poly1305-glue.c source code [linux/arch/mips/crypto/poly1305-glue.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* OpenSSL/Cryptogams accelerated Poly1305 transform for MIPS
4	*
5	* Copyright (C) 2019 Linaro Ltd. <ard.biesheuvel@linaro.org>
6	*/
7
8	#include <asm/unaligned.h>
9	#include <crypto/algapi.h>
10	#include <crypto/internal/hash.h>
11	#include <crypto/internal/poly1305.h>
12	#include <linux/cpufeature.h>
13	#include <linux/crypto.h>
14	#include <linux/module.h>
15
16	asmlinkage void poly1305_init_mips(void state, const* u8 *key);
17	asmlinkage void poly1305_blocks_mips(void state, const* u8 *src, u32 len, u32 hibit);
18	asmlinkage void poly1305_emit_mips(void state, u8 digest, const u32 *nonce);
19
20	void poly1305_init_arch(struct poly1305_desc_ctx dctx, const* u8 key[POLY1305_KEY_SIZE])
21	{
22	poly1305_init_mips(state: &dctx->h, key);
23	dctx->s[`0`] = get_unaligned_le32(p: key + `16`);
24	dctx->s[`1`] = get_unaligned_le32(p: key + `20`);
25	dctx->s[`2`] = get_unaligned_le32(p: key + `24`);
26	dctx->s[`3`] = get_unaligned_le32(p: key + `28`);
27	dctx->buflen = `0`;
28	}
29	EXPORT_SYMBOL(poly1305_init_arch);
30
31	static int mips_poly1305_init(struct shash_desc *desc)
32	{
33	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
34
35	dctx->buflen = `0`;
36	dctx->rset = `0`;
37	dctx->sset = false;
38
39	return `0`;
40	}
41
42	static void mips_poly1305_blocks(struct poly1305_desc_ctx dctx, const* u8 *src,
43	u32 len, u32 hibit)
44	{
45	if (unlikely(!dctx->sset)) {
46	if (!dctx->rset) {
47	poly1305_init_mips(state: &dctx->h, key: src);
48	src += POLY1305_BLOCK_SIZE;
49	len -= POLY1305_BLOCK_SIZE;
50	dctx->rset = `1`;
51	}
52	if (len >= POLY1305_BLOCK_SIZE) {
53	dctx->s[`0`] = get_unaligned_le32(p: src + `0`);
54	dctx->s[`1`] = get_unaligned_le32(p: src + `4`);
55	dctx->s[`2`] = get_unaligned_le32(p: src + `8`);
56	dctx->s[`3`] = get_unaligned_le32(p: src + `12`);
57	src += POLY1305_BLOCK_SIZE;
58	len -= POLY1305_BLOCK_SIZE;
59	dctx->sset = true;
60	}
61	if (len < POLY1305_BLOCK_SIZE)
62	return;
63	}
64
65	len &= ~(POLY1305_BLOCK_SIZE - `1`);
66
67	poly1305_blocks_mips(state: &dctx->h, src, len, hibit);
68	}
69
70	static int mips_poly1305_update(struct shash_desc desc, const* u8 *src,
71	unsigned int len)
72	{
73	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
74
75	if (unlikely(dctx->buflen)) {
76	u32 bytes = min(len, POLY1305_BLOCK_SIZE - dctx->buflen);
77
78	memcpy(dctx->buf + dctx->buflen, src, bytes);
79	src += bytes;
80	len -= bytes;
81	dctx->buflen += bytes;
82
83	if (dctx->buflen == POLY1305_BLOCK_SIZE) {
84	mips_poly1305_blocks(dctx, src: dctx->buf, POLY1305_BLOCK_SIZE, hibit: `1`);
85	dctx->buflen = `0`;
86	}
87	}
88
89	if (likely(len >= POLY1305_BLOCK_SIZE)) {
90	mips_poly1305_blocks(dctx, src, len, hibit: `1`);
91	src += round_down(len, POLY1305_BLOCK_SIZE);
92	len %= POLY1305_BLOCK_SIZE;
93	}
94
95	if (unlikely(len)) {
96	dctx->buflen = len;
97	memcpy(dctx->buf, src, len);
98	}
99	return `0`;
100	}
101
102	void poly1305_update_arch(struct poly1305_desc_ctx dctx, const* u8 *src,
103	unsigned int nbytes)
104	{
105	if (unlikely(dctx->buflen)) {
106	u32 bytes = min(nbytes, POLY1305_BLOCK_SIZE - dctx->buflen);
107
108	memcpy(dctx->buf + dctx->buflen, src, bytes);
109	src += bytes;
110	nbytes -= bytes;
111	dctx->buflen += bytes;
112
113	if (dctx->buflen == POLY1305_BLOCK_SIZE) {
114	poly1305_blocks_mips(state: &dctx->h, src: dctx->buf,
115	POLY1305_BLOCK_SIZE, hibit: `1`);
116	dctx->buflen = `0`;
117	}
118	}
119
120	if (likely(nbytes >= POLY1305_BLOCK_SIZE)) {
121	unsigned int len = round_down(nbytes, POLY1305_BLOCK_SIZE);
122
123	poly1305_blocks_mips(state: &dctx->h, src, len, hibit: `1`);
124	src += len;
125	nbytes %= POLY1305_BLOCK_SIZE;
126	}
127
128	if (unlikely(nbytes)) {
129	dctx->buflen = nbytes;
130	memcpy(dctx->buf, src, nbytes);
131	}
132	}
133	EXPORT_SYMBOL(poly1305_update_arch);
134
135	void poly1305_final_arch(struct poly1305_desc_ctx dctx, u8 dst)
136	{
137	if (unlikely(dctx->buflen)) {
138	dctx->buf[dctx->buflen++] = `1`;
139	memset(dctx->buf + dctx->buflen, `0`,
140	POLY1305_BLOCK_SIZE - dctx->buflen);
141	poly1305_blocks_mips(state: &dctx->h, src: dctx->buf, POLY1305_BLOCK_SIZE, hibit: `0`);
142	}
143
144	poly1305_emit_mips(state: &dctx->h, digest: dst, nonce: dctx->s);
145	dctx = (struct* poly1305_desc_ctx){};
146	}
147	EXPORT_SYMBOL(poly1305_final_arch);
148
149	static int mips_poly1305_final(struct shash_desc desc, u8 dst)
150	{
151	struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
152
153	if (unlikely(!dctx->sset))
154	return -ENOKEY;
155
156	poly1305_final_arch(dctx, dst);
157	return `0`;
158	}
159
160	static struct shash_alg mips_poly1305_alg = {
161	.init = mips_poly1305_init,
162	.update = mips_poly1305_update,
163	.final = mips_poly1305_final,
164	.digestsize = POLY1305_DIGEST_SIZE,
165	.descsize = sizeof(struct poly1305_desc_ctx),
166
167	.base.cra_name = "poly1305",
168	.base.cra_driver_name = "poly1305-mips",
169	.base.cra_priority = `200`,
170	.base.cra_blocksize = POLY1305_BLOCK_SIZE,
171	.base.cra_module = THIS_MODULE,
172	};
173
174	static int __init mips_poly1305_mod_init(void)
175	{
176	return IS_REACHABLE(CONFIG_CRYPTO_HASH) ?
177	crypto_register_shash(alg: &mips_poly1305_alg) : `0`;
178	}
179
180	static void __exit mips_poly1305_mod_exit(void)
181	{
182	if (IS_REACHABLE(CONFIG_CRYPTO_HASH))
183	crypto_unregister_shash(alg: &mips_poly1305_alg);
184	}
185
186	module_init(mips_poly1305_mod_init);
187	module_exit(mips_poly1305_mod_exit);
188
189	MODULE_LICENSE("GPL v2");
190	MODULE_ALIAS_CRYPTO("poly1305");
191	MODULE_ALIAS_CRYPTO("poly1305-mips");
192

source code of linux/arch/mips/crypto/poly1305-glue.c