -lang-asm is
+ * available.
+ */
+
+static inline void __cpuid(unsigned int where[4], unsigned int leaf)
+{
+ asm volatile("cpuid" :
+ "=a" (where[0]),
+ "=b" (where[1]),
+ "=c" (where[2]),
+ "=d" (where[3]): "a" (leaf));
+}
+
+/*
+ * has_intel_aes_instructions()
+ * return true if supports AES-NI and false if doesn't
+ */
+static bool has_intel_aes_instructions(void)
+{
+ static int has_aes_instructions = -1;
+ unsigned int cpuid_results[4];
+
+ if (has_aes_instructions != -1) {
+ return (bool)has_aes_instructions;
+ }
+
+ __cpuid(cpuid_results, 0);
+ /*
+ * MSB LSB
+ * EBX = 'u' 'n' 'e' 'G'
+ * EDX = 'I' 'e' 'n' 'i'
+ * ECX = 'l' 'e' 't' 'n'
+ */
+ if (memcmp((unsigned char *)&cpuid_results[1], "Genu", 4) != 0 ||
+ memcmp((unsigned char *)&cpuid_results[3],
+ "ineI", 4) != 0 ||
+ memcmp((unsigned char *)&cpuid_results[2],
+ "ntel", 4) != 0) {
+ has_aes_instructions = 0;
+ return (bool)has_aes_instructions;
+ }
+
+ __cpuid(cpuid_results, 1);
+ has_aes_instructions = !!(cpuid_results[2] & (1 << 25));
+ return (bool)has_aes_instructions;
+}
+
+/*
+ * Macro to ensure the AES key schedule starts on a 16 byte boundary.
+ */
+
+#define SET_ACC_CTX(k) \
+ do { \
+ (k)->u.aes_ni.acc_ctx = \
+ (struct crypto_aes_ctx *)(((unsigned long)(k)->u.aes_ni._acc_ctx + 15) & ~0xfUL); \
+ } while (0)
+
+/*
+ * The next 4 functions call the Intel AES hardware implementations
+ * of:
+ *
+ * AES_set_encrypt_key()
+ * AES_set_decrypt_key()
+ * AES_encrypt()
+ * AES_decrypt()
+ */
+
+static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
+ const int bits,
+ AES_KEY *key)
+{
+ SET_ACC_CTX(key);
+ return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
+}
+
+static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
+ const int bits,
+ AES_KEY *key)
+{
+ SET_ACC_CTX(key);
+ return aesni_set_key(key->u.aes_ni.acc_ctx, userkey, bits/8);
+}
+
+static void AES_encrypt_aesni(const unsigned char *in,
+ unsigned char *out,
+ const AES_KEY *key)
+{
+ aesni_enc(key->u.aes_ni.acc_ctx, out, in);
+}
+
+static void AES_decrypt_aesni(const unsigned char *in,
+ unsigned char *out,
+ const AES_KEY *key)
+{
+ aesni_dec(key->u.aes_ni.acc_ctx, out, in);
+}
+#else /* defined(HAVE_AESNI_INTEL) */
+
+/*
+ * Dummy implementations if no Intel AES instructions present.
+ * Only has_intel_aes_instructions() will ever be called.
+*/
+
+static bool has_intel_aes_instructions(void)
+{
+ return false;
+}
+
+static int AES_set_encrypt_key_aesni(const unsigned char *userkey,
+ const int bits,
+ AES_KEY *key)
+{
+ return -1;
+}
+
+static int AES_set_decrypt_key_aesni(const unsigned char *userkey,
+ const int bits,
+ AES_KEY *key)
+{
+ return -1;
+}
+
+static void AES_encrypt_aesni(const unsigned char *in,
+ unsigned char *out,
+ const AES_KEY *key)
+{
+ abort();
+}
+
+static void AES_decrypt_aesni(const unsigned char *in,
+ unsigned char *out,
+ const AES_KEY *key)
+{
+ abort();
+}
+#endif /* defined(HAVE_AENI_INTEL) */
+
/*
* The next 4 functions are the pure software implementations
* of:
*
* If the hardware instructions don't exist, fall back to the software
* versions.
- *
- * Currently only use the software implementations.
*/
int
AES_set_encrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
{
+ if (has_intel_aes_instructions()) {
+ return AES_set_encrypt_key_aesni(userkey, bits, key);
+ }
return AES_set_encrypt_key_rj(userkey, bits, key);
}
int
AES_set_decrypt_key(const unsigned char *userkey, const int bits, AES_KEY *key)
{
+ if (has_intel_aes_instructions()) {
+ return AES_set_decrypt_key_aesni(userkey, bits, key);
+ }
return AES_set_decrypt_key_rj(userkey, bits, key);
}
void
AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
+ if (has_intel_aes_instructions()) {
+ return AES_encrypt_aesni(in, out, key);
+ }
return AES_encrypt_rj(in, out, key);
}
void
AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key)
{
+ if (has_intel_aes_instructions()) {
+ return AES_decrypt_aesni(in, out, key);
+ }
return AES_decrypt_rj(in, out, key);
}
--- /dev/null
+/*
+ * Copyright (C) 2008, Intel Corp.
+ * Author: Huang Ying <ying.huang@intel.com>
+ * Vinodh Gopal <vinodh.gopal@intel.com>
+ * Kahraman Akdemir
+ *
+ * Ported x86_64 version to x86:
+ * Author: Mathias Krause <minipli@googlemail.com>
+ *
+ * Modified for use in Samba by Justin Maggard <jmaggard@netgear.com>
+ * and Jeremy Allison <jra@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#ifndef LIB_CRYPTO_AESNI_H
+#define LIB_CRYPTO_AESNI_H 1
+
+#if defined(HAVE_AESNI_INTEL)
+
+#define AES_MAX_KEYLENGTH (15 * 16)
+#define AES_MAX_KEYLENGTH_U32 (AES_MAX_KEYLENGTH / sizeof(uint32_t))
+
+/*
+ * Please ensure that the first two fields are 16-byte aligned
+ * relative to the start of the structure, i.e., don't move them!
+ */
+struct crypto_aes_ctx {
+ uint32_t key_enc[AES_MAX_KEYLENGTH_U32];
+ uint32_t key_dec[AES_MAX_KEYLENGTH_U32];
+ uint32_t key_length;
+};
+
+struct crypto_aesni_ctx {
+ uint8_t _acc_ctx[sizeof(struct crypto_aes_ctx) + 16];
+ struct crypto_aes_ctx *acc_ctx;
+};
+
+/*
+ * These next 4 functions are actually implemented
+ * in the assembly language file:
+ * third_party/aesni-intel/aesni-intel_asm.c
+ */
+
+int aesni_set_key(struct crypto_aes_ctx *ctx,
+ const uint8_t *in_key,
+ unsigned int key_len);
+void aesni_enc(struct crypto_aes_ctx *ctx, uint8_t *dst, const uint8_t *src);
+void aesni_dec(struct crypto_aes_ctx *ctx, uint8_t *dst, const uint8_t *src);
+
+#else /* #if defined(HAVE_AESNI_INTEL) */
+
+/*
+ * We need a dummy definition of struct crypto_aesni_ctx to allow compiles.
+ */
+
+struct crypto_aesni_ctx {
+ int dummy;
+};
+
+#endif /* #if defined(HAVE_AESNI_INTEL) */
+
+#endif /* LIB_CRYPTO_AESNI_H */