Linux Kernel aarch64 Crypto原理和框架介绍

文章目录

• 1、Linux的aarch64 crypto配置介绍

• 2、Linux的aarch64 crypto的总结：

• （1）、开启ARM-CE

• （2）、开启ARM-NEON

• （3）、纯软实现

• 3、比较硬件实现和纯软实现

1、Linux的aarch64 crypto配置介绍

开启ARM-CE或ARM-Neon，编译aes-glue.c文件，aes-glue.c是Linux kernel crypto aarch32/64下ARM-CE或ARM-NEON加解密调用的顶级文件。

• CONFIG_CRYPTO_AES_ARM64_CE_BLK
• CONFIG_CRYPTO_AES_ARM64_NEON_BLK

注意，如果开启的是ARM-CE，则加入USE_V8_CRYPTO_EXTENSIONS宏定义

在aes-glue.c中，使用USE_V8_CRYPTO_EXTENSIONS宏控制的底层aes的链接.

1. #ifdef USE_V8_CRYPTO_EXTENSIONS

2. #define MODE "ce"

3. #define PRIO 300

4. #define aes_setkey ce_aes_setkey

5. #define aes_expandkey ce_aes_expandkey

6. #define aes_ecb_encrypt ce_aes_ecb_encrypt

7. #define aes_ecb_decrypt ce_aes_ecb_decrypt

8. #define aes_cbc_encrypt ce_aes_cbc_encrypt

9. #define aes_cbc_decrypt ce_aes_cbc_decrypt

10. #define aes_ctr_encrypt ce_aes_ctr_encrypt

11. #define aes_xts_encrypt ce_aes_xts_encrypt

12. #define aes_xts_decrypt ce_aes_xts_decrypt

13. MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS using ARMv8 Crypto Extensions");

14. #else

15. #define MODE "neon"

16. #define PRIO 200

17. #define aes_setkey crypto_aes_set_key

18. #define aes_expandkey crypto_aes_expand_key

19. #define aes_ecb_encrypt neon_aes_ecb_encrypt

20. #define aes_ecb_decrypt neon_aes_ecb_decrypt

21. #define aes_cbc_encrypt neon_aes_cbc_encrypt

22. #define aes_cbc_decrypt neon_aes_cbc_decrypt

23. #define aes_ctr_encrypt neon_aes_ctr_encrypt

24. #define aes_xts_encrypt neon_aes_xts_encrypt

25. #define aes_xts_decrypt neon_aes_xts_decrypt

26. MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS using ARMv8 NEON");

27. MODULE_ALIAS_CRYPTO("ecb(aes)");

28. MODULE_ALIAS_CRYPTO("cbc(aes)");

29. MODULE_ALIAS_CRYPTO("ctr(aes)");

30. MODULE_ALIAS_CRYPTO("xts(aes)");

31. #endif

在Kconfig中可以看出，在开启CONFIG_CRYPTO_AES_ARM64_CE_BLK或CONFIG_CRYPTO_AES_ARM64_NEON_BLK，还需要再次选择底层的算法。

1. config CRYPTO_AES_ARM64_CE_BLK

2. tristate "AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions"

3. depends on KERNEL_MODE_NEON

4. select CRYPTO_BLKCIPHER

5. select CRYPTO_AES_ARM64_CE

6. select CRYPTO_AES_ARM64

7. select CRYPTO_SIMD

8. config CRYPTO_AES_ARM64_NEON_BLK

9. tristate "AES in ECB/CBC/CTR/XTS modes using NEON instructions"

10. depends on KERNEL_MODE_NEON

11. select CRYPTO_BLKCIPHER

12. select CRYPTO_AES_ARM64

13. select CRYPTO_AES

14. select CRYPTO_SIMD

如选择ARM-CE的aes，除了打开CONFIG_CRYPTO_AES_ARM64_CE_BLK，还需要再次开启CONFIG_CRYPTO_AES_ARM64_CE，编译aes-ce-cipher.S，该文件实现了ARM-CE的底层逻辑;

1. obj-$(CONFIG_CRYPTO_AES_ARM64_CE) += aes-ce-cipher.o

2. CFLAGS_aes-ce-cipher.o += -march=armv8-a+crypto

如选择ARM-NEON的aes，除了打开CONFIG_CRYPTO_AES_ARM64_NEON_BLK，不需要在额外增加别的宏了，因为在aes-neon.S中已经实现了ARM-NEON的底层逻辑;

1. obj-$(CONFIG_CRYPTO_AES_ARM64_NEON_BLK) += aes-neon-blk.o

2. aes-neon-blk-y := aes-glue-neon.o aes-neon.o

2、Linux的aarch64 crypto的总结：

（1）、开启ARM-CE

如果开启ARM-CE，则需要打开：

CONFIG_CRYPTO_AES_ARM64_CE_BLK

CONFIG_CRYPTO_AES_ARM64_CE

接口实现：aes-glue.c

底层实现：aes-modes.S

接口形式:

1. #define MODE "ce"

2. （同步）

3. .cra_name = "__ecb-aes-" MODE,

4. .cra_name = "__cbc-aes-" MODE,

5. .cra_name = "__ctr-aes-" MODE,

6. .cra_name = "__xts-aes-" MODE,

7. （异步）

8. .cra_driver_name = "ecb-aes-" MODE,

9. .cra_driver_name = "cbc-aes-" MODE,

10. .cra_driver_name = "ctr-aes-" MODE,

11. .cra_driver_name = "xts-aes-" MODE,

（2）、开启ARM-NEON

如果开启ARM-NEON，则需要打开：

CONFIG_CRYPTO_AES_ARM64_NEON_BLK

接口实现：aes-glue.c

底层实现：aes-neon.S

接口形式:

1. #define MODE "neon"

2. （同步）

3. .cra_name = "__ecb-aes-" MODE,

4. .cra_name = "__cbc-aes-" MODE,

5. .cra_name = "__ctr-aes-" MODE,

6. .cra_name = "__xts-aes-" MODE,

7. （异步）

8. .cra_driver_name = "ecb-aes-" MODE,

9. .cra_driver_name = "cbc-aes-" MODE,

10. .cra_driver_name = "ctr-aes-" MODE,

11. .cra_driver_name = "xts-aes-" MODE,

（3）、纯软实现

如果以上都不开，则走纯软实现

接口实现:

linux/crypto$ ls ecb.c cbc.c ctr.c xts.c

cbc.c ctr.c ecb.c xts.c

接口形式:

1. .name = "ecb",

2. .name = "cbc",

3. .name = "ctr",

4. .name = "xts",

3、比较硬件实现和纯软实现

其实如果是芯片SOC的实现，方法也类似：

添加威♥：sami01_2023，回复ARM中文，领取ARM中文手册