1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * NHPoly1305 - ε-almost-∆-universal hash function for Adiantum
4*4882a593Smuzhiyun * (AVX2 accelerated version)
5*4882a593Smuzhiyun *
6*4882a593Smuzhiyun * Copyright 2018 Google LLC
7*4882a593Smuzhiyun */
8*4882a593Smuzhiyun
9*4882a593Smuzhiyun #include <crypto/internal/hash.h>
10*4882a593Smuzhiyun #include <crypto/internal/simd.h>
11*4882a593Smuzhiyun #include <crypto/nhpoly1305.h>
12*4882a593Smuzhiyun #include <linux/module.h>
13*4882a593Smuzhiyun #include <linux/sizes.h>
14*4882a593Smuzhiyun #include <asm/simd.h>
15*4882a593Smuzhiyun
16*4882a593Smuzhiyun asmlinkage void nh_avx2(const u32 *key, const u8 *message, size_t message_len,
17*4882a593Smuzhiyun u8 hash[NH_HASH_BYTES]);
18*4882a593Smuzhiyun
19*4882a593Smuzhiyun /* wrapper to avoid indirect call to assembly, which doesn't work with CFI */
_nh_avx2(const u32 * key,const u8 * message,size_t message_len,__le64 hash[NH_NUM_PASSES])20*4882a593Smuzhiyun static void _nh_avx2(const u32 *key, const u8 *message, size_t message_len,
21*4882a593Smuzhiyun __le64 hash[NH_NUM_PASSES])
22*4882a593Smuzhiyun {
23*4882a593Smuzhiyun nh_avx2(key, message, message_len, (u8 *)hash);
24*4882a593Smuzhiyun }
25*4882a593Smuzhiyun
nhpoly1305_avx2_update(struct shash_desc * desc,const u8 * src,unsigned int srclen)26*4882a593Smuzhiyun static int nhpoly1305_avx2_update(struct shash_desc *desc,
27*4882a593Smuzhiyun const u8 *src, unsigned int srclen)
28*4882a593Smuzhiyun {
29*4882a593Smuzhiyun if (srclen < 64 || !crypto_simd_usable())
30*4882a593Smuzhiyun return crypto_nhpoly1305_update(desc, src, srclen);
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun do {
33*4882a593Smuzhiyun unsigned int n = min_t(unsigned int, srclen, SZ_4K);
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun kernel_fpu_begin();
36*4882a593Smuzhiyun crypto_nhpoly1305_update_helper(desc, src, n, _nh_avx2);
37*4882a593Smuzhiyun kernel_fpu_end();
38*4882a593Smuzhiyun src += n;
39*4882a593Smuzhiyun srclen -= n;
40*4882a593Smuzhiyun } while (srclen);
41*4882a593Smuzhiyun return 0;
42*4882a593Smuzhiyun }
43*4882a593Smuzhiyun
44*4882a593Smuzhiyun static struct shash_alg nhpoly1305_alg = {
45*4882a593Smuzhiyun .base.cra_name = "nhpoly1305",
46*4882a593Smuzhiyun .base.cra_driver_name = "nhpoly1305-avx2",
47*4882a593Smuzhiyun .base.cra_priority = 300,
48*4882a593Smuzhiyun .base.cra_ctxsize = sizeof(struct nhpoly1305_key),
49*4882a593Smuzhiyun .base.cra_module = THIS_MODULE,
50*4882a593Smuzhiyun .digestsize = POLY1305_DIGEST_SIZE,
51*4882a593Smuzhiyun .init = crypto_nhpoly1305_init,
52*4882a593Smuzhiyun .update = nhpoly1305_avx2_update,
53*4882a593Smuzhiyun .final = crypto_nhpoly1305_final,
54*4882a593Smuzhiyun .setkey = crypto_nhpoly1305_setkey,
55*4882a593Smuzhiyun .descsize = sizeof(struct nhpoly1305_state),
56*4882a593Smuzhiyun };
57*4882a593Smuzhiyun
nhpoly1305_mod_init(void)58*4882a593Smuzhiyun static int __init nhpoly1305_mod_init(void)
59*4882a593Smuzhiyun {
60*4882a593Smuzhiyun if (!boot_cpu_has(X86_FEATURE_AVX2) ||
61*4882a593Smuzhiyun !boot_cpu_has(X86_FEATURE_OSXSAVE))
62*4882a593Smuzhiyun return -ENODEV;
63*4882a593Smuzhiyun
64*4882a593Smuzhiyun return crypto_register_shash(&nhpoly1305_alg);
65*4882a593Smuzhiyun }
66*4882a593Smuzhiyun
nhpoly1305_mod_exit(void)67*4882a593Smuzhiyun static void __exit nhpoly1305_mod_exit(void)
68*4882a593Smuzhiyun {
69*4882a593Smuzhiyun crypto_unregister_shash(&nhpoly1305_alg);
70*4882a593Smuzhiyun }
71*4882a593Smuzhiyun
72*4882a593Smuzhiyun module_init(nhpoly1305_mod_init);
73*4882a593Smuzhiyun module_exit(nhpoly1305_mod_exit);
74*4882a593Smuzhiyun
75*4882a593Smuzhiyun MODULE_DESCRIPTION("NHPoly1305 ε-almost-∆-universal hash function (AVX2-accelerated)");
76*4882a593Smuzhiyun MODULE_LICENSE("GPL v2");
77*4882a593Smuzhiyun MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
78*4882a593Smuzhiyun MODULE_ALIAS_CRYPTO("nhpoly1305");
79*4882a593Smuzhiyun MODULE_ALIAS_CRYPTO("nhpoly1305-avx2");
80