diff --git a/sys/conf/files.powerpc b/sys/conf/files.powerpc --- a/sys/conf/files.powerpc +++ b/sys/conf/files.powerpc @@ -20,6 +20,49 @@ contrib/openzfs/module/icp/asm-ppc64/sha2/sha256-ppc.S optional zfs compile-with "${ZFS_S}" contrib/openzfs/module/icp/asm-ppc64/sha2/sha512-ppc.S optional zfs compile-with "${ZFS_S}" +# openssl ppc common files +crypto/openssl/ossl_ppc.c optional ossl powerpc64 | ossl powerpc64le + +# openssl assembly files (powerpc64le) +crypto/openssl/powerpc64le/aes-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/aesp8-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/chacha-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/ecp_nistz256-ppc64.S optional ossl powerpc64le +crypto/openssl/powerpc64le/ghashp8-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/keccak1600-ppc64.S optional ossl powerpc64le +crypto/openssl/powerpc64le/poly1305-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/poly1305-ppcfp.S optional ossl powerpc64le +crypto/openssl/powerpc64le/ppc-mont.S optional ossl powerpc64le +crypto/openssl/powerpc64le/ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/ppccpuid.S optional ossl powerpc64le +crypto/openssl/powerpc64le/sha1-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/sha256-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/sha256p8-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/sha512-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/sha512p8-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/vpaes-ppc.S optional ossl powerpc64le +crypto/openssl/powerpc64le/x25519-ppc64.S optional ossl powerpc64le + +# openssl assembly files (powerpc64) +crypto/openssl/powerpc64/aes-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/aesp8-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/chacha-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/ecp_nistz256-ppc64.S optional ossl powerpc64 +crypto/openssl/powerpc64/ghashp8-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/keccak1600-ppc64.S optional ossl powerpc64 +crypto/openssl/powerpc64/poly1305-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/poly1305-ppcfp.S optional ossl powerpc64 +crypto/openssl/powerpc64/ppc-mont.S optional ossl powerpc64 +crypto/openssl/powerpc64/ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/ppccpuid.S optional ossl powerpc64 +crypto/openssl/powerpc64/sha1-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/sha256-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/sha256p8-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/sha512-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/sha512p8-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/vpaes-ppc.S optional ossl powerpc64 +crypto/openssl/powerpc64/x25519-ppc64.S optional ossl powerpc64 + cddl/compat/opensolaris/kern/opensolaris_atomic.c optional zfs powerpc | dtrace powerpc | zfs powerpcspe | dtrace powerpcspe compile-with "${ZFS_C}" cddl/dev/dtrace/powerpc/dtrace_asm.S optional dtrace compile-with "${DTRACE_S}" cddl/dev/dtrace/powerpc/dtrace_subr.c optional dtrace compile-with "${DTRACE_C}" diff --git a/sys/crypto/openssl/ossl_aes.c b/sys/crypto/openssl/ossl_aes.c --- a/sys/crypto/openssl/ossl_aes.c +++ b/sys/crypto/openssl/ossl_aes.c @@ -41,6 +41,10 @@ #include #elif defined (__arm__) #include +#elif defined (__powerpc64__) +#include +#else +#error "Unsupported architecture!" #endif static ossl_cipher_process_t ossl_aes_cbc; diff --git a/sys/crypto/openssl/ossl_ppc.h b/sys/crypto/openssl/ossl_ppc.h new file mode 100644 --- /dev/null +++ b/sys/crypto/openssl/ossl_ppc.h @@ -0,0 +1,45 @@ +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef __OSSL_PPC__ +#define __OSSL_PPC__ + +#include +#include + +extern unsigned int OPENSSL_ppccap_P; + +/* + * Flags' usage can appear ambiguous, because they are set rather + * to reflect OpenSSL performance preferences than actual processor + * capabilities. + */ +# define PPC_FPU64 (1<<0) +# define PPC_ALTIVEC (1<<1) +# define PPC_CRYPTO207 (1<<2) +# define PPC_FPU (1<<3) +# define PPC_MADD300 (1<<4) +# define PPC_MFTB (1<<5) +# define PPC_MFSPR268 (1<<6) + +/* aesp8-ppc.S */ +ossl_cipher_encrypt_t aes_p8_cbc_encrypt; +/* vpaes-ppc.S */ +ossl_cipher_encrypt_t vpaes_cbc_encrypt; + +static void +AES_CBC_ENCRYPT(const unsigned char *in, unsigned char *out, + size_t length, const void *key, unsigned char *iv, int encrypt) +{ + if (OPENSSL_ppccap_P & PPC_CRYPTO207) + aes_p8_cbc_encrypt(in, out, length, key, iv, encrypt); + else + vpaes_cbc_encrypt(in, out, length, key, iv, encrypt); +} +#endif diff --git a/sys/crypto/openssl/ossl_ppc.c b/sys/crypto/openssl/ossl_ppc.c new file mode 100644 --- /dev/null +++ b/sys/crypto/openssl/ossl_ppc.c @@ -0,0 +1,154 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2023 Raptor Engineering, LLC + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +#include + +#include +#include +#include + +unsigned int OPENSSL_ppccap_P = 0; + +ossl_cipher_setkey_t aes_p8_set_encrypt_key; +ossl_cipher_setkey_t aes_p8_set_decrypt_key; +ossl_cipher_setkey_t vpaes_set_encrypt_key; +ossl_cipher_setkey_t vpaes_set_decrypt_key; + +void +ossl_cpuid(struct ossl_softc *sc) +{ + if (cpu_features2 & PPC_FEATURE2_HAS_VEC_CRYPTO) { + OPENSSL_ppccap_P |= PPC_CRYPTO207; + } + + if (cpu_features2 & PPC_FEATURE2_ARCH_3_00) { + OPENSSL_ppccap_P |= PPC_MADD300; + } + + if (cpu_features & PPC_FEATURE_64) { + OPENSSL_ppccap_P |= PPC_MFTB; + } else { + OPENSSL_ppccap_P |= PPC_MFSPR268; + } + + if (cpu_features & PPC_FEATURE_HAS_FPU) { + OPENSSL_ppccap_P |= PPC_FPU; + + if (cpu_features & PPC_FEATURE_64) { + OPENSSL_ppccap_P |= PPC_FPU64; + } + } + + if (cpu_features & PPC_FEATURE_HAS_ALTIVEC) { + OPENSSL_ppccap_P |= PPC_ALTIVEC; + } + + /* Pick P8 crypto if available, otherwise fall back to altivec */ + if (OPENSSL_ppccap_P & PPC_CRYPTO207) { + ossl_cipher_aes_cbc.set_encrypt_key = aes_p8_set_encrypt_key; + ossl_cipher_aes_cbc.set_decrypt_key = aes_p8_set_decrypt_key; + sc->has_aes = true; + } else if (OPENSSL_ppccap_P & PPC_ALTIVEC) { + ossl_cipher_aes_cbc.set_encrypt_key = vpaes_set_encrypt_key; + ossl_cipher_aes_cbc.set_decrypt_key = vpaes_set_decrypt_key; + sc->has_aes = true; + } +} + +/* + * The following trivial wrapper functions were copied from OpenSSL 1.1.1v's + * crypto/ppccap.c. + */ + +void sha256_block_p8(void *ctx, const void *inp, size_t len); +void sha256_block_ppc(void *ctx, const void *inp, size_t len); +void sha256_block_data_order(void *ctx, const void *inp, size_t len); +void sha256_block_data_order(void *ctx, const void *inp, size_t len) +{ + OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) : + sha256_block_ppc(ctx, inp, len); +} + +void sha512_block_p8(void *ctx, const void *inp, size_t len); +void sha512_block_ppc(void *ctx, const void *inp, size_t len); +void sha512_block_data_order(void *ctx, const void *inp, size_t len); +void sha512_block_data_order(void *ctx, const void *inp, size_t len) +{ + OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) : + sha512_block_ppc(ctx, inp, len); +} + +void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); +void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); +void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); +void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]); +void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, + size_t len, const unsigned int key[8], + const unsigned int counter[4]) +{ + OPENSSL_ppccap_P & PPC_CRYPTO207 + ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) + : OPENSSL_ppccap_P & PPC_ALTIVEC + ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) + : ChaCha20_ctr32_int(out, inp, len, key, counter); +} + +void poly1305_init_int(void *ctx, const unsigned char key[16]); +void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, + unsigned int padbit); +void poly1305_emit(void *ctx, unsigned char mac[16], + const unsigned int nonce[4]); +void poly1305_init_fpu(void *ctx, const unsigned char key[16]); +void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len, + unsigned int padbit); +void poly1305_emit_fpu(void *ctx, unsigned char mac[16], + const unsigned int nonce[4]); +int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]); +int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]) +{ + if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) { + poly1305_init_fpu(ctx, key); + func[0] = (void*)(uintptr_t)poly1305_blocks_fpu; + func[1] = (void*)(uintptr_t)poly1305_emit_fpu; + } else { + poly1305_init_int(ctx, key); + func[0] = (void*)(uintptr_t)poly1305_blocks; + func[1] = (void*)(uintptr_t)poly1305_emit; + } + return 1; +} diff --git a/sys/modules/Makefile b/sys/modules/Makefile --- a/sys/modules/Makefile +++ b/sys/modules/Makefile @@ -571,7 +571,8 @@ .endif .if ${MACHINE_CPUARCH} == "aarch64" || ${MACHINE_CPUARCH} == "amd64" || \ - ${MACHINE_CPUARCH} == "i386" || ${MACHINE_ARCH} == "armv7" + ${MACHINE_CPUARCH} == "i386" || ${MACHINE_ARCH} == "armv7" || \ + ${MACHINE_ARCH:Mpowerpc64*} != "" _ossl= ossl .endif diff --git a/sys/modules/ossl/Makefile b/sys/modules/ossl/Makefile --- a/sys/modules/ossl/Makefile +++ b/sys/modules/ossl/Makefile @@ -59,6 +59,48 @@ sha512-586.S \ ossl_x86.c +SRCS.powerpc64le= \ + ossl_ppccap.c \ + aes-ppc.S \ + aesp8-ppc.S \ + chacha-ppc.S \ + ecp_nistz256-ppc64.S \ + ghashp8-ppc.S \ + keccak1600-ppc64.S \ + poly1305-ppc.S \ + poly1305-ppcfp.S \ + ppc-mont.S \ + ppc.S \ + ppccpuid.S \ + sha1-ppc.S \ + sha256-ppc.S \ + sha256p8-ppc.S \ + sha512-ppc.S \ + sha512p8-ppc.S \ + vpaes-ppc.S \ + x25519-ppc64.S + +SRCS.powerpc64= \ + ossl_ppccap.c \ + aes-ppc.S \ + aesp8-ppc.S \ + chacha-ppc.S \ + ecp_nistz256-ppc64.S \ + ghashp8-ppc.S \ + keccak1600-ppc64.S \ + poly1305-ppc.S \ + poly1305-ppcfp.S \ + ppc-mont.S \ + ppc.S \ + ppccpuid.S \ + sha1-ppc.S \ + sha256-ppc.S \ + sha256p8-ppc.S \ + sha512-ppc.S \ + sha512p8-ppc.S \ + vpaes-ppc.S \ + x25519-ppc64.S + CFLAGS.bsaes-armv7.S+= -D__KERNEL__ CFLAGS+= -I${SRCTOP}/sys/crypto/openssl diff --git a/sys/powerpc/conf/GENERIC64 b/sys/powerpc/conf/GENERIC64 --- a/sys/powerpc/conf/GENERIC64 +++ b/sys/powerpc/conf/GENERIC64 @@ -199,6 +199,7 @@ # Pseudo devices. device crypto # core crypto support +device ossl # OpenSSL OpenCrypto module device loop # Network loopback device ether # Ethernet support device vlan # 802.1Q VLAN support diff --git a/sys/powerpc/conf/GENERIC64LE b/sys/powerpc/conf/GENERIC64LE --- a/sys/powerpc/conf/GENERIC64LE +++ b/sys/powerpc/conf/GENERIC64LE @@ -195,6 +195,7 @@ # Pseudo devices. device crypto # core crypto support +device ossl # OpenSSL OpenCrypto module device loop # Network loopback device ether # Ethernet support device vlan # 802.1Q VLAN support