add {SAVE,RESTORE}_VECTOR_REGISTERS() macros for kernel_fpu_{begin,end} when WOLFSSL_LINUXKM, to allow safe use of AESNI and SIMD instructions in the kernel.

2025-08-01 03:34:39 +02:00 · 2020-08-28 17:16:44 -05:00
parent 2c564a7728
commit 360c749703
2 changed files with 23 additions and 1 deletions
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -6257,23 +6257,29 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 #ifdef WOLFSSL_AESNI
    #ifdef HAVE_INTEL_AVX2
    if (IS_INTEL_AVX2(intel_flags)) {
+        SAVE_VECTOR_REGISTERS();
        AES_GCM_encrypt_avx2(in, out, authIn, iv, authTag, sz, authInSz, ivSz,
                                 authTagSz, (const byte*)aes->key, aes->rounds);
+        RESTORE_VECTOR_REGISTERS();
        return 0;
    }
    else
    #endif
    #ifdef HAVE_INTEL_AVX1
    if (IS_INTEL_AVX1(intel_flags)) {
+        SAVE_VECTOR_REGISTERS();
        AES_GCM_encrypt_avx1(in, out, authIn, iv, authTag, sz, authInSz, ivSz,
                                 authTagSz, (const byte*)aes->key, aes->rounds);
+        RESTORE_VECTOR_REGISTERS();
        return 0;
    }
    else
    #endif
    if (haveAESNI) {
+        SAVE_VECTOR_REGISTERS();
        AES_GCM_encrypt(in, out, authIn, iv, authTag, sz, authInSz, ivSz,
                                 authTagSz, (const byte*)aes->key, aes->rounds);
+        RESTORE_VECTOR_REGISTERS();
        return 0;
    }
    else
@@ -6727,8 +6733,10 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
 #ifdef WOLFSSL_AESNI
    #ifdef HAVE_INTEL_AVX2
    if (IS_INTEL_AVX2(intel_flags)) {
+        SAVE_VECTOR_REGISTERS();
        AES_GCM_decrypt_avx2(in, out, authIn, iv, authTag, sz, authInSz, ivSz,
                                 authTagSz, (byte*)aes->key, aes->rounds, &res);
+        RESTORE_VECTOR_REGISTERS();
        if (res == 0)
            return AES_GCM_AUTH_E;
        return 0;
@@ -6737,8 +6745,10 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
    #endif
    #ifdef HAVE_INTEL_AVX1
    if (IS_INTEL_AVX1(intel_flags)) {
+        SAVE_VECTOR_REGISTERS();
        AES_GCM_decrypt_avx1(in, out, authIn, iv, authTag, sz, authInSz, ivSz,
                                 authTagSz, (byte*)aes->key, aes->rounds, &res);
+        RESTORE_VECTOR_REGISTERS();
        if (res == 0)
            return AES_GCM_AUTH_E;
        return 0;
@@ -6746,8 +6756,10 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
    else
    #endif
    if (haveAESNI) {
+        SAVE_VECTOR_REGISTERS();
        AES_GCM_decrypt(in, out, authIn, iv, authTag, sz, authInSz, ivSz,
                                 authTagSz, (byte*)aes->key, aes->rounds, &res);
+        RESTORE_VECTOR_REGISTERS();
        if (res == 0)
            return AES_GCM_AUTH_E;
        return 0;
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -88,6 +88,7 @@
    #endif
    #include <linux/net.h>
    #include <linux/slab.h>
+    #include <asm/simd.h>
    _Pragma("GCC diagnostic pop");

    /* remove this multifariously conflicting macro, picked up from
@@ -114,7 +115,16 @@
    #define XSNPRINTF snprintf /* needed to suppress inclusion of stdio.h in wolfssl/wolfcrypt/types.h */
    /* the rigmarole around kstrtol() here is to accommodate its warn-unused-result attribute. */
    #define XATOI(s) ({ long _xatoi_res = 0; int _xatoi_ret = kstrtol(s, 10, &_xatoi_res); if (_xatoi_ret != 0) { _xatoi_res = 0; } (int)_xatoi_res; })
-#endif
+
+    #define SAVE_VECTOR_REGISTERS() kernel_fpu_begin()
+    #define RESTORE_VECTOR_REGISTERS() kernel_fpu_end()
+
+#else /* ! WOLFSSL_LINUXKM */
+
+    #define SAVE_VECTOR_REGISTERS()
+    #define RESTORE_VECTOR_REGISTERS()
+
+#endif /* WOLFSSL_LINUXKM */

 /* THREADING/MUTEX SECTION */
 #ifdef USE_WINDOWS_API