1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
/* SPDX-License-Identifier: GPL-2.0 */
/*
* GHASH routines supporting VMX instructions on the Power 8
*
* Copyright (C) 2015, 2019 International Business Machines Inc.
* Copyright (C) 2014 - 2018 Linaro Ltd.
* Copyright 2026 Google LLC
*/
#include <asm/simd.h>
#include <asm/switch_to.h>
#include <linux/cpufeature.h>
#include <linux/jump_label.h>
#include <linux/preempt.h>
#include <linux/uaccess.h>
static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_vec_crypto);
void gcm_init_p8(u64 htable[4][2], const u8 h[16]);
void gcm_gmult_p8(u8 Xi[16], const u64 htable[4][2]);
void gcm_ghash_p8(u8 Xi[16], const u64 htable[4][2], const u8 *in, size_t len);
#define ghash_preparekey_arch ghash_preparekey_arch
static void ghash_preparekey_arch(struct ghash_key *key,
const u8 raw_key[GHASH_BLOCK_SIZE])
{
ghash_key_to_polyval(raw_key, &key->h);
if (static_branch_likely(&have_vec_crypto) && likely(may_use_simd())) {
preempt_disable();
pagefault_disable();
enable_kernel_vsx();
gcm_init_p8(key->htable, raw_key);
disable_kernel_vsx();
pagefault_enable();
preempt_enable();
} else {
/* This reproduces gcm_init_p8() on both LE and BE systems. */
key->htable[0][0] = 0;
key->htable[0][1] = 0xc200000000000000;
key->htable[1][0] = 0;
key->htable[1][1] = le64_to_cpu(key->h.lo);
key->htable[2][0] = le64_to_cpu(key->h.lo);
key->htable[2][1] = le64_to_cpu(key->h.hi);
key->htable[3][0] = le64_to_cpu(key->h.hi);
key->htable[3][1] = 0;
}
}
#define ghash_mul_arch ghash_mul_arch
static void ghash_mul_arch(struct polyval_elem *acc,
const struct ghash_key *key)
{
if (static_branch_likely(&have_vec_crypto) && likely(may_use_simd())) {
u8 ghash_acc[GHASH_BLOCK_SIZE];
polyval_acc_to_ghash(acc, ghash_acc);
preempt_disable();
pagefault_disable();
enable_kernel_vsx();
gcm_gmult_p8(ghash_acc, key->htable);
disable_kernel_vsx();
pagefault_enable();
preempt_enable();
ghash_acc_to_polyval(ghash_acc, acc);
memzero_explicit(ghash_acc, sizeof(ghash_acc));
} else {
polyval_mul_generic(acc, &key->h);
}
}
#define ghash_blocks_arch ghash_blocks_arch
static void ghash_blocks_arch(struct polyval_elem *acc,
const struct ghash_key *key,
const u8 *data, size_t nblocks)
{
if (static_branch_likely(&have_vec_crypto) && likely(may_use_simd())) {
u8 ghash_acc[GHASH_BLOCK_SIZE];
polyval_acc_to_ghash(acc, ghash_acc);
preempt_disable();
pagefault_disable();
enable_kernel_vsx();
gcm_ghash_p8(ghash_acc, key->htable, data,
nblocks * GHASH_BLOCK_SIZE);
disable_kernel_vsx();
pagefault_enable();
preempt_enable();
ghash_acc_to_polyval(ghash_acc, acc);
memzero_explicit(ghash_acc, sizeof(ghash_acc));
} else {
ghash_blocks_generic(acc, &key->h, data, nblocks);
}
}
#define gf128hash_mod_init_arch gf128hash_mod_init_arch
static void gf128hash_mod_init_arch(void)
{
if (cpu_has_feature(CPU_FTR_ARCH_207S) &&
(cur_cpu_spec->cpu_user_features2 & PPC_FEATURE2_VEC_CRYPTO))
static_branch_enable(&have_vec_crypto);
}
|
