文章目录
1、Linux的aarch64 crypto配置介绍
2、Linux的aarch64 crypto的总结:
(1)、开启ARM-CE
(2)、开启ARM-NEON
(3)、纯软实现
3、比较硬件实现和纯软实现
1、Linux的aarch64 crypto配置介绍
开启ARM-CE或ARM-Neon,编译aes-glue.c文件,aes-glue.c是Linux kernel crypto aarch32/64下ARM-CE或ARM-NEON加解密调用的顶级文件。
CONFIG_CRYPTO_AES_ARM64_CE_BLK
CONFIG_CRYPTO_AES_ARM64_NEON_BLK
注意,如果开启的是ARM-CE,则加入USE_V8_CRYPTO_EXTENSIONS宏定义
在aes-glue.c中,使用USE_V8_CRYPTO_EXTENSIONS宏控制的底层aes的链接.
ifdef USE_V8_CRYPTO_EXTENSIONS
define MODE "ce"
define PRIO 300
define aes_setkey ce_aes_setkey
define aes_expandkey ce_aes_expandkey
define aes_ecb_encrypt ce_aes_ecb_encrypt
define aes_ecb_decrypt ce_aes_ecb_decrypt
define aes_cbc_encrypt ce_aes_cbc_encrypt
define aes_cbc_decrypt ce_aes_cbc_decrypt
define aes_ctr_encrypt ce_aes_ctr_encrypt
define aes_xts_encrypt ce_aes_xts_encrypt
define aes_xts_decrypt ce_aes_xts_decrypt
MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS using ARMv8 Crypto Extensions");
else
define MODE "neon"
define PRIO 200
define aes_setkey crypto_aes_set_key
define aes_expandkey crypto_aes_expand_key
define aes_ecb_encrypt neon_aes_ecb_encrypt
define aes_ecb_decrypt neon_aes_ecb_decrypt
define aes_cbc_encrypt neon_aes_cbc_encrypt
define aes_cbc_decrypt neon_aes_cbc_decrypt
define aes_ctr_encrypt neon_aes_ctr_encrypt
define aes_xts_encrypt neon_aes_xts_encrypt
define aes_xts_decrypt neon_aes_xts_decrypt
MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS using ARMv8 NEON");
MODULE_ALIAS_CRYPTO("ecb(aes)");
MODULE_ALIAS_CRYPTO("cbc(aes)");
MODULE_ALIAS_CRYPTO("ctr(aes)");
MODULE_ALIAS_CRYPTO("xts(aes)");
endif
在Kconfig中可以看出,在开启CONFIG_CRYPTO_AES_ARM64_CE_BLK或CONFIG_CRYPTO_AES_ARM64_NEON_BLK,还需要再次选择底层的算法。
config CRYPTO_AES_ARM64_CE_BLK
tristate "AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions"
depends on KERNEL_MODE_NEON
select CRYPTO_BLKCIPHER
select CRYPTO_AES_ARM64_CE
select CRYPTO_AES_ARM64
select CRYPTO_SIMDconfig CRYPTO_AES_ARM64_NEON_BLK
tristate "AES in ECB/CBC/CTR/XTS modes using NEON instructions"
depends on KERNEL_MODE_NEON
select CRYPTO_BLKCIPHER
select CRYPTO_AES_ARM64
select CRYPTO_AES
select CRYPTO_SIMD
如选择ARM-CE的aes,除了打开CONFIG_CRYPTO_AES_ARM64_CE_BLK,还需要再次开启CONFIG_CRYPTO_AES_ARM64_CE,编译aes-ce-cipher.S,该文件实现了ARM-CE的底层逻辑;
obj-$(CONFIG_CRYPTO_AES_ARM64_CE) += aes-ce-cipher.o
CFLAGS_aes-ce-cipher.o += -march=armv8-a+crypto
如选择ARM-NEON的aes,除了打开CONFIG_CRYPTO_AES_ARM64_NEON_BLK,不需要在额外增加别的宏了,因为在aes-neon.S中已经实现了ARM-NEON的底层逻辑;
obj-$(CONFIG_CRYPTO_AES_ARM64_NEON_BLK) += aes-neon-blk.o
aes-neon-blk-y := aes-glue-neon.o aes-neon.o
2、Linux的aarch64 crypto的总结:
(1)、开启ARM-CE
如果开启ARM-CE,则需要打开:
CONFIG_CRYPTO_AES_ARM64_CE_BLK
CONFIG_CRYPTO_AES_ARM64_CE
接口实现:aes-glue.c
底层实现:aes-modes.S
接口形式:
define MODE "ce"
(同步)
.cra_name = "__ecb-aes-" MODE,
.cra_name = "__cbc-aes-" MODE,
.cra_name = "__ctr-aes-" MODE,
.cra_name = "__xts-aes-" MODE,
(异步)
.cra_driver_name = "ecb-aes-" MODE,
.cra_driver_name = "cbc-aes-" MODE,
.cra_driver_name = "ctr-aes-" MODE,
.cra_driver_name = "xts-aes-" MODE,
(2)、开启ARM-NEON
如果开启ARM-NEON,则需要打开:
CONFIG_CRYPTO_AES_ARM64_NEON_BLK
接口实现:aes-glue.c
底层实现:aes-neon.S
接口形式:
define MODE "neon"
(同步)
.cra_name = "__ecb-aes-" MODE,
.cra_name = "__cbc-aes-" MODE,
.cra_name = "__ctr-aes-" MODE,
.cra_name = "__xts-aes-" MODE,
(异步)
.cra_driver_name = "ecb-aes-" MODE,
.cra_driver_name = "cbc-aes-" MODE,
.cra_driver_name = "ctr-aes-" MODE,
.cra_driver_name = "xts-aes-" MODE,
(3)、纯软实现
如果以上都不开,则走纯软实现
接口实现:
linux/crypto$ ls ecb.c cbc.c ctr.c xts.c
cbc.c ctr.c ecb.c xts.c
接口形式:
.name = "ecb",
.name = "cbc",
.name = "ctr",
.name = "xts",
3、比较硬件实现和纯软实现
其实如果是芯片SOC的实现,方法也类似:
添加威♥:sami01_2023,回复ARM中文,领取ARM中文手册
