1*012c8238SEric Biggers // SPDX-License-Identifier: GPL-2.0 2*012c8238SEric Biggers /* 3*012c8238SEric Biggers * NHPoly1305 - ε-almost-∆-universal hash function for Adiantum 4*012c8238SEric Biggers * (SSE2 accelerated version) 5*012c8238SEric Biggers * 6*012c8238SEric Biggers * Copyright 2018 Google LLC 7*012c8238SEric Biggers */ 8*012c8238SEric Biggers 9*012c8238SEric Biggers #include <crypto/internal/hash.h> 10*012c8238SEric Biggers #include <crypto/nhpoly1305.h> 11*012c8238SEric Biggers #include <linux/module.h> 12*012c8238SEric Biggers #include <asm/fpu/api.h> 13*012c8238SEric Biggers 14*012c8238SEric Biggers asmlinkage void nh_sse2(const u32 *key, const u8 *message, size_t message_len, 15*012c8238SEric Biggers u8 hash[NH_HASH_BYTES]); 16*012c8238SEric Biggers 17*012c8238SEric Biggers /* wrapper to avoid indirect call to assembly, which doesn't work with CFI */ 18*012c8238SEric Biggers static void _nh_sse2(const u32 *key, const u8 *message, size_t message_len, 19*012c8238SEric Biggers __le64 hash[NH_NUM_PASSES]) 20*012c8238SEric Biggers { 21*012c8238SEric Biggers nh_sse2(key, message, message_len, (u8 *)hash); 22*012c8238SEric Biggers } 23*012c8238SEric Biggers 24*012c8238SEric Biggers static int nhpoly1305_sse2_update(struct shash_desc *desc, 25*012c8238SEric Biggers const u8 *src, unsigned int srclen) 26*012c8238SEric Biggers { 27*012c8238SEric Biggers if (srclen < 64 || !irq_fpu_usable()) 28*012c8238SEric Biggers return crypto_nhpoly1305_update(desc, src, srclen); 29*012c8238SEric Biggers 30*012c8238SEric Biggers do { 31*012c8238SEric Biggers unsigned int n = min_t(unsigned int, srclen, PAGE_SIZE); 32*012c8238SEric Biggers 33*012c8238SEric Biggers kernel_fpu_begin(); 34*012c8238SEric Biggers crypto_nhpoly1305_update_helper(desc, src, n, _nh_sse2); 35*012c8238SEric Biggers kernel_fpu_end(); 36*012c8238SEric Biggers src += n; 37*012c8238SEric Biggers srclen -= n; 38*012c8238SEric Biggers } while (srclen); 39*012c8238SEric Biggers return 0; 40*012c8238SEric Biggers } 41*012c8238SEric Biggers 42*012c8238SEric Biggers static struct shash_alg nhpoly1305_alg = { 43*012c8238SEric Biggers .base.cra_name = "nhpoly1305", 44*012c8238SEric Biggers .base.cra_driver_name = "nhpoly1305-sse2", 45*012c8238SEric Biggers .base.cra_priority = 200, 46*012c8238SEric Biggers .base.cra_ctxsize = sizeof(struct nhpoly1305_key), 47*012c8238SEric Biggers .base.cra_module = THIS_MODULE, 48*012c8238SEric Biggers .digestsize = POLY1305_DIGEST_SIZE, 49*012c8238SEric Biggers .init = crypto_nhpoly1305_init, 50*012c8238SEric Biggers .update = nhpoly1305_sse2_update, 51*012c8238SEric Biggers .final = crypto_nhpoly1305_final, 52*012c8238SEric Biggers .setkey = crypto_nhpoly1305_setkey, 53*012c8238SEric Biggers .descsize = sizeof(struct nhpoly1305_state), 54*012c8238SEric Biggers }; 55*012c8238SEric Biggers 56*012c8238SEric Biggers static int __init nhpoly1305_mod_init(void) 57*012c8238SEric Biggers { 58*012c8238SEric Biggers if (!boot_cpu_has(X86_FEATURE_XMM2)) 59*012c8238SEric Biggers return -ENODEV; 60*012c8238SEric Biggers 61*012c8238SEric Biggers return crypto_register_shash(&nhpoly1305_alg); 62*012c8238SEric Biggers } 63*012c8238SEric Biggers 64*012c8238SEric Biggers static void __exit nhpoly1305_mod_exit(void) 65*012c8238SEric Biggers { 66*012c8238SEric Biggers crypto_unregister_shash(&nhpoly1305_alg); 67*012c8238SEric Biggers } 68*012c8238SEric Biggers 69*012c8238SEric Biggers module_init(nhpoly1305_mod_init); 70*012c8238SEric Biggers module_exit(nhpoly1305_mod_exit); 71*012c8238SEric Biggers 72*012c8238SEric Biggers MODULE_DESCRIPTION("NHPoly1305 ε-almost-∆-universal hash function (SSE2-accelerated)"); 73*012c8238SEric Biggers MODULE_LICENSE("GPL v2"); 74*012c8238SEric Biggers MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>"); 75*012c8238SEric Biggers MODULE_ALIAS_CRYPTO("nhpoly1305"); 76*012c8238SEric Biggers MODULE_ALIAS_CRYPTO("nhpoly1305-sse2"); 77