x86/crypto/nhpoly1305-avx2-glue.c

8c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0
8c2ecf20Sopenharmony_ci/*
8c2ecf20Sopenharmony_ci * NHPoly1305 - ε-almost-∆-universal hash function for Adiantum
8c2ecf20Sopenharmony_ci * (AVX2 accelerated version)
8c2ecf20Sopenharmony_ci *
8c2ecf20Sopenharmony_ci * Copyright 2018 Google LLC
8c2ecf20Sopenharmony_ci */
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_ci#include <crypto/internal/hash.h>
8c2ecf20Sopenharmony_ci#include <crypto/internal/simd.h>
8c2ecf20Sopenharmony_ci#include <crypto/nhpoly1305.h>
8c2ecf20Sopenharmony_ci#include <linux/module.h>
8c2ecf20Sopenharmony_ci#include <linux/sizes.h>
8c2ecf20Sopenharmony_ci#include <asm/simd.h>
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_ciasmlinkage void nh_avx2(const u32 *key, const u8 *message, size_t message_len,
8c2ecf20Sopenharmony_ci			u8 hash[NH_HASH_BYTES]);
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_ci/* wrapper to avoid indirect call to assembly, which doesn't work with CFI */
8c2ecf20Sopenharmony_cistatic void _nh_avx2(const u32 *key, const u8 *message, size_t message_len,
8c2ecf20Sopenharmony_ci		     __le64 hash[NH_NUM_PASSES])
8c2ecf20Sopenharmony_ci{
8c2ecf20Sopenharmony_ci	nh_avx2(key, message, message_len, (u8 *)hash);
8c2ecf20Sopenharmony_ci}
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_cistatic int nhpoly1305_avx2_update(struct shash_desc *desc,
8c2ecf20Sopenharmony_ci				  const u8 *src, unsigned int srclen)
8c2ecf20Sopenharmony_ci{
8c2ecf20Sopenharmony_ci	if (srclen < 64 || !crypto_simd_usable())
8c2ecf20Sopenharmony_ci		return crypto_nhpoly1305_update(desc, src, srclen);
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_ci	do {
8c2ecf20Sopenharmony_ci		unsigned int n = min_t(unsigned int, srclen, SZ_4K);
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_ci		kernel_fpu_begin();
8c2ecf20Sopenharmony_ci		crypto_nhpoly1305_update_helper(desc, src, n, _nh_avx2);
8c2ecf20Sopenharmony_ci		kernel_fpu_end();
8c2ecf20Sopenharmony_ci		src += n;
8c2ecf20Sopenharmony_ci		srclen -= n;
8c2ecf20Sopenharmony_ci	} while (srclen);
8c2ecf20Sopenharmony_ci	return 0;
8c2ecf20Sopenharmony_ci}
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_cistatic struct shash_alg nhpoly1305_alg = {
8c2ecf20Sopenharmony_ci	.base.cra_name		= "nhpoly1305",
8c2ecf20Sopenharmony_ci	.base.cra_driver_name	= "nhpoly1305-avx2",
8c2ecf20Sopenharmony_ci	.base.cra_priority	= 300,
8c2ecf20Sopenharmony_ci	.base.cra_ctxsize	= sizeof(struct nhpoly1305_key),
8c2ecf20Sopenharmony_ci	.base.cra_module	= THIS_MODULE,
8c2ecf20Sopenharmony_ci	.digestsize		= POLY1305_DIGEST_SIZE,
8c2ecf20Sopenharmony_ci	.init			= crypto_nhpoly1305_init,
8c2ecf20Sopenharmony_ci	.update			= nhpoly1305_avx2_update,
8c2ecf20Sopenharmony_ci	.final			= crypto_nhpoly1305_final,
8c2ecf20Sopenharmony_ci	.setkey			= crypto_nhpoly1305_setkey,
8c2ecf20Sopenharmony_ci	.descsize		= sizeof(struct nhpoly1305_state),
8c2ecf20Sopenharmony_ci};
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_cistatic int __init nhpoly1305_mod_init(void)
8c2ecf20Sopenharmony_ci{
8c2ecf20Sopenharmony_ci	if (!boot_cpu_has(X86_FEATURE_AVX2) ||
8c2ecf20Sopenharmony_ci	    !boot_cpu_has(X86_FEATURE_OSXSAVE))
8c2ecf20Sopenharmony_ci		return -ENODEV;
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_ci	return crypto_register_shash(&nhpoly1305_alg);
8c2ecf20Sopenharmony_ci}
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_cistatic void __exit nhpoly1305_mod_exit(void)
8c2ecf20Sopenharmony_ci{
8c2ecf20Sopenharmony_ci	crypto_unregister_shash(&nhpoly1305_alg);
8c2ecf20Sopenharmony_ci}
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_cimodule_init(nhpoly1305_mod_init);
8c2ecf20Sopenharmony_cimodule_exit(nhpoly1305_mod_exit);
8c2ecf20Sopenharmony_ci
8c2ecf20Sopenharmony_ciMODULE_DESCRIPTION("NHPoly1305 ε-almost-∆-universal hash function (AVX2-accelerated)");
8c2ecf20Sopenharmony_ciMODULE_LICENSE("GPL v2");
8c2ecf20Sopenharmony_ciMODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
8c2ecf20Sopenharmony_ciMODULE_ALIAS_CRYPTO("nhpoly1305");
8c2ecf20Sopenharmony_ciMODULE_ALIAS_CRYPTO("nhpoly1305-avx2");