summaryrefslogtreecommitdiffstats
path: root/arch/x86/crypto (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6Herbert Xu2009-12-011-5/+5
|\
| * crypto: aesni-intel - Fix irq_fpu_usable usageHuang Ying2009-10-201-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | When renaming kernel_fpu_using to irq_fpu_usable, the semantics of the function is changed too, from mesuring whether kernel is using FPU, that is, the FPU is NOT available, to measuring whether FPU is usable, that is, the FPU is available. But the usage of irq_fpu_usable in aesni-intel_glue.c is not changed accordingly. This patch fixes this. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ghash-clmulni-intel - Put proper .data section in placeJiri Kosina2009-11-231-0/+2
| | | | | | | | | | | | | | | | Lbswap_mask, Lpoly and Ltwo_one should clearly belong to .data section, not .text. Signed-off-by: Jiri Kosina <jkosina@suse.cz> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ghash-clmulni-intel - Use gas macro for PCLMULQDQ-NI and PSHUFBHuang Ying2009-11-231-19/+10
| | | | | | | | | | | | | | | | | | | | | | | | Old binutils do not support PCLMULQDQ-NI and PSHUFB, to make kernel can be compiled by them, .byte code is used instead of assembly instructions. But the readability and flexibility of raw .byte code is not good. So corresponding assembly instruction like gas macro is used instead. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: aesni-intel - Use gas macro for AES-NI instructionsHuang Ying2009-11-231-344/+173
| | | | | | | | | | | | | | | | | | | | | | | | Old binutils do not support AES-NI instructions, to make kernel can be compiled by them, .byte code is used instead of AES-NI assembly instructions. But the readability and flexibility of raw .byte code is not good. So corresponding assembly instruction like gas macro is used instead. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ghash-intel - Fix irq_fpu_usable usageHuang Ying2009-11-031-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | When renaming kernel_fpu_using to irq_fpu_usable, the semantics of the function is changed too, from mesuring whether kernel is using FPU, that is, the FPU is NOT available, to measuring whether FPU is usable, that is, the FPU is available. But the usage of irq_fpu_usable in ghash-clmulni-intel_glue.c is not changed accordingly. This patch fixes this. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ghash-intel - Add PSHUFB macrosHerbert Xu2009-11-031-5/+6
| | | | | | | | | | | | | | | | Add PSHUFB macros instead of repeating byte sequences, suggested by Ingo. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Ingo Molnar <mingo@elte.hu>
* | crypto: ghash-intel - Hard-code pshufbHerbert Xu2009-11-011-6/+12
| | | | | | | | | | | | | | | | Old gases don't have a clue what pshufb stands for so we have to hard-code it for now. Reported-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* | crypto: ghash - Add PCLMULQDQ accelerated implementationHuang Ying2009-10-193-0/+493
|/ | | | | | | | | | | | | | | | PCLMULQDQ is used to accelerate the most time-consuming part of GHASH, carry-less multiplication. More information about PCLMULQDQ can be found at: http://software.intel.com/en-us/articles/carry-less-multiplication-and-its-usage-for-computing-the-gcm-mode/ Because PCLMULQDQ changes XMM state, its usage must be enclosed with kernel_fpu_begin/end, which can be used only in process context, the acceleration is implemented as crypto_ahash. That is, request in soft IRQ context will be defered to the cryptd kernel thread. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* Merge branch 'x86-cpu-for-linus' of ↵Linus Torvalds2009-09-141-12/+5
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (22 commits) x86: Fix code patching for paravirt-alternatives on 486 x86, msr: change msr-reg.o to obj-y, and export its symbols x86: Use hard_smp_processor_id() to get apic id for AMD K8 cpus x86, sched: Workaround broken sched domain creation for AMD Magny-Cours x86, mcheck: Use correct cpumask for shared bank4 x86, cacheinfo: Fixup L3 cache information for AMD multi-node processors x86: Fix CPU llc_shared_map information for AMD Magny-Cours x86, msr: Fix msr-reg.S compilation with gas 2.16.1, on 32-bit too x86: Move kernel_fpu_using to irq_fpu_usable in asm/i387.h x86, msr: fix msr-reg.S compilation with gas 2.16.1 x86, msr: Export the register-setting MSR functions via /dev/*/msr x86, msr: Create _on_cpu helpers for {rw,wr}msr_safe_regs() x86, msr: Have the _safe MSR functions return -EIO, not -EFAULT x86, msr: CFI annotations, cleanups for msr-reg.S x86, asm: Make _ASM_EXTABLE() usable from assembly code x86, asm: Add 32-bit versions of the combined CFI macros x86, AMD: Disable wrongly set X86_FEATURE_LAHF_LM CPUID bit x86, msr: Rewrite AMD rd/wrmsr variants x86, msr: Add rd/wrmsr interfaces with preset registers x86: add specific support for Intel Atom architecture ...
| * x86: Move kernel_fpu_using to irq_fpu_usable in asm/i387.hHuang Ying2009-09-021-12/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This function measures whether the FPU/SSE state can be touched in interrupt context. If the interrupted code is in user space or has no valid FPU/SSE context (CR0.TS == 1), FPU/SSE state can be used in IRQ or soft_irq context too. This is used by AES-NI accelerated AES implementation and PCLMULQDQ accelerated GHASH implementation. v3: - Renamed to irq_fpu_usable to reflect the purpose of the function. v2: - Renamed to irq_is_fpu_using to reflect the real situation. Signed-off-by: Huang Ying <ying.huang@intel.com> CC: H. Peter Anvin <hpa@zytor.com> Signed-off-by: H. Peter Anvin <hpa@zytor.com>
* | crypto: aes-ni - Don't print message with KERN_ERR on old systemRoland Dreier2009-06-241-1/+1
|/ | | | | | | | | | | | | | | When the aes-intel module is loaded on a system that does not have the AES instructions, it prints Intel AES-NI instructions are not detected. at level KERN_ERR. Since aes-intel is aliased to "aes" it will be tried whenever anything uses AES and spam the console. This doesn't match existing practice for how to handle "no hardware" when initializing a module, so downgrade the message to KERN_INFO. Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aes-ni - Remove CRYPTO_TFM_REQ_MAY_SLEEP from fpu templateHuang Ying2009-06-181-2/+2
| | | | | | | | kernel_fpu_begin/end used preempt_disable/enable, so sleep should be prevented between kernel_fpu_begin/end. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aes-ni - Do not sleep when using the FPUHuang Ying2009-06-181-0/+4
| | | | | | | | | | Because AES-NI instructions will touch XMM state, corresponding code must be enclosed within kernel_fpu_begin/end, which used preempt_disable/enable. So sleep should be prevented between kernel_fpu_begin/end. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aes-ni - Fix cbc mode IV savingHuang Ying2009-06-181-2/+3
| | | | | | | | Original implementation of aesni_cbc_dec do not save IV if input length % 4 == 0. This will make decryption of next block failed. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aes-ni - Add support for more modesHuang Ying2009-06-021-1/+266
| | | | | | | | | | | | | | | | | | | | | | | | Because kernel_fpu_begin() and kernel_fpu_end() operations are too slow, the performance gain of general mode implementation + aes-aesni is almost all compensated. The AES-NI support for more modes are implemented as follow: - Add a new AES algorithm implementation named __aes-aesni without kernel_fpu_begin/end() - Use fpu(<mode>(AES)) to provide kenrel_fpu_begin/end() invoking - Add <mode>(AES) ablkcipher, which uses cryptd(fpu(<mode>(AES))) to defer cryption to cryptd context in soft_irq context. Now the ctr, lrw, pcbc and xts support are added. Performance testing based on dm-crypt shows that cryption time can be reduced to 50% of general mode implementation + aes-aesni implementation. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: fpu - Add template for blkcipher touching FPUHuang Ying2009-06-022-0/+168
| | | | | | | | | | | | Blkcipher touching FPU need to be enclosed by kernel_fpu_begin() and kernel_fpu_end(). If they are invoked in cipher algorithm implementation, they will be invoked for each block, so that performance will be hurt, because they are "slow" operations. This patch implements "fpu" template, which makes these operations to be invoked for each request. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aes-ni - Add support to Intel AES-NI instructions for x86_64 platformHuang Ying2009-02-183-0/+1360
| | | | | | | | | | | | | | | | | | | | | | | | Intel AES-NI is a new set of Single Instruction Multiple Data (SIMD) instructions that are going to be introduced in the next generation of Intel processor, as of 2009. These instructions enable fast and secure data encryption and decryption, using the Advanced Encryption Standard (AES), defined by FIPS Publication number 197. The architecture introduces six instructions that offer full hardware support for AES. Four of them support high performance data encryption and decryption, and the other two instructions support the AES key expansion procedure. The white paper can be downloaded from: http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf AES may be used in soft_irq context, but MMX/SSE context can not be touched safely in soft_irq context. So in_interrupt() is checked, if in IRQ or soft_irq context, the general x86_64 implementation are used instead. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aes - Export x86 AES encrypt/decrypt functionsHuang Ying2009-02-183-17/+27
| | | | | | | | | | | Intel AES-NI AES acceleration instructions touch XMM state, to use that in soft_irq context, general x86 AES implementation is used as fallback. The first parameter is changed from struct crypto_tfm * to struct crypto_aes_ctx * to make it easier to deal with 16 bytes alignment requirement of AES-NI implementation. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: aes - Move key_length in struct crypto_aes_ctx to be the last fieldHuang Ying2009-02-182-5/+5
| | | | | | | | | The Intel AES-NI AES acceleration instructions need key_enc, key_dec in struct crypto_aes_ctx to be 16 byte aligned, it make this easier to move key_length to be the last one. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: crc32c-intel - Switch to shashHerbert Xu2008-12-251-54/+47
| | | | | | This patch changes crc32c-intel to the new shash interface. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: crc32c-intel - Update copyright headKent Liu2008-12-251-6/+14
| | | | | | | | The original copyright head for crc32c-intel.c is incorrect. Please merge the patch to update it. Signed-Off-By: Kent Liu <kent.liu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* crypto: crc32c - Use Intel CRC32 instructionAustin Zhang2008-08-292-0/+199
| | | | | | | | | | | | | From NHM processor onward, Intel processors can support hardware accelerated CRC32c algorithm with the new CRC32 instruction in SSE 4.2 instruction set. The patch detects the availability of the feature, and chooses the most proper way to calculate CRC32c checksum. Byte code instructions are used for compiler compatibility. No MMX / XMM registers is involved in the implementation. Signed-off-by: Austin Zhang <austin.zhang@intel.com> Signed-off-by: Kent Liu <kent.liu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] aes-x86-32: Remove unused return codeSebastian Siewior2008-04-211-3/+0
| | | | | | | The return parameter isn't used remove it. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] twofish: Merge common glue codeSebastian Siewior2008-01-143-103/+6
| | | | | | | There is almost no difference between 32 & 64 bit glue code. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] salsa20: Add x86-64 assembly versionTan Swee Heng2008-01-103-0/+924
| | | | | | | | | | This is the x86-64 version of the Salsa20 stream cipher algorithm. The original assembly code came from <http://cr.yp.to/snuffle/salsa20/amd64-3/salsa20.s>. It has been reformatted for clarity. Signed-off-by: Tan Swee Heng <thesweeheng@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] salsa20_i586: Salsa20 stream cipher algorithm (i586 version)Tan Swee Heng2008-01-103-0/+1243
| | | | | | | | | | | This patch contains the salsa20-i586 implementation. The original assembly code came from <http://cr.yp.to/snuffle/salsa20/x86-pm/salsa20.s>. I have reformatted it (added indents) so that it matches the other algorithms in arch/x86/crypto. Signed-off-by: Tan Swee Heng <thesweeheng@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] aes-asm: Merge common glue codeSebastian Siewior2008-01-103-77/+20
| | | | | | | | 32 bit and 64 bit glue code is using (now) the same piece code. This patch unifies them. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] aes-i586: Remove setkeySebastian Siewior2008-01-102-504/+46
| | | | | | | The setkey() function can be shared with the generic algorithm. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] aes-x86-64: Remove setkeySebastian Siewior2008-01-102-313/+37
| | | | | | | The setkey() function can be shared with the generic algorithm. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* [CRYPTO] aes: Move common defines into a header fileSebastian Siewior2008-01-102-8/+2
| | | | | | | This three defines are used in all AES related hardware. Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
* x86: merge arch/x86/crypto MakefilesThomas Gleixner2007-10-233-29/+15
| | | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu>
* x86_64: move cryptoThomas Gleixner2007-10-116-1/+960
| | | | | Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu>
* i386: move cryptoThomas Gleixner2007-10-116-0/+1337
Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu>