/* SPDX-License-Identifier: GPL-2.0 */
/*
 * GHASH routines supporting VMX instructions on the Power 8
 *
 * Copyright (C) 2015, 2019 International Business Machines Inc.
 * Copyright (C) 2014 - 2018 Linaro Ltd.
 * Copyright 2026 Google LLC
 */

#include <asm/simd.h>
#include <asm/switch_to.h>
#include <linux/cpufeature.h>
#include <linux/jump_label.h>
#include <linux/preempt.h>
#include <linux/uaccess.h>

static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_vec_crypto);

void gcm_init_p8(u64 htable[4][2], const u8 h[16]);
void gcm_gmult_p8(u8 Xi[16], const u64 htable[4][2]);
void gcm_ghash_p8(u8 Xi[16], const u64 htable[4][2], const u8 *in, size_t len);

#define ghash_preparekey_arch ghash_preparekey_arch
static void ghash_preparekey_arch(struct ghash_key *key,
				  const u8 raw_key[GHASH_BLOCK_SIZE])
{
	ghash_key_to_polyval(raw_key, &key->h);

	if (static_branch_likely(&have_vec_crypto) && likely(may_use_simd())) {
		preempt_disable();
		pagefault_disable();
		enable_kernel_vsx();
		gcm_init_p8(key->htable, raw_key);
		disable_kernel_vsx();
		pagefault_enable();
		preempt_enable();
	} else {
		/* This reproduces gcm_init_p8() on both LE and BE systems. */
		key->htable[0][0] = 0;
		key->htable[0][1] = 0xc200000000000000;

		key->htable[1][0] = 0;
		key->htable[1][1] = le64_to_cpu(key->h.lo);

		key->htable[2][0] = le64_to_cpu(key->h.lo);
		key->htable[2][1] = le64_to_cpu(key->h.hi);

		key->htable[3][0] = le64_to_cpu(key->h.hi);
		key->htable[3][1] = 0;
	}
}

#define ghash_mul_arch ghash_mul_arch
static void ghash_mul_arch(struct polyval_elem *acc,
			   const struct ghash_key *key)
{
	if (static_branch_likely(&have_vec_crypto) && likely(may_use_simd())) {
		u8 ghash_acc[GHASH_BLOCK_SIZE];

		polyval_acc_to_ghash(acc, ghash_acc);

		preempt_disable();
		pagefault_disable();
		enable_kernel_vsx();
		gcm_gmult_p8(ghash_acc, key->htable);
		disable_kernel_vsx();
		pagefault_enable();
		preempt_enable();

		ghash_acc_to_polyval(ghash_acc, acc);
		memzero_explicit(ghash_acc, sizeof(ghash_acc));
	} else {
		polyval_mul_generic(acc, &key->h);
	}
}

#define ghash_blocks_arch ghash_blocks_arch
static void ghash_blocks_arch(struct polyval_elem *acc,
			      const struct ghash_key *key,
			      const u8 *data, size_t nblocks)
{
	if (static_branch_likely(&have_vec_crypto) && likely(may_use_simd())) {
		u8 ghash_acc[GHASH_BLOCK_SIZE];

		polyval_acc_to_ghash(acc, ghash_acc);

		preempt_disable();
		pagefault_disable();
		enable_kernel_vsx();
		gcm_ghash_p8(ghash_acc, key->htable, data,
			     nblocks * GHASH_BLOCK_SIZE);
		disable_kernel_vsx();
		pagefault_enable();
		preempt_enable();

		ghash_acc_to_polyval(ghash_acc, acc);
		memzero_explicit(ghash_acc, sizeof(ghash_acc));
	} else {
		ghash_blocks_generic(acc, &key->h, data, nblocks);
	}
}

#define gf128hash_mod_init_arch gf128hash_mod_init_arch
static void gf128hash_mod_init_arch(void)
{
	if (cpu_has_feature(CPU_FTR_ARCH_207S) &&
	    (cur_cpu_spec->cpu_user_features2 & PPC_FEATURE2_VEC_CRYPTO))
		static_branch_enable(&have_vec_crypto);
}