Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp2766036rda; Wed, 25 Oct 2023 11:37:09 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEqsr7d9Tx0E0QzWFVNSXh101lIpgxOSx4/m5wTtF53CNPAZ/3u8wA95gWgPzMvyXIoBfXp X-Received: by 2002:a05:6808:46:b0:3ad:f866:39bd with SMTP id v6-20020a056808004600b003adf86639bdmr15682036oic.27.1698259029536; Wed, 25 Oct 2023 11:37:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698259029; cv=none; d=google.com; s=arc-20160816; b=ROkBKv6VdnKkf/Ve2wfWg+8P0KhAklkfunWCVk1E2aW009Rb+k38zaImWDK8xDjgZK 0hH7w6QLiApqWOmkyoNx3VFIKB2Zb5FP+0qgPIVqS0CLXbvJCxxN5z+2iorFZskXhv9d eOoNgfHu1lJneWjWW/cgLuXZO5CvJQ+9QKw2rcymKs63yRKj449yTGqQtzzTF5rVlrtm WVXOdV0VC9uPei7jRJhAnLdl1HG0q7BCFjBdg2K/4s/DA8UcnXAVK/R0x3p+CFFdhrfS 6uPQbYmkcj3TCtRnIM40+8DHjh11oObJvV93cyvtyqe0J70/ERUkGoY4F6K///vopGCy sysQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=MeoxSvV9LV2U+gpMh6CC2wXStEN6WTZDI/w5L7HPlVc=; fh=mW5aUsjoOotHlwNYMx8xbHsUCWUVMMbs4tDVgGIL6Ds=; b=NSW1kFQer8OPDtOEDFFOVca2jhzwMpiNEungHNJzoXm4XwMsCsNAjliyohLktyPHz+ wTaMfnT4iforji8Gm/Io7m6Nq8mBEc3jABT5UySqFzJASKvX5ighTkGLGXbNZ+15aQJe R9vpkXjMw22V9zq8PRcqH2nih8ugaoU0L4kDM1S+qE8whcJmL1lrSFSrMylMbfq7fXaj ShzmrV/guIVNQLFfI2vdashRo9EvVo+A5fg1EA8gXFz9Od28Dd9nP3SknEAJQHpACjde pnZlxDChKEaQ6IO8FnbIzrQRU2PexiyrsxNSDlSre1l2d+ongjbsi3fStpzZXeNwDQgq V0mQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sifive.com header.s=google header.b="d69maL/8"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=sifive.com Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id v78-20020a25abd4000000b00da062a94d40si3578087ybi.27.2023.10.25.11.37.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 11:37:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@sifive.com header.s=google header.b="d69maL/8"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=sifive.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id EB3CA8023927; Wed, 25 Oct 2023 11:37:01 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229522AbjJYSg7 (ORCPT + 99 others); Wed, 25 Oct 2023 14:36:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58128 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229583AbjJYSg6 (ORCPT ); Wed, 25 Oct 2023 14:36:58 -0400 Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 047E4111 for ; Wed, 25 Oct 2023 11:36:56 -0700 (PDT) Received: by mail-pg1-x534.google.com with SMTP id 41be03b00d2f7-584a761b301so71165a12.3 for ; Wed, 25 Oct 2023 11:36:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sifive.com; s=google; t=1698259015; x=1698863815; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=MeoxSvV9LV2U+gpMh6CC2wXStEN6WTZDI/w5L7HPlVc=; b=d69maL/8QW+dkKV5fM+y9P9f/aFJHeoBonfDoUS9BeL0bblCh6gNheYaG7m4lZszJh O14KGc8cV71WRc31Hu9JjP8dhMnn+DtoUKbOUUg6h+BMCecQen8iWSsKO6UnnBc7V7mN rwW0/QIxddv4wYH7emaO6bjYU4xYPUY2irEcrr/DdlbnC5gjFBAlT+8Y1xQa2W+L/VGC OiilhfzKsu3lIo2zBccgILsM0f6rmj8clBfy0Dm/FFfWtLKh7jxzpQ58T5s+uUcZovg4 yyOJXCpv4p56MYHvhx2ge/jRP+ewdTo6tAV8vN6WS1D7ak7nvO9M4RJEL5iwk5HQl8Lj U7Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698259015; x=1698863815; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=MeoxSvV9LV2U+gpMh6CC2wXStEN6WTZDI/w5L7HPlVc=; b=N1hxrBlmEe+ay8p6FaZgEghWHhpNcVfY2KeE2n3wkdKqO90Pw6AwcrWyp+VdYLfzLx MZw6M6YXOxW+IIFWDmF4Quckoa4NhYUyyIF4khi1fz9WS0lxd2xDnSQKoM9Z6QrnSME/ /QURyYZ45ETZl+CJtEhal8I1oCZyswX/X9XTwIUW927beGoBmXZX/wgJ8BtzAQ6gyFi9 Jqedd6WlXc0aUzM4rBA/+5Gp5EWCnNwj2MgfGUOTU3CDMr6htbvJLcJ0sp70ZFCLV+qA 1tCIy1oxWNstobTl8qBZ2mdH5Sx5lJqWop7C7iPYKIKvYm22JBL7LrnOFuyRmRKzhEfs oOhw== X-Gm-Message-State: AOJu0YxVDM2l2Q6G88u0DOs0hByNFBWaPhH3+AkGQciWS35vorJg7qan 6sME4JAY2BG1oOM+POQT329pFw== X-Received: by 2002:a17:90a:7066:b0:27d:4d98:6812 with SMTP id f93-20020a17090a706600b0027d4d986812mr16981848pjk.38.1698259015482; Wed, 25 Oct 2023 11:36:55 -0700 (PDT) Received: from localhost.localdomain ([49.216.222.119]) by smtp.gmail.com with ESMTPSA id g3-20020a17090adb0300b00278f1512dd9sm212367pjv.32.2023.10.25.11.36.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Oct 2023 11:36:54 -0700 (PDT) From: Jerry Shih To: paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, herbert@gondor.apana.org.au, davem@davemloft.net Cc: andy.chiu@sifive.com, greentime.hu@sifive.com, conor.dooley@microchip.com, guoren@kernel.org, bjorn@rivosinc.com, heiko@sntech.de, ebiggers@kernel.org, ardb@kernel.org, phoebe.chen@sifive.com, hongrong.hsu@sifive.com, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org Subject: [PATCH 00/12] RISC-V: provide some accelerated cryptography implementations using vector extensions Date: Thu, 26 Oct 2023 02:36:32 +0800 Message-Id: <20231025183644.8735-1-jerry.shih@sifive.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Wed, 25 Oct 2023 11:37:02 -0700 (PDT) This series provides cryptographic implementations using the vector crypto extensions[1] including: 1. AES cipher 2. AES with CBC/CTR/ECB/XTS block modes 3. ChaCha20 stream cipher 4. GHASH for GCM 5. SHA-224/256 and SHA-384/512 hash 6. SM3 hash 7. SM4 cipher This patch set is based on Heiko Stuebner's work at: Link: https://lore.kernel.org/all/20230711153743.1970625-1-heiko@sntech.de/ The implementations reuse the perl-asm scripts from OpenSSL[2] with some changes adapting for the kernel crypto framework. The perl-asm scripts generate the opcodes into `.S` files instead of asm mnemonics. The reason for using opcodes is because the assembler hasn't supported the vector-crypto extensions yet. All changes pass the kernel run-time crypto self tests and the extra tests with vector-crypto-enabled qemu. Link: https://lists.gnu.org/archive/html/qemu-devel/2023-10/msg08822.html This series depend on: 1. kernel 6.6-rc7 Link: https://github.com/torvalds/linux/commit/05d3ef8bba77c1b5f98d941d8b2d4aeab8118ef1 2. support kernel-mode vector Link: https://lore.kernel.org/all/20230721112855.1006-1-andy.chiu@sifive.com/ 3. vector crypto extensions detection Link: https://lore.kernel.org/lkml/20231017131456.2053396-1-cleger@rivosinc.com/ 4. fix the error message: alg: skcipher: skipping comparison tests for xts-aes-aesni because xts(ecb(aes-generic)) is unavailable Link: https://lore.kernel.org/linux-crypto/20231009023116.266210-1-ebiggers@kernel.org/ Here is a branch on github applying with all dependent patches: Link: https://github.com/JerryShih/linux/tree/dev/jerrys/vector-crypto-upstream [1] Link: https://github.com/riscv/riscv-crypto/blob/56ed7952d13eb5bdff92e2b522404668952f416d/doc/vector/riscv-crypto-spec-vector.adoc [2] Link: https://github.com/openssl/openssl/pull/21923 Heiko Stuebner (2): RISC-V: add helper function to read the vector VLEN RISC-V: hook new crypto subdir into build-system Jerry Shih (10): RISC-V: crypto: add OpenSSL perl module for vector instructions RISC-V: crypto: add Zvkned accelerated AES implementation crypto: scatterwalk - Add scatterwalk_next() to get the next scatterlist in scatter_walk RISC-V: crypto: add accelerated AES-CBC/CTR/ECB/XTS implementations RISC-V: crypto: add Zvkg accelerated GCM GHASH implementation RISC-V: crypto: add Zvknha/b accelerated SHA224/256 implementations RISC-V: crypto: add Zvknhb accelerated SHA384/512 implementations RISC-V: crypto: add Zvksed accelerated SM4 implementation RISC-V: crypto: add Zvksh accelerated SM3 implementation RISC-V: crypto: add Zvkb accelerated ChaCha20 implementation arch/riscv/Kbuild | 1 + arch/riscv/crypto/Kconfig | 122 ++ arch/riscv/crypto/Makefile | 68 + .../crypto/aes-riscv64-block-mode-glue.c | 486 +++++++ arch/riscv/crypto/aes-riscv64-glue.c | 163 +++ arch/riscv/crypto/aes-riscv64-glue.h | 28 + .../crypto/aes-riscv64-zvbb-zvkg-zvkned.pl | 944 +++++++++++++ arch/riscv/crypto/aes-riscv64-zvkb-zvkned.pl | 416 ++++++ arch/riscv/crypto/aes-riscv64-zvkned.pl | 1198 +++++++++++++++++ arch/riscv/crypto/chacha-riscv64-glue.c | 120 ++ arch/riscv/crypto/chacha-riscv64-zvkb.pl | 322 +++++ arch/riscv/crypto/ghash-riscv64-glue.c | 191 +++ arch/riscv/crypto/ghash-riscv64-zvkg.pl | 100 ++ arch/riscv/crypto/riscv.pm | 828 ++++++++++++ arch/riscv/crypto/sha256-riscv64-glue.c | 140 ++ .../sha256-riscv64-zvkb-zvknha_or_zvknhb.pl | 318 +++++ arch/riscv/crypto/sha512-riscv64-glue.c | 133 ++ .../crypto/sha512-riscv64-zvkb-zvknhb.pl | 266 ++++ arch/riscv/crypto/sm3-riscv64-glue.c | 121 ++ arch/riscv/crypto/sm3-riscv64-zvksh.pl | 230 ++++ arch/riscv/crypto/sm4-riscv64-glue.c | 120 ++ arch/riscv/crypto/sm4-riscv64-zvksed.pl | 268 ++++ arch/riscv/include/asm/vector.h | 11 + crypto/Kconfig | 3 + include/crypto/scatterwalk.h | 9 +- 25 files changed, 6604 insertions(+), 2 deletions(-) create mode 100644 arch/riscv/crypto/Kconfig create mode 100644 arch/riscv/crypto/Makefile create mode 100644 arch/riscv/crypto/aes-riscv64-block-mode-glue.c create mode 100644 arch/riscv/crypto/aes-riscv64-glue.c create mode 100644 arch/riscv/crypto/aes-riscv64-glue.h create mode 100644 arch/riscv/crypto/aes-riscv64-zvbb-zvkg-zvkned.pl create mode 100644 arch/riscv/crypto/aes-riscv64-zvkb-zvkned.pl create mode 100644 arch/riscv/crypto/aes-riscv64-zvkned.pl create mode 100644 arch/riscv/crypto/chacha-riscv64-glue.c create mode 100644 arch/riscv/crypto/chacha-riscv64-zvkb.pl create mode 100644 arch/riscv/crypto/ghash-riscv64-glue.c create mode 100644 arch/riscv/crypto/ghash-riscv64-zvkg.pl create mode 100644 arch/riscv/crypto/riscv.pm create mode 100644 arch/riscv/crypto/sha256-riscv64-glue.c create mode 100644 arch/riscv/crypto/sha256-riscv64-zvkb-zvknha_or_zvknhb.pl create mode 100644 arch/riscv/crypto/sha512-riscv64-glue.c create mode 100644 arch/riscv/crypto/sha512-riscv64-zvkb-zvknhb.pl create mode 100644 arch/riscv/crypto/sm3-riscv64-glue.c create mode 100644 arch/riscv/crypto/sm3-riscv64-zvksh.pl create mode 100644 arch/riscv/crypto/sm4-riscv64-glue.c create mode 100644 arch/riscv/crypto/sm4-riscv64-zvksed.pl -- 2.28.0