Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/arch/x86/crypto/chacha_glue.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * x64 SIMD accelerated ChaCha and XChaCha stream ciphers,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  * including ChaCha20 (RFC7539)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * Copyright (C) 2015 Martin Willi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #include <crypto/algapi.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include <crypto/internal/chacha.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <crypto/internal/simd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <crypto/internal/skcipher.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/sizes.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <asm/simd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) asmlinkage void chacha_block_xor_ssse3(u32 *state, u8 *dst, const u8 *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) 				       unsigned int len, int nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) asmlinkage void chacha_4block_xor_ssse3(u32 *state, u8 *dst, const u8 *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 					unsigned int len, int nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) asmlinkage void hchacha_block_ssse3(const u32 *state, u32 *out, int nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) asmlinkage void chacha_2block_xor_avx2(u32 *state, u8 *dst, const u8 *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 				       unsigned int len, int nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) asmlinkage void chacha_4block_xor_avx2(u32 *state, u8 *dst, const u8 *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 				       unsigned int len, int nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) asmlinkage void chacha_8block_xor_avx2(u32 *state, u8 *dst, const u8 *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 				       unsigned int len, int nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) asmlinkage void chacha_2block_xor_avx512vl(u32 *state, u8 *dst, const u8 *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 					   unsigned int len, int nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) asmlinkage void chacha_4block_xor_avx512vl(u32 *state, u8 *dst, const u8 *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 					   unsigned int len, int nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) asmlinkage void chacha_8block_xor_avx512vl(u32 *state, u8 *dst, const u8 *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 					   unsigned int len, int nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) static __ro_after_init DEFINE_STATIC_KEY_FALSE(chacha_use_simd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) static __ro_after_init DEFINE_STATIC_KEY_FALSE(chacha_use_avx2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) static __ro_after_init DEFINE_STATIC_KEY_FALSE(chacha_use_avx512vl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) static unsigned int chacha_advance(unsigned int len, unsigned int maxblocks)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	len = min(len, maxblocks * CHACHA_BLOCK_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 	return round_up(len, CHACHA_BLOCK_SIZE) / CHACHA_BLOCK_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) static void chacha_dosimd(u32 *state, u8 *dst, const u8 *src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 			  unsigned int bytes, int nrounds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 	if (IS_ENABLED(CONFIG_AS_AVX512) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	    static_branch_likely(&chacha_use_avx512vl)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 		while (bytes >= CHACHA_BLOCK_SIZE * 8) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 			chacha_8block_xor_avx512vl(state, dst, src, bytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 						   nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 			bytes -= CHACHA_BLOCK_SIZE * 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 			src += CHACHA_BLOCK_SIZE * 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 			dst += CHACHA_BLOCK_SIZE * 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 			state[12] += 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 		if (bytes > CHACHA_BLOCK_SIZE * 4) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 			chacha_8block_xor_avx512vl(state, dst, src, bytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 						   nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 			state[12] += chacha_advance(bytes, 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 			return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 		if (bytes > CHACHA_BLOCK_SIZE * 2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 			chacha_4block_xor_avx512vl(state, dst, src, bytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 						   nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 			state[12] += chacha_advance(bytes, 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 			return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 		if (bytes) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 			chacha_2block_xor_avx512vl(state, dst, src, bytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 						   nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 			state[12] += chacha_advance(bytes, 2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 			return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 	if (static_branch_likely(&chacha_use_avx2)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 		while (bytes >= CHACHA_BLOCK_SIZE * 8) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 			chacha_8block_xor_avx2(state, dst, src, bytes, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 			bytes -= CHACHA_BLOCK_SIZE * 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 			src += CHACHA_BLOCK_SIZE * 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 			dst += CHACHA_BLOCK_SIZE * 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 			state[12] += 8;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 		if (bytes > CHACHA_BLOCK_SIZE * 4) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 			chacha_8block_xor_avx2(state, dst, src, bytes, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 			state[12] += chacha_advance(bytes, 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 			return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 		if (bytes > CHACHA_BLOCK_SIZE * 2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 			chacha_4block_xor_avx2(state, dst, src, bytes, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 			state[12] += chacha_advance(bytes, 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 			return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 		if (bytes > CHACHA_BLOCK_SIZE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 			chacha_2block_xor_avx2(state, dst, src, bytes, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 			state[12] += chacha_advance(bytes, 2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 			return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	while (bytes >= CHACHA_BLOCK_SIZE * 4) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 		chacha_4block_xor_ssse3(state, dst, src, bytes, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 		bytes -= CHACHA_BLOCK_SIZE * 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 		src += CHACHA_BLOCK_SIZE * 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 		dst += CHACHA_BLOCK_SIZE * 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 		state[12] += 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 	if (bytes > CHACHA_BLOCK_SIZE) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 		chacha_4block_xor_ssse3(state, dst, src, bytes, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 		state[12] += chacha_advance(bytes, 4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 	if (bytes) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 		chacha_block_xor_ssse3(state, dst, src, bytes, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 		state[12]++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) void hchacha_block_arch(const u32 *state, u32 *stream, int nrounds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	if (!static_branch_likely(&chacha_use_simd) || !crypto_simd_usable()) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 		hchacha_block_generic(state, stream, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 		kernel_fpu_begin();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) 		hchacha_block_ssse3(state, stream, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 		kernel_fpu_end();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) EXPORT_SYMBOL(hchacha_block_arch);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) void chacha_init_arch(u32 *state, const u32 *key, const u8 *iv)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 	chacha_init_generic(state, key, iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) EXPORT_SYMBOL(chacha_init_arch);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) void chacha_crypt_arch(u32 *state, u8 *dst, const u8 *src, unsigned int bytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 		       int nrounds)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 	if (!static_branch_likely(&chacha_use_simd) || !crypto_simd_usable() ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 	    bytes <= CHACHA_BLOCK_SIZE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 		return chacha_crypt_generic(state, dst, src, bytes, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 	do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 		unsigned int todo = min_t(unsigned int, bytes, SZ_4K);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 		kernel_fpu_begin();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 		chacha_dosimd(state, dst, src, todo, nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 		kernel_fpu_end();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 		bytes -= todo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 		src += todo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) 		dst += todo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	} while (bytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) EXPORT_SYMBOL(chacha_crypt_arch);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) static int chacha_simd_stream_xor(struct skcipher_request *req,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 				  const struct chacha_ctx *ctx, const u8 *iv)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	u32 state[CHACHA_STATE_WORDS] __aligned(8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	struct skcipher_walk walk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 	int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 	err = skcipher_walk_virt(&walk, req, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 	chacha_init_generic(state, ctx->key, iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 	while (walk.nbytes > 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 		unsigned int nbytes = walk.nbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 		if (nbytes < walk.total)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 			nbytes = round_down(nbytes, walk.stride);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 		if (!static_branch_likely(&chacha_use_simd) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 		    !crypto_simd_usable()) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 			chacha_crypt_generic(state, walk.dst.virt.addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 					     walk.src.virt.addr, nbytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 					     ctx->nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 		} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 			kernel_fpu_begin();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 			chacha_dosimd(state, walk.dst.virt.addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 				      walk.src.virt.addr, nbytes,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 				      ctx->nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 			kernel_fpu_end();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 		err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 	return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) static int chacha_simd(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 	struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 	return chacha_simd_stream_xor(req, ctx, req->iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) static int xchacha_simd(struct skcipher_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 	struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 	u32 state[CHACHA_STATE_WORDS] __aligned(8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	struct chacha_ctx subctx;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 	u8 real_iv[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 	chacha_init_generic(state, ctx->key, req->iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 	if (req->cryptlen > CHACHA_BLOCK_SIZE && crypto_simd_usable()) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 		kernel_fpu_begin();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 		hchacha_block_ssse3(state, subctx.key, ctx->nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 		kernel_fpu_end();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 		hchacha_block_generic(state, subctx.key, ctx->nrounds);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 	subctx.nrounds = ctx->nrounds;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	memcpy(&real_iv[0], req->iv + 24, 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	memcpy(&real_iv[8], req->iv + 16, 8);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 	return chacha_simd_stream_xor(req, &subctx, real_iv);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) static struct skcipher_alg algs[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	{
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 		.base.cra_name		= "chacha20",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 		.base.cra_driver_name	= "chacha20-simd",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 		.base.cra_priority	= 300,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 		.base.cra_blocksize	= 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 		.base.cra_ctxsize	= sizeof(struct chacha_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 		.base.cra_module	= THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 		.min_keysize		= CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 		.max_keysize		= CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 		.ivsize			= CHACHA_IV_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 		.chunksize		= CHACHA_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 		.setkey			= chacha20_setkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 		.encrypt		= chacha_simd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 		.decrypt		= chacha_simd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 		.base.cra_name		= "xchacha20",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 		.base.cra_driver_name	= "xchacha20-simd",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 		.base.cra_priority	= 300,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 		.base.cra_blocksize	= 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 		.base.cra_ctxsize	= sizeof(struct chacha_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 		.base.cra_module	= THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 		.min_keysize		= CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 		.max_keysize		= CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 		.ivsize			= XCHACHA_IV_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 		.chunksize		= CHACHA_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 		.setkey			= chacha20_setkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 		.encrypt		= xchacha_simd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 		.decrypt		= xchacha_simd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 	}, {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 		.base.cra_name		= "xchacha12",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 		.base.cra_driver_name	= "xchacha12-simd",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 		.base.cra_priority	= 300,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 		.base.cra_blocksize	= 1,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 		.base.cra_ctxsize	= sizeof(struct chacha_ctx),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 		.base.cra_module	= THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 		.min_keysize		= CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 		.max_keysize		= CHACHA_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 		.ivsize			= XCHACHA_IV_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 		.chunksize		= CHACHA_BLOCK_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 		.setkey			= chacha12_setkey,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 		.encrypt		= xchacha_simd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 		.decrypt		= xchacha_simd,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 	},
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) static int __init chacha_simd_mod_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) 	if (!boot_cpu_has(X86_FEATURE_SSSE3))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) 	static_branch_enable(&chacha_use_simd);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) 	if (boot_cpu_has(X86_FEATURE_AVX) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) 	    boot_cpu_has(X86_FEATURE_AVX2) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) 	    cpu_has_xfeatures(XFEATURE_MASK_SSE | XFEATURE_MASK_YMM, NULL)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) 		static_branch_enable(&chacha_use_avx2);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) 		if (IS_ENABLED(CONFIG_AS_AVX512) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) 		    boot_cpu_has(X86_FEATURE_AVX512VL) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) 		    boot_cpu_has(X86_FEATURE_AVX512BW)) /* kmovq */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) 			static_branch_enable(&chacha_use_avx512vl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) 	return IS_REACHABLE(CONFIG_CRYPTO_SKCIPHER) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) 		crypto_register_skciphers(algs, ARRAY_SIZE(algs)) : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) static void __exit chacha_simd_mod_fini(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) 	if (IS_REACHABLE(CONFIG_CRYPTO_SKCIPHER) && boot_cpu_has(X86_FEATURE_SSSE3))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) 		crypto_unregister_skciphers(algs, ARRAY_SIZE(algs));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) module_init(chacha_simd_mod_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) module_exit(chacha_simd_mod_fini);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) MODULE_LICENSE("GPL");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (x64 SIMD accelerated)");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) MODULE_ALIAS_CRYPTO("chacha20");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) MODULE_ALIAS_CRYPTO("chacha20-simd");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) MODULE_ALIAS_CRYPTO("xchacha20");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) MODULE_ALIAS_CRYPTO("xchacha20-simd");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) MODULE_ALIAS_CRYPTO("xchacha12");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) MODULE_ALIAS_CRYPTO("xchacha12-simd");
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.