2 * Accelerated GHASH implementation with ARMv8 vmull.p64 instructions.
4 * Copyright (C) 2015 Linaro Ltd. <ard.biesheuvel@linaro.org>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 as published
8 * by the Free Software Foundation.
11 #include <asm/hwcap.h>
14 #include <asm/unaligned.h>
15 #include <crypto/cryptd.h>
16 #include <crypto/internal/hash.h>
17 #include <crypto/gf128mul.h>
18 #include <linux/cpufeature.h>
19 #include <linux/crypto.h>
20 #include <linux/module.h>
22 MODULE_DESCRIPTION("GHASH secure hash using ARMv8 Crypto Extensions");
23 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
24 MODULE_LICENSE("GPL v2");
25 MODULE_ALIAS_CRYPTO("ghash");
27 #define GHASH_BLOCK_SIZE 16
28 #define GHASH_DIGEST_SIZE 16
35 struct ghash_desc_ctx {
36 u64 digest[GHASH_DIGEST_SIZE/sizeof(u64)];
37 u8 buf[GHASH_BLOCK_SIZE];
41 struct ghash_async_ctx {
42 struct cryptd_ahash *cryptd_tfm;
45 asmlinkage void pmull_ghash_update_p64(int blocks, u64 dg[], const char *src,
46 struct ghash_key const *k,
49 asmlinkage void pmull_ghash_update_p8(int blocks, u64 dg[], const char *src,
50 struct ghash_key const *k,
53 static void (*pmull_ghash_update)(int blocks, u64 dg[], const char *src,
54 struct ghash_key const *k,
57 static int ghash_init(struct shash_desc *desc)
59 struct ghash_desc_ctx *ctx = shash_desc_ctx(desc);
61 *ctx = (struct ghash_desc_ctx){};
65 static int ghash_update(struct shash_desc *desc, const u8 *src,
68 struct ghash_desc_ctx *ctx = shash_desc_ctx(desc);
69 unsigned int partial = ctx->count % GHASH_BLOCK_SIZE;
73 if ((partial + len) >= GHASH_BLOCK_SIZE) {
74 struct ghash_key *key = crypto_shash_ctx(desc->tfm);
78 int p = GHASH_BLOCK_SIZE - partial;
80 memcpy(ctx->buf + partial, src, p);
85 blocks = len / GHASH_BLOCK_SIZE;
86 len %= GHASH_BLOCK_SIZE;
89 pmull_ghash_update(blocks, ctx->digest, src, key,
90 partial ? ctx->buf : NULL);
92 src += blocks * GHASH_BLOCK_SIZE;
96 memcpy(ctx->buf + partial, src, len);
100 static int ghash_final(struct shash_desc *desc, u8 *dst)
102 struct ghash_desc_ctx *ctx = shash_desc_ctx(desc);
103 unsigned int partial = ctx->count % GHASH_BLOCK_SIZE;
106 struct ghash_key *key = crypto_shash_ctx(desc->tfm);
108 memset(ctx->buf + partial, 0, GHASH_BLOCK_SIZE - partial);
110 pmull_ghash_update(1, ctx->digest, ctx->buf, key, NULL);
113 put_unaligned_be64(ctx->digest[1], dst);
114 put_unaligned_be64(ctx->digest[0], dst + 8);
116 *ctx = (struct ghash_desc_ctx){};
120 static int ghash_setkey(struct crypto_shash *tfm,
121 const u8 *inkey, unsigned int keylen)
123 struct ghash_key *key = crypto_shash_ctx(tfm);
126 if (keylen != GHASH_BLOCK_SIZE) {
127 crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
131 /* perform multiplication by 'x' in GF(2^128) */
132 b = get_unaligned_be64(inkey);
133 a = get_unaligned_be64(inkey + 8);
135 key->a = (a << 1) | (b >> 63);
136 key->b = (b << 1) | (a >> 63);
139 key->b ^= 0xc200000000000000UL;
144 static struct shash_alg ghash_alg = {
145 .digestsize = GHASH_DIGEST_SIZE,
147 .update = ghash_update,
148 .final = ghash_final,
149 .setkey = ghash_setkey,
150 .descsize = sizeof(struct ghash_desc_ctx),
152 .cra_name = "__ghash",
153 .cra_driver_name = "__driver-ghash-ce",
155 .cra_flags = CRYPTO_ALG_TYPE_SHASH | CRYPTO_ALG_INTERNAL,
156 .cra_blocksize = GHASH_BLOCK_SIZE,
157 .cra_ctxsize = sizeof(struct ghash_key),
158 .cra_module = THIS_MODULE,
162 static int ghash_async_init(struct ahash_request *req)
164 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
165 struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
166 struct ahash_request *cryptd_req = ahash_request_ctx(req);
167 struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
168 struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
169 struct crypto_shash *child = cryptd_ahash_child(cryptd_tfm);
172 desc->flags = req->base.flags;
173 return crypto_shash_init(desc);
176 static int ghash_async_update(struct ahash_request *req)
178 struct ahash_request *cryptd_req = ahash_request_ctx(req);
179 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
180 struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
181 struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
183 if (!may_use_simd() ||
184 (in_atomic() && cryptd_ahash_queued(cryptd_tfm))) {
185 memcpy(cryptd_req, req, sizeof(*req));
186 ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
187 return crypto_ahash_update(cryptd_req);
189 struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
190 return shash_ahash_update(req, desc);
194 static int ghash_async_final(struct ahash_request *req)
196 struct ahash_request *cryptd_req = ahash_request_ctx(req);
197 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
198 struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
199 struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
201 if (!may_use_simd() ||
202 (in_atomic() && cryptd_ahash_queued(cryptd_tfm))) {
203 memcpy(cryptd_req, req, sizeof(*req));
204 ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
205 return crypto_ahash_final(cryptd_req);
207 struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
208 return crypto_shash_final(desc, req->result);
212 static int ghash_async_digest(struct ahash_request *req)
214 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
215 struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
216 struct ahash_request *cryptd_req = ahash_request_ctx(req);
217 struct cryptd_ahash *cryptd_tfm = ctx->cryptd_tfm;
219 if (!may_use_simd() ||
220 (in_atomic() && cryptd_ahash_queued(cryptd_tfm))) {
221 memcpy(cryptd_req, req, sizeof(*req));
222 ahash_request_set_tfm(cryptd_req, &cryptd_tfm->base);
223 return crypto_ahash_digest(cryptd_req);
225 struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
226 struct crypto_shash *child = cryptd_ahash_child(cryptd_tfm);
229 desc->flags = req->base.flags;
230 return shash_ahash_digest(req, desc);
234 static int ghash_async_import(struct ahash_request *req, const void *in)
236 struct ahash_request *cryptd_req = ahash_request_ctx(req);
237 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
238 struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
239 struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
241 desc->tfm = cryptd_ahash_child(ctx->cryptd_tfm);
242 desc->flags = req->base.flags;
244 return crypto_shash_import(desc, in);
247 static int ghash_async_export(struct ahash_request *req, void *out)
249 struct ahash_request *cryptd_req = ahash_request_ctx(req);
250 struct shash_desc *desc = cryptd_shash_desc(cryptd_req);
252 return crypto_shash_export(desc, out);
255 static int ghash_async_setkey(struct crypto_ahash *tfm, const u8 *key,
258 struct ghash_async_ctx *ctx = crypto_ahash_ctx(tfm);
259 struct crypto_ahash *child = &ctx->cryptd_tfm->base;
262 crypto_ahash_clear_flags(child, CRYPTO_TFM_REQ_MASK);
263 crypto_ahash_set_flags(child, crypto_ahash_get_flags(tfm)
264 & CRYPTO_TFM_REQ_MASK);
265 err = crypto_ahash_setkey(child, key, keylen);
266 crypto_ahash_set_flags(tfm, crypto_ahash_get_flags(child)
267 & CRYPTO_TFM_RES_MASK);
272 static int ghash_async_init_tfm(struct crypto_tfm *tfm)
274 struct cryptd_ahash *cryptd_tfm;
275 struct ghash_async_ctx *ctx = crypto_tfm_ctx(tfm);
277 cryptd_tfm = cryptd_alloc_ahash("__driver-ghash-ce",
279 CRYPTO_ALG_INTERNAL);
280 if (IS_ERR(cryptd_tfm))
281 return PTR_ERR(cryptd_tfm);
282 ctx->cryptd_tfm = cryptd_tfm;
283 crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
284 sizeof(struct ahash_request) +
285 crypto_ahash_reqsize(&cryptd_tfm->base));
290 static void ghash_async_exit_tfm(struct crypto_tfm *tfm)
292 struct ghash_async_ctx *ctx = crypto_tfm_ctx(tfm);
294 cryptd_free_ahash(ctx->cryptd_tfm);
297 static struct ahash_alg ghash_async_alg = {
298 .init = ghash_async_init,
299 .update = ghash_async_update,
300 .final = ghash_async_final,
301 .setkey = ghash_async_setkey,
302 .digest = ghash_async_digest,
303 .import = ghash_async_import,
304 .export = ghash_async_export,
305 .halg.digestsize = GHASH_DIGEST_SIZE,
306 .halg.statesize = sizeof(struct ghash_desc_ctx),
309 .cra_driver_name = "ghash-ce",
311 .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC,
312 .cra_blocksize = GHASH_BLOCK_SIZE,
313 .cra_type = &crypto_ahash_type,
314 .cra_ctxsize = sizeof(struct ghash_async_ctx),
315 .cra_module = THIS_MODULE,
316 .cra_init = ghash_async_init_tfm,
317 .cra_exit = ghash_async_exit_tfm,
321 static int __init ghash_ce_mod_init(void)
325 if (!(elf_hwcap & HWCAP_NEON))
328 if (elf_hwcap2 & HWCAP2_PMULL)
329 pmull_ghash_update = pmull_ghash_update_p64;
331 pmull_ghash_update = pmull_ghash_update_p8;
333 err = crypto_register_shash(&ghash_alg);
336 err = crypto_register_ahash(&ghash_async_alg);
343 crypto_unregister_shash(&ghash_alg);
347 static void __exit ghash_ce_mod_exit(void)
349 crypto_unregister_ahash(&ghash_async_alg);
350 crypto_unregister_shash(&ghash_alg);
353 module_init(ghash_ce_mod_init);
354 module_exit(ghash_ce_mod_exit);
projects / librecmc / linux-libre.git / blob