快速链接:
.
??? 个人博客笔记导读目录(全部) ???
相关推荐:
The Armv8 Cryptographic Extension在Linux Kernel中的应用
Armv8 Cryptographic Extension介绍
Linux kernel内核调用crypto算法的方法
Linux Kernel aarch64的ARM-CE aes-ecb的底层代码解析
说明:在无特别的说明下,本文讲述得都是armv8-aarch64体系、linux kernel 4.14 arm64软件环境!
文章目录
1、Linux的aarch64 crypto配置介绍
开启ARM-CE或ARM-Neon,编译aes-glue.c文件,aes-glue.c是Linux kernel crypto aarch32/64下ARM-CE或ARM-NEON加解密调用的顶级文件。
- CONFIG_CRYPTO_AES_ARM64_CE_BLK
- CONFIG_CRYPTO_AES_ARM64_NEON_BLK
注意,如果开启的是ARM-CE,则加入USE_V8_CRYPTO_EXTENSIONS宏定义
在aes-glue.c中,使用USE_V8_CRYPTO_EXTENSIONS宏控制的底层aes的链接.
#ifdef USE_V8_CRYPTO_EXTENSIONS
#define MODE "ce"
#define PRIO 300
#define aes_setkey ce_aes_setkey
#define aes_expandkey ce_aes_expandkey
#define aes_ecb_encrypt ce_aes_ecb_encrypt
#define aes_ecb_decrypt ce_aes_ecb_decrypt
#define aes_cbc_encrypt ce_aes_cbc_encrypt
#define aes_cbc_decrypt ce_aes_cbc_decrypt
#define aes_ctr_encrypt ce_aes_ctr_encrypt
#define aes_xts_encrypt ce_aes_xts_encrypt
#define aes_xts_decrypt ce_aes_xts_decrypt
MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS using ARMv8 Crypto Extensions");
#else
#define MODE "neon"
#define PRIO 200
#define aes_setkey crypto_aes_set_key
#define aes_expandkey crypto_aes_expand_key
#define aes_ecb_encrypt neon_aes_ecb_encrypt
#define aes_ecb_decrypt neon_aes_ecb_decrypt
#define aes_cbc_encrypt neon_aes_cbc_encrypt
#define aes_cbc_decrypt neon_aes_cbc_decrypt
#define aes_ctr_encrypt neon_aes_ctr_encrypt
#define aes_xts_encrypt neon_aes_xts_encrypt
#define aes_xts_decrypt neon_aes_xts_decrypt
MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS using ARMv8 NEON");
MODULE_ALIAS_CRYPTO("ecb(aes)");
MODULE_ALIAS_CRYPTO("cbc(aes)");
MODULE_ALIAS_CRYPTO("ctr(aes)");
MODULE_ALIAS_CRYPTO("xts(aes)");
#endif
在Kconfig中可以看出,在开启CONFIG_CRYPTO_AES_ARM64_CE_BLK或CONFIG_CRYPTO_AES_ARM64_NEON_BLK,还需要再次选择底层的算法。
config CRYPTO_AES_ARM64_CE_BLK
tristate "AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions"
depends on KERNEL_MODE_NEON
select CRYPTO_BLKCIPHER
select CRYPTO_AES_ARM64_CE
select CRYPTO_AES_ARM64
select CRYPTO_SIMD
config CRYPTO_AES_ARM64_NEON_BLK
tristate "AES in ECB/CBC/CTR/XTS modes using NEON instructions"
depends on KERNEL_MODE_NEON
select CRYPTO_BLKCIPHER
select CRYPTO_AES_ARM64
select CRYPTO_AES
select CRYPTO_SIMD
如选择ARM-CE的aes,除了打开CONFIG_CRYPTO_AES_ARM64_CE_BLK,还需要再次开启CONFIG_CRYPTO_AES_ARM64_CE,编译aes-ce-cipher.S,该文件实现了ARM-CE的底层逻辑;
obj-$(CONFIG_CRYPTO_AES_ARM64_CE) += aes-ce-cipher.o
CFLAGS_aes-ce-cipher.o += -march=armv8-a+crypto
如选择ARM-NEON的aes,除了打开CONFIG_CRYPTO_AES_ARM64_NEON_BLK,不需要在额外增加别的宏了,因为在aes-neon.S中已经实现了ARM-NEON的底层逻辑;
obj-$(CONFIG_CRYPTO_AES_ARM64_NEON_BLK) += aes-neon-blk.o
aes-neon-blk-y := aes-glue-neon.o aes-neon.o
2、Linux的aarch64 crypto的总结:
(1)、开启ARM-CE
如果开启ARM-CE,则需要打开:
CONFIG_CRYPTO_AES_ARM64_CE_BLK
CONFIG_CRYPTO_AES_ARM64_CE
接口实现:aes-glue.c
底层实现:aes-modes.S
接口形式:
#define MODE "ce"
(同步)
.cra_name = "__ecb-aes-" MODE,
.cra_name = "__cbc-aes-" MODE,
.cra_name = "__ctr-aes-" MODE,
.cra_name = "__xts-aes-" MODE,
(异步)
.cra_driver_name = "ecb-aes-" MODE,
.cra_driver_name = "cbc-aes-" MODE,
.cra_driver_name = "ctr-aes-" MODE,
.cra_driver_name = "xts-aes-" MODE,
(2)、开启ARM-NEON
如果开启ARM-NEON,则需要打开:
CONFIG_CRYPTO_AES_ARM64_NEON_BLK
接口实现:aes-glue.c
底层实现:aes-neon.S
接口形式:
#define MODE "neon"
(同步)
.cra_name = "__ecb-aes-" MODE,
.cra_name = "__cbc-aes-" MODE,
.cra_name = "__ctr-aes-" MODE,
.cra_name = "__xts-aes-" MODE,
(异步)
.cra_driver_name = "ecb-aes-" MODE,
.cra_driver_name = "cbc-aes-" MODE,
.cra_driver_name = "ctr-aes-" MODE,
.cra_driver_name = "xts-aes-" MODE,
(3)、纯软实现
如果以上都不开,则走纯软实现
接口实现:
linux/crypto$ ls ecb.c cbc.c ctr.c xts.c
cbc.c ctr.c ecb.c xts.c
接口形式:
.name = "ecb",
.name = "cbc",
.name = "ctr",
.name = "xts",
3、比较硬件实现和纯软实现
其实如果是芯片SOC的实现,方法也类似: