xref: /linux/lib/crypto/arm64/chacha.h (revision d8768fb12a14c30436bd0466b4fc28edeef45078) 
1*13cecc52SEric Biggers /*
2*13cecc52SEric Biggers  * ChaCha and HChaCha functions (ARM64 optimized)
3*13cecc52SEric Biggers  *
4*13cecc52SEric Biggers  * Copyright (C) 2016 - 2017 Linaro, Ltd. <ard.biesheuvel@linaro.org>
5*13cecc52SEric Biggers  *
6*13cecc52SEric Biggers  * This program is free software; you can redistribute it and/or modify
7*13cecc52SEric Biggers  * it under the terms of the GNU General Public License version 2 as
8*13cecc52SEric Biggers  * published by the Free Software Foundation.
9*13cecc52SEric Biggers  *
10*13cecc52SEric Biggers  * Based on:
11*13cecc52SEric Biggers  * ChaCha20 256-bit cipher algorithm, RFC7539, SIMD glue code
12*13cecc52SEric Biggers  *
13*13cecc52SEric Biggers  * Copyright (C) 2015 Martin Willi
14*13cecc52SEric Biggers  *
15*13cecc52SEric Biggers  * This program is free software; you can redistribute it and/or modify
16*13cecc52SEric Biggers  * it under the terms of the GNU General Public License as published by
17*13cecc52SEric Biggers  * the Free Software Foundation; either version 2 of the License, or
18*13cecc52SEric Biggers  * (at your option) any later version.
19*13cecc52SEric Biggers  */
20*13cecc52SEric Biggers 
21*13cecc52SEric Biggers #include <crypto/internal/simd.h>
22*13cecc52SEric Biggers #include <linux/jump_label.h>
23*13cecc52SEric Biggers #include <linux/kernel.h>
24*13cecc52SEric Biggers 
25*13cecc52SEric Biggers #include <asm/hwcap.h>
26*13cecc52SEric Biggers #include <asm/neon.h>
27*13cecc52SEric Biggers #include <asm/simd.h>
28*13cecc52SEric Biggers 
29*13cecc52SEric Biggers asmlinkage void chacha_block_xor_neon(const struct chacha_state *state,
30*13cecc52SEric Biggers 				      u8 *dst, const u8 *src, int nrounds);
31*13cecc52SEric Biggers asmlinkage void chacha_4block_xor_neon(const struct chacha_state *state,
32*13cecc52SEric Biggers 				       u8 *dst, const u8 *src,
33*13cecc52SEric Biggers 				       int nrounds, int bytes);
34*13cecc52SEric Biggers asmlinkage void hchacha_block_neon(const struct chacha_state *state,
35*13cecc52SEric Biggers 				   u32 out[HCHACHA_OUT_WORDS], int nrounds);
36*13cecc52SEric Biggers 
37*13cecc52SEric Biggers static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_neon);
38*13cecc52SEric Biggers 
chacha_doneon(struct chacha_state * state,u8 * dst,const u8 * src,int bytes,int nrounds)39*13cecc52SEric Biggers static void chacha_doneon(struct chacha_state *state, u8 *dst, const u8 *src,
40*13cecc52SEric Biggers 			  int bytes, int nrounds)
41*13cecc52SEric Biggers {
42*13cecc52SEric Biggers 	while (bytes > 0) {
43*13cecc52SEric Biggers 		int l = min(bytes, CHACHA_BLOCK_SIZE * 5);
44*13cecc52SEric Biggers 
45*13cecc52SEric Biggers 		if (l <= CHACHA_BLOCK_SIZE) {
46*13cecc52SEric Biggers 			u8 buf[CHACHA_BLOCK_SIZE];
47*13cecc52SEric Biggers 
48*13cecc52SEric Biggers 			memcpy(buf, src, l);
49*13cecc52SEric Biggers 			chacha_block_xor_neon(state, buf, buf, nrounds);
50*13cecc52SEric Biggers 			memcpy(dst, buf, l);
51*13cecc52SEric Biggers 			state->x[12] += 1;
52*13cecc52SEric Biggers 			break;
53*13cecc52SEric Biggers 		}
54*13cecc52SEric Biggers 		chacha_4block_xor_neon(state, dst, src, nrounds, l);
55*13cecc52SEric Biggers 		bytes -= l;
56*13cecc52SEric Biggers 		src += l;
57*13cecc52SEric Biggers 		dst += l;
58*13cecc52SEric Biggers 		state->x[12] += DIV_ROUND_UP(l, CHACHA_BLOCK_SIZE);
59*13cecc52SEric Biggers 	}
60*13cecc52SEric Biggers }
61*13cecc52SEric Biggers 
hchacha_block_arch(const struct chacha_state * state,u32 out[HCHACHA_OUT_WORDS],int nrounds)62*13cecc52SEric Biggers static void hchacha_block_arch(const struct chacha_state *state,
63*13cecc52SEric Biggers 			       u32 out[HCHACHA_OUT_WORDS], int nrounds)
64*13cecc52SEric Biggers {
65*13cecc52SEric Biggers 	if (!static_branch_likely(&have_neon) || !crypto_simd_usable()) {
66*13cecc52SEric Biggers 		hchacha_block_generic(state, out, nrounds);
67*13cecc52SEric Biggers 	} else {
68*13cecc52SEric Biggers 		kernel_neon_begin();
69*13cecc52SEric Biggers 		hchacha_block_neon(state, out, nrounds);
70*13cecc52SEric Biggers 		kernel_neon_end();
71*13cecc52SEric Biggers 	}
72*13cecc52SEric Biggers }
73*13cecc52SEric Biggers 
chacha_crypt_arch(struct chacha_state * state,u8 * dst,const u8 * src,unsigned int bytes,int nrounds)74*13cecc52SEric Biggers static void chacha_crypt_arch(struct chacha_state *state, u8 *dst,
75*13cecc52SEric Biggers 			      const u8 *src, unsigned int bytes, int nrounds)
76*13cecc52SEric Biggers {
77*13cecc52SEric Biggers 	if (!static_branch_likely(&have_neon) || bytes <= CHACHA_BLOCK_SIZE ||
78*13cecc52SEric Biggers 	    !crypto_simd_usable())
79*13cecc52SEric Biggers 		return chacha_crypt_generic(state, dst, src, bytes, nrounds);
80*13cecc52SEric Biggers 
81*13cecc52SEric Biggers 	do {
82*13cecc52SEric Biggers 		unsigned int todo = min_t(unsigned int, bytes, SZ_4K);
83*13cecc52SEric Biggers 
84*13cecc52SEric Biggers 		kernel_neon_begin();
85*13cecc52SEric Biggers 		chacha_doneon(state, dst, src, todo, nrounds);
86*13cecc52SEric Biggers 		kernel_neon_end();
87*13cecc52SEric Biggers 
88*13cecc52SEric Biggers 		bytes -= todo;
89*13cecc52SEric Biggers 		src += todo;
90*13cecc52SEric Biggers 		dst += todo;
91*13cecc52SEric Biggers 	} while (bytes);
92*13cecc52SEric Biggers }
93*13cecc52SEric Biggers 
94*13cecc52SEric Biggers #define chacha_mod_init_arch chacha_mod_init_arch
chacha_mod_init_arch(void)95*13cecc52SEric Biggers static void chacha_mod_init_arch(void)
96*13cecc52SEric Biggers {
97*13cecc52SEric Biggers 	if (cpu_have_named_feature(ASIMD))
98*13cecc52SEric Biggers 		static_branch_enable(&have_neon);
99*13cecc52SEric Biggers }
100