Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
[cris-mirror.git] / arch / x86 / crypto / poly1305_glue.c
blob790377797544b414f5ba86b22a227e51d5f4cd3a
1 /*
2 * Poly1305 authenticator algorithm, RFC7539, SIMD glue code
4 * Copyright (C) 2015 Martin Willi
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
12 #include <crypto/algapi.h>
13 #include <crypto/internal/hash.h>
14 #include <crypto/poly1305.h>
15 #include <linux/crypto.h>
16 #include <linux/kernel.h>
17 #include <linux/module.h>
18 #include <asm/fpu/api.h>
19 #include <asm/simd.h>
21 struct poly1305_simd_desc_ctx {
22 struct poly1305_desc_ctx base;
23 /* derived key u set? */
24 bool uset;
25 #ifdef CONFIG_AS_AVX2
26 /* derived keys r^3, r^4 set? */
27 bool wset;
28 #endif
29 /* derived Poly1305 key r^2 */
30 u32 u[5];
31 /* ... silently appended r^3 and r^4 when using AVX2 */
34 asmlinkage void poly1305_block_sse2(u32 *h, const u8 *src,
35 const u32 *r, unsigned int blocks);
36 asmlinkage void poly1305_2block_sse2(u32 *h, const u8 *src, const u32 *r,
37 unsigned int blocks, const u32 *u);
38 #ifdef CONFIG_AS_AVX2
39 asmlinkage void poly1305_4block_avx2(u32 *h, const u8 *src, const u32 *r,
40 unsigned int blocks, const u32 *u);
41 static bool poly1305_use_avx2;
42 #endif
44 static int poly1305_simd_init(struct shash_desc *desc)
46 struct poly1305_simd_desc_ctx *sctx = shash_desc_ctx(desc);
48 sctx->uset = false;
49 #ifdef CONFIG_AS_AVX2
50 sctx->wset = false;
51 #endif
53 return crypto_poly1305_init(desc);
56 static void poly1305_simd_mult(u32 *a, const u32 *b)
58 u8 m[POLY1305_BLOCK_SIZE];
60 memset(m, 0, sizeof(m));
61 /* The poly1305 block function adds a hi-bit to the accumulator which
62 * we don't need for key multiplication; compensate for it. */
63 a[4] -= 1 << 24;
64 poly1305_block_sse2(a, m, b, 1);
67 static unsigned int poly1305_simd_blocks(struct poly1305_desc_ctx *dctx,
68 const u8 *src, unsigned int srclen)
70 struct poly1305_simd_desc_ctx *sctx;
71 unsigned int blocks, datalen;
73 BUILD_BUG_ON(offsetof(struct poly1305_simd_desc_ctx, base));
74 sctx = container_of(dctx, struct poly1305_simd_desc_ctx, base);
76 if (unlikely(!dctx->sset)) {
77 datalen = crypto_poly1305_setdesckey(dctx, src, srclen);
78 src += srclen - datalen;
79 srclen = datalen;
82 #ifdef CONFIG_AS_AVX2
83 if (poly1305_use_avx2 && srclen >= POLY1305_BLOCK_SIZE * 4) {
84 if (unlikely(!sctx->wset)) {
85 if (!sctx->uset) {
86 memcpy(sctx->u, dctx->r, sizeof(sctx->u));
87 poly1305_simd_mult(sctx->u, dctx->r);
88 sctx->uset = true;
90 memcpy(sctx->u + 5, sctx->u, sizeof(sctx->u));
91 poly1305_simd_mult(sctx->u + 5, dctx->r);
92 memcpy(sctx->u + 10, sctx->u + 5, sizeof(sctx->u));
93 poly1305_simd_mult(sctx->u + 10, dctx->r);
94 sctx->wset = true;
96 blocks = srclen / (POLY1305_BLOCK_SIZE * 4);
97 poly1305_4block_avx2(dctx->h, src, dctx->r, blocks, sctx->u);
98 src += POLY1305_BLOCK_SIZE * 4 * blocks;
99 srclen -= POLY1305_BLOCK_SIZE * 4 * blocks;
101 #endif
102 if (likely(srclen >= POLY1305_BLOCK_SIZE * 2)) {
103 if (unlikely(!sctx->uset)) {
104 memcpy(sctx->u, dctx->r, sizeof(sctx->u));
105 poly1305_simd_mult(sctx->u, dctx->r);
106 sctx->uset = true;
108 blocks = srclen / (POLY1305_BLOCK_SIZE * 2);
109 poly1305_2block_sse2(dctx->h, src, dctx->r, blocks, sctx->u);
110 src += POLY1305_BLOCK_SIZE * 2 * blocks;
111 srclen -= POLY1305_BLOCK_SIZE * 2 * blocks;
113 if (srclen >= POLY1305_BLOCK_SIZE) {
114 poly1305_block_sse2(dctx->h, src, dctx->r, 1);
115 srclen -= POLY1305_BLOCK_SIZE;
117 return srclen;
120 static int poly1305_simd_update(struct shash_desc *desc,
121 const u8 *src, unsigned int srclen)
123 struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
124 unsigned int bytes;
126 /* kernel_fpu_begin/end is costly, use fallback for small updates */
127 if (srclen <= 288 || !may_use_simd())
128 return crypto_poly1305_update(desc, src, srclen);
130 kernel_fpu_begin();
132 if (unlikely(dctx->buflen)) {
133 bytes = min(srclen, POLY1305_BLOCK_SIZE - dctx->buflen);
134 memcpy(dctx->buf + dctx->buflen, src, bytes);
135 src += bytes;
136 srclen -= bytes;
137 dctx->buflen += bytes;
139 if (dctx->buflen == POLY1305_BLOCK_SIZE) {
140 poly1305_simd_blocks(dctx, dctx->buf,
141 POLY1305_BLOCK_SIZE);
142 dctx->buflen = 0;
146 if (likely(srclen >= POLY1305_BLOCK_SIZE)) {
147 bytes = poly1305_simd_blocks(dctx, src, srclen);
148 src += srclen - bytes;
149 srclen = bytes;
152 kernel_fpu_end();
154 if (unlikely(srclen)) {
155 dctx->buflen = srclen;
156 memcpy(dctx->buf, src, srclen);
159 return 0;
162 static struct shash_alg alg = {
163 .digestsize = POLY1305_DIGEST_SIZE,
164 .init = poly1305_simd_init,
165 .update = poly1305_simd_update,
166 .final = crypto_poly1305_final,
167 .descsize = sizeof(struct poly1305_simd_desc_ctx),
168 .base = {
169 .cra_name = "poly1305",
170 .cra_driver_name = "poly1305-simd",
171 .cra_priority = 300,
172 .cra_flags = CRYPTO_ALG_TYPE_SHASH,
173 .cra_blocksize = POLY1305_BLOCK_SIZE,
174 .cra_module = THIS_MODULE,
178 static int __init poly1305_simd_mod_init(void)
180 if (!boot_cpu_has(X86_FEATURE_XMM2))
181 return -ENODEV;
183 #ifdef CONFIG_AS_AVX2
184 poly1305_use_avx2 = boot_cpu_has(X86_FEATURE_AVX) &&
185 boot_cpu_has(X86_FEATURE_AVX2) &&
186 cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, NULL);
187 alg.descsize = sizeof(struct poly1305_simd_desc_ctx);
188 if (poly1305_use_avx2)
189 alg.descsize += 10 * sizeof(u32);
190 #endif
191 return crypto_register_shash(&alg);
194 static void __exit poly1305_simd_mod_exit(void)
196 crypto_unregister_shash(&alg);
199 module_init(poly1305_simd_mod_init);
200 module_exit(poly1305_simd_mod_exit);
202 MODULE_LICENSE("GPL");
203 MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");
204 MODULE_DESCRIPTION("Poly1305 authenticator");
205 MODULE_ALIAS_CRYPTO("poly1305");
206 MODULE_ALIAS_CRYPTO("poly1305-simd");