search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
WIP FPC-III support
[linux/fpc-iii.git] / drivers / crypto / vmx / ghash.c
blob14807ac2e3b9f0dea9399a172cebda9adaa62879
1 // SPDX-License-Identifier: GPL-2.0
2 /**
3 * GHASH routines supporting VMX instructions on the Power 8
4 *
5 * Copyright (C) 2015, 2019 International Business Machines Inc.
6 *
7 * Author: Marcelo Henrique Cerri <mhcerri@br.ibm.com>
8 *
9 * Extended by Daniel Axtens <dja@axtens.net> to replace the fallback
10 * mechanism. The new approach is based on arm64 code, which is:
11 * Copyright (C) 2014 - 2018 Linaro Ltd. <ard.biesheuvel@linaro.org>
12 */
13
14 #include <linux/types.h>
15 #include <linux/err.h>
16 #include <linux/crypto.h>
17 #include <linux/delay.h>
18 #include <asm/simd.h>
19 #include <asm/switch_to.h>
20 #include <crypto/aes.h>
21 #include <crypto/ghash.h>
22 #include <crypto/scatterwalk.h>
23 #include <crypto/internal/hash.h>
24 #include <crypto/internal/simd.h>
25 #include <crypto/b128ops.h>
26
27 void gcm_init_p8(u128 htable[16], const u64 Xi[2]);
28 void gcm_gmult_p8(u64 Xi[2], const u128 htable[16]);
29 void gcm_ghash_p8(u64 Xi[2], const u128 htable[16],
30 const u8 *in, size_t len);
31
32 struct p8_ghash_ctx {
33 /* key used by vector asm */
34 u128 htable[16];
35 /* key used by software fallback */
36 be128 key;
37 };
38
39 struct p8_ghash_desc_ctx {
40 u64 shash[2];
41 u8 buffer[GHASH_DIGEST_SIZE];
42 int bytes;
43 };
44
45 static int p8_ghash_init(struct shash_desc *desc)
46 {
47 struct p8_ghash_desc_ctx *dctx = shash_desc_ctx(desc);
48
49 dctx->bytes = 0;
50 memset(dctx->shash, 0, GHASH_DIGEST_SIZE);
51 return 0;
52 }
53
54 static int p8_ghash_setkey(struct crypto_shash *tfm, const u8 *key,
55 unsigned int keylen)
56 {
57 struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(tfm));
58
59 if (keylen != GHASH_BLOCK_SIZE)
60 return -EINVAL;
61
62 preempt_disable();
63 pagefault_disable();
64 enable_kernel_vsx();
65 gcm_init_p8(ctx->htable, (const u64 *) key);
66 disable_kernel_vsx();
67 pagefault_enable();
68 preempt_enable();
69
70 memcpy(&ctx->key, key, GHASH_BLOCK_SIZE);
71
72 return 0;
73 }
74
75 static inline void __ghash_block(struct p8_ghash_ctx *ctx,
76 struct p8_ghash_desc_ctx *dctx)
77 {
78 if (crypto_simd_usable()) {
79 preempt_disable();
80 pagefault_disable();
81 enable_kernel_vsx();
82 gcm_ghash_p8(dctx->shash, ctx->htable,
83 dctx->buffer, GHASH_DIGEST_SIZE);
84 disable_kernel_vsx();
85 pagefault_enable();
86 preempt_enable();
87 } else {
88 crypto_xor((u8 *)dctx->shash, dctx->buffer, GHASH_BLOCK_SIZE);
89 gf128mul_lle((be128 *)dctx->shash, &ctx->key);
90 }
91 }
92
93 static inline void __ghash_blocks(struct p8_ghash_ctx *ctx,
94 struct p8_ghash_desc_ctx *dctx,
95 const u8 *src, unsigned int srclen)
96 {
97 if (crypto_simd_usable()) {
98 preempt_disable();
99 pagefault_disable();
100 enable_kernel_vsx();
101 gcm_ghash_p8(dctx->shash, ctx->htable,
102 src, srclen);
103 disable_kernel_vsx();
104 pagefault_enable();
105 preempt_enable();
106 } else {
107 while (srclen >= GHASH_BLOCK_SIZE) {
108 crypto_xor((u8 *)dctx->shash, src, GHASH_BLOCK_SIZE);
109 gf128mul_lle((be128 *)dctx->shash, &ctx->key);
110 srclen -= GHASH_BLOCK_SIZE;
111 src += GHASH_BLOCK_SIZE;
112 }
113 }
114 }
115
116 static int p8_ghash_update(struct shash_desc *desc,
117 const u8 *src, unsigned int srclen)
118 {
119 unsigned int len;
120 struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(desc->tfm));
121 struct p8_ghash_desc_ctx *dctx = shash_desc_ctx(desc);
122
123 if (dctx->bytes) {
124 if (dctx->bytes + srclen < GHASH_DIGEST_SIZE) {
125 memcpy(dctx->buffer + dctx->bytes, src,
126 srclen);
127 dctx->bytes += srclen;
128 return 0;
129 }
130 memcpy(dctx->buffer + dctx->bytes, src,
131 GHASH_DIGEST_SIZE - dctx->bytes);
132
133 __ghash_block(ctx, dctx);
134
135 src += GHASH_DIGEST_SIZE - dctx->bytes;
136 srclen -= GHASH_DIGEST_SIZE - dctx->bytes;
137 dctx->bytes = 0;
138 }
139 len = srclen & ~(GHASH_DIGEST_SIZE - 1);
140 if (len) {
141 __ghash_blocks(ctx, dctx, src, len);
142 src += len;
143 srclen -= len;
144 }
145 if (srclen) {
146 memcpy(dctx->buffer, src, srclen);
147 dctx->bytes = srclen;
148 }
149 return 0;
150 }
151
152 static int p8_ghash_final(struct shash_desc *desc, u8 *out)
153 {
154 int i;
155 struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(desc->tfm));
156 struct p8_ghash_desc_ctx *dctx = shash_desc_ctx(desc);
157
158 if (dctx->bytes) {
159 for (i = dctx->bytes; i < GHASH_DIGEST_SIZE; i++)
160 dctx->buffer[i] = 0;
161 __ghash_block(ctx, dctx);
162 dctx->bytes = 0;
163 }
164 memcpy(out, dctx->shash, GHASH_DIGEST_SIZE);
165 return 0;
166 }
167
168 struct shash_alg p8_ghash_alg = {
169 .digestsize = GHASH_DIGEST_SIZE,
170 .init = p8_ghash_init,
171 .update = p8_ghash_update,
172 .final = p8_ghash_final,
173 .setkey = p8_ghash_setkey,
174 .descsize = sizeof(struct p8_ghash_desc_ctx)
175 + sizeof(struct ghash_desc_ctx),
176 .base = {
177 .cra_name = "ghash",
178 .cra_driver_name = "p8_ghash",
179 .cra_priority = 1000,
180 .cra_blocksize = GHASH_BLOCK_SIZE,
181 .cra_ctxsize = sizeof(struct p8_ghash_ctx),
182 .cra_module = THIS_MODULE,
183 },
184 };
Linux with added FPC-III support