xref: /OK3568_Linux_fs/kernel/drivers/crypto/vmx/ghash.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun /**
3*4882a593Smuzhiyun  * GHASH routines supporting VMX instructions on the Power 8
4*4882a593Smuzhiyun  *
5*4882a593Smuzhiyun  * Copyright (C) 2015, 2019 International Business Machines Inc.
6*4882a593Smuzhiyun  *
7*4882a593Smuzhiyun  * Author: Marcelo Henrique Cerri <mhcerri@br.ibm.com>
8*4882a593Smuzhiyun  *
9*4882a593Smuzhiyun  * Extended by Daniel Axtens <dja@axtens.net> to replace the fallback
10*4882a593Smuzhiyun  * mechanism. The new approach is based on arm64 code, which is:
11*4882a593Smuzhiyun  *   Copyright (C) 2014 - 2018 Linaro Ltd. <ard.biesheuvel@linaro.org>
12*4882a593Smuzhiyun  */
13*4882a593Smuzhiyun 
14*4882a593Smuzhiyun #include <linux/types.h>
15*4882a593Smuzhiyun #include <linux/err.h>
16*4882a593Smuzhiyun #include <linux/crypto.h>
17*4882a593Smuzhiyun #include <linux/delay.h>
18*4882a593Smuzhiyun #include <asm/simd.h>
19*4882a593Smuzhiyun #include <asm/switch_to.h>
20*4882a593Smuzhiyun #include <crypto/aes.h>
21*4882a593Smuzhiyun #include <crypto/ghash.h>
22*4882a593Smuzhiyun #include <crypto/scatterwalk.h>
23*4882a593Smuzhiyun #include <crypto/internal/hash.h>
24*4882a593Smuzhiyun #include <crypto/internal/simd.h>
25*4882a593Smuzhiyun #include <crypto/b128ops.h>
26*4882a593Smuzhiyun 
27*4882a593Smuzhiyun void gcm_init_p8(u128 htable[16], const u64 Xi[2]);
28*4882a593Smuzhiyun void gcm_gmult_p8(u64 Xi[2], const u128 htable[16]);
29*4882a593Smuzhiyun void gcm_ghash_p8(u64 Xi[2], const u128 htable[16],
30*4882a593Smuzhiyun 		  const u8 *in, size_t len);
31*4882a593Smuzhiyun 
32*4882a593Smuzhiyun struct p8_ghash_ctx {
33*4882a593Smuzhiyun 	/* key used by vector asm */
34*4882a593Smuzhiyun 	u128 htable[16];
35*4882a593Smuzhiyun 	/* key used by software fallback */
36*4882a593Smuzhiyun 	be128 key;
37*4882a593Smuzhiyun };
38*4882a593Smuzhiyun 
39*4882a593Smuzhiyun struct p8_ghash_desc_ctx {
40*4882a593Smuzhiyun 	u64 shash[2];
41*4882a593Smuzhiyun 	u8 buffer[GHASH_DIGEST_SIZE];
42*4882a593Smuzhiyun 	int bytes;
43*4882a593Smuzhiyun };
44*4882a593Smuzhiyun 
p8_ghash_init(struct shash_desc * desc)45*4882a593Smuzhiyun static int p8_ghash_init(struct shash_desc *desc)
46*4882a593Smuzhiyun {
47*4882a593Smuzhiyun 	struct p8_ghash_desc_ctx *dctx = shash_desc_ctx(desc);
48*4882a593Smuzhiyun 
49*4882a593Smuzhiyun 	dctx->bytes = 0;
50*4882a593Smuzhiyun 	memset(dctx->shash, 0, GHASH_DIGEST_SIZE);
51*4882a593Smuzhiyun 	return 0;
52*4882a593Smuzhiyun }
53*4882a593Smuzhiyun 
p8_ghash_setkey(struct crypto_shash * tfm,const u8 * key,unsigned int keylen)54*4882a593Smuzhiyun static int p8_ghash_setkey(struct crypto_shash *tfm, const u8 *key,
55*4882a593Smuzhiyun 			   unsigned int keylen)
56*4882a593Smuzhiyun {
57*4882a593Smuzhiyun 	struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(tfm));
58*4882a593Smuzhiyun 
59*4882a593Smuzhiyun 	if (keylen != GHASH_BLOCK_SIZE)
60*4882a593Smuzhiyun 		return -EINVAL;
61*4882a593Smuzhiyun 
62*4882a593Smuzhiyun 	preempt_disable();
63*4882a593Smuzhiyun 	pagefault_disable();
64*4882a593Smuzhiyun 	enable_kernel_vsx();
65*4882a593Smuzhiyun 	gcm_init_p8(ctx->htable, (const u64 *) key);
66*4882a593Smuzhiyun 	disable_kernel_vsx();
67*4882a593Smuzhiyun 	pagefault_enable();
68*4882a593Smuzhiyun 	preempt_enable();
69*4882a593Smuzhiyun 
70*4882a593Smuzhiyun 	memcpy(&ctx->key, key, GHASH_BLOCK_SIZE);
71*4882a593Smuzhiyun 
72*4882a593Smuzhiyun 	return 0;
73*4882a593Smuzhiyun }
74*4882a593Smuzhiyun 
__ghash_block(struct p8_ghash_ctx * ctx,struct p8_ghash_desc_ctx * dctx)75*4882a593Smuzhiyun static inline void __ghash_block(struct p8_ghash_ctx *ctx,
76*4882a593Smuzhiyun 				 struct p8_ghash_desc_ctx *dctx)
77*4882a593Smuzhiyun {
78*4882a593Smuzhiyun 	if (crypto_simd_usable()) {
79*4882a593Smuzhiyun 		preempt_disable();
80*4882a593Smuzhiyun 		pagefault_disable();
81*4882a593Smuzhiyun 		enable_kernel_vsx();
82*4882a593Smuzhiyun 		gcm_ghash_p8(dctx->shash, ctx->htable,
83*4882a593Smuzhiyun 				dctx->buffer, GHASH_DIGEST_SIZE);
84*4882a593Smuzhiyun 		disable_kernel_vsx();
85*4882a593Smuzhiyun 		pagefault_enable();
86*4882a593Smuzhiyun 		preempt_enable();
87*4882a593Smuzhiyun 	} else {
88*4882a593Smuzhiyun 		crypto_xor((u8 *)dctx->shash, dctx->buffer, GHASH_BLOCK_SIZE);
89*4882a593Smuzhiyun 		gf128mul_lle((be128 *)dctx->shash, &ctx->key);
90*4882a593Smuzhiyun 	}
91*4882a593Smuzhiyun }
92*4882a593Smuzhiyun 
__ghash_blocks(struct p8_ghash_ctx * ctx,struct p8_ghash_desc_ctx * dctx,const u8 * src,unsigned int srclen)93*4882a593Smuzhiyun static inline void __ghash_blocks(struct p8_ghash_ctx *ctx,
94*4882a593Smuzhiyun 				  struct p8_ghash_desc_ctx *dctx,
95*4882a593Smuzhiyun 				  const u8 *src, unsigned int srclen)
96*4882a593Smuzhiyun {
97*4882a593Smuzhiyun 	if (crypto_simd_usable()) {
98*4882a593Smuzhiyun 		preempt_disable();
99*4882a593Smuzhiyun 		pagefault_disable();
100*4882a593Smuzhiyun 		enable_kernel_vsx();
101*4882a593Smuzhiyun 		gcm_ghash_p8(dctx->shash, ctx->htable,
102*4882a593Smuzhiyun 				src, srclen);
103*4882a593Smuzhiyun 		disable_kernel_vsx();
104*4882a593Smuzhiyun 		pagefault_enable();
105*4882a593Smuzhiyun 		preempt_enable();
106*4882a593Smuzhiyun 	} else {
107*4882a593Smuzhiyun 		while (srclen >= GHASH_BLOCK_SIZE) {
108*4882a593Smuzhiyun 			crypto_xor((u8 *)dctx->shash, src, GHASH_BLOCK_SIZE);
109*4882a593Smuzhiyun 			gf128mul_lle((be128 *)dctx->shash, &ctx->key);
110*4882a593Smuzhiyun 			srclen -= GHASH_BLOCK_SIZE;
111*4882a593Smuzhiyun 			src += GHASH_BLOCK_SIZE;
112*4882a593Smuzhiyun 		}
113*4882a593Smuzhiyun 	}
114*4882a593Smuzhiyun }
115*4882a593Smuzhiyun 
p8_ghash_update(struct shash_desc * desc,const u8 * src,unsigned int srclen)116*4882a593Smuzhiyun static int p8_ghash_update(struct shash_desc *desc,
117*4882a593Smuzhiyun 			   const u8 *src, unsigned int srclen)
118*4882a593Smuzhiyun {
119*4882a593Smuzhiyun 	unsigned int len;
120*4882a593Smuzhiyun 	struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(desc->tfm));
121*4882a593Smuzhiyun 	struct p8_ghash_desc_ctx *dctx = shash_desc_ctx(desc);
122*4882a593Smuzhiyun 
123*4882a593Smuzhiyun 	if (dctx->bytes) {
124*4882a593Smuzhiyun 		if (dctx->bytes + srclen < GHASH_DIGEST_SIZE) {
125*4882a593Smuzhiyun 			memcpy(dctx->buffer + dctx->bytes, src,
126*4882a593Smuzhiyun 				srclen);
127*4882a593Smuzhiyun 			dctx->bytes += srclen;
128*4882a593Smuzhiyun 			return 0;
129*4882a593Smuzhiyun 		}
130*4882a593Smuzhiyun 		memcpy(dctx->buffer + dctx->bytes, src,
131*4882a593Smuzhiyun 			GHASH_DIGEST_SIZE - dctx->bytes);
132*4882a593Smuzhiyun 
133*4882a593Smuzhiyun 		__ghash_block(ctx, dctx);
134*4882a593Smuzhiyun 
135*4882a593Smuzhiyun 		src += GHASH_DIGEST_SIZE - dctx->bytes;
136*4882a593Smuzhiyun 		srclen -= GHASH_DIGEST_SIZE - dctx->bytes;
137*4882a593Smuzhiyun 		dctx->bytes = 0;
138*4882a593Smuzhiyun 	}
139*4882a593Smuzhiyun 	len = srclen & ~(GHASH_DIGEST_SIZE - 1);
140*4882a593Smuzhiyun 	if (len) {
141*4882a593Smuzhiyun 		__ghash_blocks(ctx, dctx, src, len);
142*4882a593Smuzhiyun 		src += len;
143*4882a593Smuzhiyun 		srclen -= len;
144*4882a593Smuzhiyun 	}
145*4882a593Smuzhiyun 	if (srclen) {
146*4882a593Smuzhiyun 		memcpy(dctx->buffer, src, srclen);
147*4882a593Smuzhiyun 		dctx->bytes = srclen;
148*4882a593Smuzhiyun 	}
149*4882a593Smuzhiyun 	return 0;
150*4882a593Smuzhiyun }
151*4882a593Smuzhiyun 
p8_ghash_final(struct shash_desc * desc,u8 * out)152*4882a593Smuzhiyun static int p8_ghash_final(struct shash_desc *desc, u8 *out)
153*4882a593Smuzhiyun {
154*4882a593Smuzhiyun 	int i;
155*4882a593Smuzhiyun 	struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(desc->tfm));
156*4882a593Smuzhiyun 	struct p8_ghash_desc_ctx *dctx = shash_desc_ctx(desc);
157*4882a593Smuzhiyun 
158*4882a593Smuzhiyun 	if (dctx->bytes) {
159*4882a593Smuzhiyun 		for (i = dctx->bytes; i < GHASH_DIGEST_SIZE; i++)
160*4882a593Smuzhiyun 			dctx->buffer[i] = 0;
161*4882a593Smuzhiyun 		__ghash_block(ctx, dctx);
162*4882a593Smuzhiyun 		dctx->bytes = 0;
163*4882a593Smuzhiyun 	}
164*4882a593Smuzhiyun 	memcpy(out, dctx->shash, GHASH_DIGEST_SIZE);
165*4882a593Smuzhiyun 	return 0;
166*4882a593Smuzhiyun }
167*4882a593Smuzhiyun 
168*4882a593Smuzhiyun struct shash_alg p8_ghash_alg = {
169*4882a593Smuzhiyun 	.digestsize = GHASH_DIGEST_SIZE,
170*4882a593Smuzhiyun 	.init = p8_ghash_init,
171*4882a593Smuzhiyun 	.update = p8_ghash_update,
172*4882a593Smuzhiyun 	.final = p8_ghash_final,
173*4882a593Smuzhiyun 	.setkey = p8_ghash_setkey,
174*4882a593Smuzhiyun 	.descsize = sizeof(struct p8_ghash_desc_ctx)
175*4882a593Smuzhiyun 		+ sizeof(struct ghash_desc_ctx),
176*4882a593Smuzhiyun 	.base = {
177*4882a593Smuzhiyun 		 .cra_name = "ghash",
178*4882a593Smuzhiyun 		 .cra_driver_name = "p8_ghash",
179*4882a593Smuzhiyun 		 .cra_priority = 1000,
180*4882a593Smuzhiyun 		 .cra_blocksize = GHASH_BLOCK_SIZE,
181*4882a593Smuzhiyun 		 .cra_ctxsize = sizeof(struct p8_ghash_ctx),
182*4882a593Smuzhiyun 		 .cra_module = THIS_MODULE,
183*4882a593Smuzhiyun 	},
184*4882a593Smuzhiyun };
185