crypto: aegis128 - add support for SIMD acceleration

Add some plumbing to allow the AEGIS128 code to be built with SIMD routines for acceleration. Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Ard Biesheuvel <ard.biesheuvel@linaro.org> 2019-08-11 18:59:10 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2019-08-15 07:52:15 -0400
commit: cf3d41adcc3595e7ccfbc9359a5daf39ee07aa8b (patch)
tree: 7d0bdbfd7c864dd1c22c3338f1cd85bc3892f1dc
parent: 8083b1bf8163e7ae7d8c90f221106d96450b8aa8 (diff)
2 files changed, 49 insertions, 4 deletions
diff --git a/crypto/Makefile b/crypto/Makefile
index cfcc954e59f9..92e985714ff6 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -90,6 +90,7 @@ obj-$(CONFIG_CRYPTO_GCM) += gcm.o
 obj-$(CONFIG_CRYPTO_CCM) += ccm.o
 obj-$(CONFIG_CRYPTO_CHACHA20POLY1305) += chacha20poly1305.o
 obj-$(CONFIG_CRYPTO_AEGIS128) += aegis128.o
+aegis128-y := aegis128-core.o
 obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o
 obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
 obj-$(CONFIG_CRYPTO_DES) += des_generic.o
diff --git a/crypto/aegis128.c b/crypto/aegis128-core.c
index 32840d5e7f65..fa69e99968e2 100644
--- a/crypto/aegis128.c
+++ b/crypto/aegis128-core.c
@@ -8,6 +8,7 @@
 #include <crypto/algapi.h>
 #include <crypto/internal/aead.h>
+#include <crypto/internal/simd.h>
 #include <crypto/internal/skcipher.h>
 #include <crypto/scatterwalk.h>
 #include <linux/err.h>
@@ -16,6 +17,8 @@
 #include <linux/module.h>
 #include <linux/scatterlist.h>
+#include <asm/simd.h>
 #include "aegis.h"
 #define AEGIS128_NONCE_SIZE 16
@@ -40,6 +43,24 @@ struct aegis128_ops {
                            const u8 *src, unsigned int size);
 };
+static bool have_simd;
+static bool aegis128_do_simd(void)
+{
+#ifdef CONFIG_CRYPTO_AEGIS128_SIMD
+        if (have_simd)
+                return crypto_simd_usable();
+#endif
+        return false;
+}
+bool crypto_aegis128_have_simd(void);
+void crypto_aegis128_update_simd(struct aegis_state *state, const void *msg);
+void crypto_aegis128_encrypt_chunk_simd(struct aegis_state *state, u8 *dst,
+                                        const u8 *src, unsigned int size);
+void crypto_aegis128_decrypt_chunk_simd(struct aegis_state *state, u8 *dst,
+                                        const u8 *src, unsigned int size);
 static void crypto_aegis128_update(struct aegis_state *state)
 {
        union aegis_block tmp;
@@ -55,12 +76,22 @@ static void crypto_aegis128_update(struct aegis_state *state)
 static void crypto_aegis128_update_a(struct aegis_state *state,
                                     const union aegis_block *msg)
 {
+        if (aegis128_do_simd()) {
+                crypto_aegis128_update_simd(state, msg);
+                return;
+        }
        crypto_aegis128_update(state);
        crypto_aegis_block_xor(&state->blocks[0], msg);
 }
 static void crypto_aegis128_update_u(struct aegis_state *state, const void *msg)
 {
+        if (aegis128_do_simd()) {
+                crypto_aegis128_update_simd(state, msg);
+                return;
+        }
        crypto_aegis128_update(state);
        crypto_xor(state->blocks[0].bytes, msg, AEGIS_BLOCK_SIZE);
 }
@@ -365,7 +396,7 @@ static void crypto_aegis128_crypt(struct aead_request *req,
 static int crypto_aegis128_encrypt(struct aead_request *req)
 {
-        static const struct aegis128_ops ops = {
+        const struct aegis128_ops *ops = &(struct aegis128_ops){
                .skcipher_walk_init = skcipher_walk_aead_encrypt,
                .crypt_chunk = crypto_aegis128_encrypt_chunk,
        };
@@ -375,7 +406,12 @@ static int crypto_aegis128_encrypt(struct aead_request *req)
        unsigned int authsize = crypto_aead_authsize(tfm);
        unsigned int cryptlen = req->cryptlen;
-        crypto_aegis128_crypt(req, &tag, cryptlen, &ops);
+        if (aegis128_do_simd())
+                ops = &(struct aegis128_ops){
+                        .skcipher_walk_init = skcipher_walk_aead_encrypt,
+                        .crypt_chunk = crypto_aegis128_encrypt_chunk_simd };
+        crypto_aegis128_crypt(req, &tag, cryptlen, ops);
        scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen,
                                 authsize, 1);
@@ -384,7 +420,7 @@ static int crypto_aegis128_encrypt(struct aead_request *req)
 static int crypto_aegis128_decrypt(struct aead_request *req)
 {
-        static const struct aegis128_ops ops = {
+        const struct aegis128_ops *ops = &(struct aegis128_ops){
                .skcipher_walk_init = skcipher_walk_aead_decrypt,
                .crypt_chunk = crypto_aegis128_decrypt_chunk,
        };
@@ -398,7 +434,12 @@ static int crypto_aegis128_decrypt(struct aead_request *req)
        scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen,
                                 authsize, 0);
-        crypto_aegis128_crypt(req, &tag, cryptlen, &ops);
+        if (aegis128_do_simd())
+                ops = &(struct aegis128_ops){
+                        .skcipher_walk_init = skcipher_walk_aead_decrypt,
+                        .crypt_chunk = crypto_aegis128_decrypt_chunk_simd };
+        crypto_aegis128_crypt(req, &tag, cryptlen, ops);
        return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
 }
@@ -429,6 +470,9 @@ static struct aead_alg crypto_aegis128_alg = {
 static int __init crypto_aegis128_module_init(void)
 {
+        if (IS_ENABLED(CONFIG_CRYPTO_AEGIS128_SIMD))
+                have_simd = crypto_aegis128_have_simd();
        return crypto_register_aead(&crypto_aegis128_alg);
 }
author	Ard Biesheuvel <ard.biesheuvel@linaro.org>	2019-08-11 18:59:10 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2019-08-15 07:52:15 -0400
commit	cf3d41adcc3595e7ccfbc9359a5daf39ee07aa8b (patch)
tree	7d0bdbfd7c864dd1c22c3338f1cd85bc3892f1dc
parent	8083b1bf8163e7ae7d8c90f221106d96450b8aa8 (diff)