1012c8238SEric Biggers // SPDX-License-Identifier: GPL-2.0
2012c8238SEric Biggers /*
3012c8238SEric Biggers * NHPoly1305 - ε-almost-∆-universal hash function for Adiantum
4012c8238SEric Biggers * (SSE2 accelerated version)
5012c8238SEric Biggers *
6012c8238SEric Biggers * Copyright 2018 Google LLC
7012c8238SEric Biggers */
8012c8238SEric Biggers
9012c8238SEric Biggers #include <crypto/internal/hash.h>
10f2abe0d7SEric Biggers #include <crypto/internal/simd.h>
11012c8238SEric Biggers #include <crypto/nhpoly1305.h>
12012c8238SEric Biggers #include <linux/module.h>
130c3dc787SHerbert Xu #include <linux/sizes.h>
14f2abe0d7SEric Biggers #include <asm/simd.h>
15012c8238SEric Biggers
16012c8238SEric Biggers asmlinkage void nh_sse2(const u32 *key, const u8 *message, size_t message_len,
17*0f8bc4bdSEric Biggers __le64 hash[NH_NUM_PASSES]);
18012c8238SEric Biggers
nhpoly1305_sse2_update(struct shash_desc * desc,const u8 * src,unsigned int srclen)19012c8238SEric Biggers static int nhpoly1305_sse2_update(struct shash_desc *desc,
20012c8238SEric Biggers const u8 *src, unsigned int srclen)
21012c8238SEric Biggers {
22f2abe0d7SEric Biggers if (srclen < 64 || !crypto_simd_usable())
23012c8238SEric Biggers return crypto_nhpoly1305_update(desc, src, srclen);
24012c8238SEric Biggers
25012c8238SEric Biggers do {
26a9a8ba90SJason A. Donenfeld unsigned int n = min_t(unsigned int, srclen, SZ_4K);
27012c8238SEric Biggers
28012c8238SEric Biggers kernel_fpu_begin();
29*0f8bc4bdSEric Biggers crypto_nhpoly1305_update_helper(desc, src, n, nh_sse2);
30012c8238SEric Biggers kernel_fpu_end();
31012c8238SEric Biggers src += n;
32012c8238SEric Biggers srclen -= n;
33012c8238SEric Biggers } while (srclen);
34012c8238SEric Biggers return 0;
35012c8238SEric Biggers }
36012c8238SEric Biggers
37012c8238SEric Biggers static struct shash_alg nhpoly1305_alg = {
38012c8238SEric Biggers .base.cra_name = "nhpoly1305",
39012c8238SEric Biggers .base.cra_driver_name = "nhpoly1305-sse2",
40012c8238SEric Biggers .base.cra_priority = 200,
41012c8238SEric Biggers .base.cra_ctxsize = sizeof(struct nhpoly1305_key),
42012c8238SEric Biggers .base.cra_module = THIS_MODULE,
43012c8238SEric Biggers .digestsize = POLY1305_DIGEST_SIZE,
44012c8238SEric Biggers .init = crypto_nhpoly1305_init,
45012c8238SEric Biggers .update = nhpoly1305_sse2_update,
46012c8238SEric Biggers .final = crypto_nhpoly1305_final,
47012c8238SEric Biggers .setkey = crypto_nhpoly1305_setkey,
48012c8238SEric Biggers .descsize = sizeof(struct nhpoly1305_state),
49012c8238SEric Biggers };
50012c8238SEric Biggers
nhpoly1305_mod_init(void)51012c8238SEric Biggers static int __init nhpoly1305_mod_init(void)
52012c8238SEric Biggers {
53012c8238SEric Biggers if (!boot_cpu_has(X86_FEATURE_XMM2))
54012c8238SEric Biggers return -ENODEV;
55012c8238SEric Biggers
56012c8238SEric Biggers return crypto_register_shash(&nhpoly1305_alg);
57012c8238SEric Biggers }
58012c8238SEric Biggers
nhpoly1305_mod_exit(void)59012c8238SEric Biggers static void __exit nhpoly1305_mod_exit(void)
60012c8238SEric Biggers {
61012c8238SEric Biggers crypto_unregister_shash(&nhpoly1305_alg);
62012c8238SEric Biggers }
63012c8238SEric Biggers
64012c8238SEric Biggers module_init(nhpoly1305_mod_init);
65012c8238SEric Biggers module_exit(nhpoly1305_mod_exit);
66012c8238SEric Biggers
67012c8238SEric Biggers MODULE_DESCRIPTION("NHPoly1305 ε-almost-∆-universal hash function (SSE2-accelerated)");
68012c8238SEric Biggers MODULE_LICENSE("GPL v2");
69012c8238SEric Biggers MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
70012c8238SEric Biggers MODULE_ALIAS_CRYPTO("nhpoly1305");
71012c8238SEric Biggers MODULE_ALIAS_CRYPTO("nhpoly1305-sse2");
72