lib/crypto/arm64/aes.h

Source file repositories/reference/linux-study-clean/lib/crypto/arm64/aes.h

File Facts

System
Linux kernel
Corpus path
lib/crypto/arm64/aes.h
Extension
.h
Size
7243 bytes
Lines
220
Domain
Kernel Services
Bucket
lib
Inferred role
Kernel Services: exported/initcall integration point
Status
integration implementation candidate

Why This File Exists

Shared kernel service surface used by multiple subsystems, including helpers, cryptography, virtualization support, and async I/O infrastructure.

Dependency Surface

Detected Declarations

Annotated Snippet

struct aes_block {
	u8 b[AES_BLOCK_SIZE];
};

asmlinkage void __aes_arm64_encrypt(const u32 rk[], u8 out[AES_BLOCK_SIZE],
				    const u8 in[AES_BLOCK_SIZE], int rounds);
asmlinkage void __aes_arm64_decrypt(const u32 inv_rk[], u8 out[AES_BLOCK_SIZE],
				    const u8 in[AES_BLOCK_SIZE], int rounds);
asmlinkage void __aes_ce_encrypt(const u32 rk[], u8 out[AES_BLOCK_SIZE],
				 const u8 in[AES_BLOCK_SIZE], int rounds);
asmlinkage void __aes_ce_decrypt(const u32 inv_rk[], u8 out[AES_BLOCK_SIZE],
				 const u8 in[AES_BLOCK_SIZE], int rounds);
asmlinkage u32 __aes_ce_sub(u32 l);
asmlinkage void __aes_ce_invert(struct aes_block *out,
				const struct aes_block *in);
asmlinkage void neon_aes_mac_update(u8 const in[], u32 const rk[], int rounds,
				    size_t blocks, u8 dg[], int enc_before,
				    int enc_after);

/*
 * Expand an AES key using the crypto extensions if supported and usable or
 * generic code otherwise.  The expanded key format is compatible between the
 * two cases.  The outputs are @rndkeys (required) and @inv_rndkeys (optional).
 */
static void aes_expandkey_arm64(u32 rndkeys[], u32 *inv_rndkeys,
				const u8 *in_key, int key_len, int nrounds)
{
	/*
	 * The AES key schedule round constants
	 */
	static u8 const rcon[] = {
		0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36,
	};

	u32 kwords = key_len / sizeof(u32);
	struct aes_block *key_enc, *key_dec;
	int i, j;

	if (!static_branch_likely(&have_aes) || unlikely(!may_use_simd())) {
		aes_expandkey_generic(rndkeys, inv_rndkeys, in_key, key_len);
		return;
	}

	for (i = 0; i < kwords; i++)
		rndkeys[i] = get_unaligned_le32(&in_key[i * sizeof(u32)]);

	scoped_ksimd() {
		for (i = 0; i < sizeof(rcon); i++) {
			u32 *rki = &rndkeys[i * kwords];
			u32 *rko = rki + kwords;

			rko[0] = ror32(__aes_ce_sub(rki[kwords - 1]), 8) ^
				 rcon[i] ^ rki[0];
			rko[1] = rko[0] ^ rki[1];
			rko[2] = rko[1] ^ rki[2];
			rko[3] = rko[2] ^ rki[3];

			if (key_len == AES_KEYSIZE_192) {
				if (i >= 7)
					break;
				rko[4] = rko[3] ^ rki[4];
				rko[5] = rko[4] ^ rki[5];
			} else if (key_len == AES_KEYSIZE_256) {
				if (i >= 6)
					break;
				rko[4] = __aes_ce_sub(rko[3]) ^ rki[4];
				rko[5] = rko[4] ^ rki[5];
				rko[6] = rko[5] ^ rki[6];
				rko[7] = rko[6] ^ rki[7];
			}
		}

		/*
		 * Generate the decryption keys for the Equivalent Inverse
		 * Cipher.  This involves reversing the order of the round
		 * keys, and applying the Inverse Mix Columns transformation on
		 * all but the first and the last one.
		 */
		if (inv_rndkeys) {
			key_enc = (struct aes_block *)rndkeys;
			key_dec = (struct aes_block *)inv_rndkeys;
			j = nrounds;

			key_dec[0] = key_enc[j];
			for (i = 1, j--; j > 0; i++, j--)
				__aes_ce_invert(key_dec + i, key_enc + j);
			key_dec[i] = key_enc[0];
		}
	}
}

Annotation

Implementation Notes