1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Accelerated GHASH implementation with Intel PCLMULQDQ-NI 4 * instructions. This file contains accelerated part of ghash 5 * implementation. More information about PCLMULQDQ can be found at: 6 * 7 * https://www.intel.com/content/dam/develop/external/us/en/documents/clmul-wp-rev-2-02-2014-04-20.pdf 8 * 9 * Copyright (c) 2009 Intel Corp. 10 * Author: Huang Ying <ying.huang@intel.com> 11 * Vinodh Gopal 12 * Erdinc Ozturk 13 * Deniz Karakoyunlu 14 */ 15 16#include <linux/linkage.h> 17#include <asm/frame.h> 18 19.section .rodata.cst16.bswap_mask, "aM", @progbits, 16 20.align 16 21.Lbswap_mask: 22 .octa 0x000102030405060708090a0b0c0d0e0f 23 24#define ACC %xmm0 25#define KEY %xmm1 26#define T1 %xmm2 27#define T2 %xmm3 28#define T3 %xmm4 29#define BSWAP %xmm5 30#define IN1 %xmm6 31 32.text 33 34/* 35 * __clmul_gf128mul_ble: internal ABI 36 * input: 37 * ACC: operand1 38 * KEY: operand2, hash_key << 1 mod poly 39 * output: 40 * ACC: operand1 * operand2 mod poly 41 * changed: 42 * T1 43 * T2 44 * T3 45 */ 46SYM_FUNC_START_LOCAL(__clmul_gf128mul_ble) 47 movaps ACC, T1 48 pshufd $0b01001110, ACC, T2 49 pshufd $0b01001110, KEY, T3 50 pxor ACC, T2 51 pxor KEY, T3 52 53 pclmulqdq $0x00, KEY, ACC # ACC = a0 * b0 54 pclmulqdq $0x11, KEY, T1 # T1 = a1 * b1 55 pclmulqdq $0x00, T3, T2 # T2 = (a1 + a0) * (b1 + b0) 56 pxor ACC, T2 57 pxor T1, T2 # T2 = a0 * b1 + a1 * b0 58 59 movaps T2, T3 60 pslldq $8, T3 61 psrldq $8, T2 62 pxor T3, ACC 63 pxor T2, T1 # <T1:ACC> is result of 64 # carry-less multiplication 65 66 # first phase of the reduction 67 movaps ACC, T3 68 psllq $1, T3 69 pxor ACC, T3 70 psllq $5, T3 71 pxor ACC, T3 72 psllq $57, T3 73 movaps T3, T2 74 pslldq $8, T2 75 psrldq $8, T3 76 pxor T2, ACC 77 pxor T3, T1 78 79 # second phase of the reduction 80 movaps ACC, T2 81 psrlq $5, T2 82 pxor ACC, T2 83 psrlq $1, T2 84 pxor ACC, T2 85 psrlq $1, T2 86 pxor T2, T1 87 pxor T1, ACC 88 RET 89SYM_FUNC_END(__clmul_gf128mul_ble) 90 91/* 92 * void polyval_mul_pclmul(struct polyval_elem *a, 93 * const struct polyval_elem *b) 94 */ 95SYM_FUNC_START(polyval_mul_pclmul) 96 FRAME_BEGIN 97 movups (%rdi), ACC 98 movups (%rsi), KEY 99 call __clmul_gf128mul_ble 100 movups ACC, (%rdi) 101 FRAME_END 102 RET 103SYM_FUNC_END(polyval_mul_pclmul) 104 105/* 106 * void ghash_blocks_pclmul(struct polyval_elem *acc, 107 * const struct polyval_elem *key, 108 * const u8 *data, size_t nblocks) 109 */ 110SYM_FUNC_START(ghash_blocks_pclmul) 111 FRAME_BEGIN 112 movaps .Lbswap_mask(%rip), BSWAP 113 movups (%rdi), ACC 114 movups (%rsi), KEY 115.align 4 116.Lnext_block: 117 movups (%rdx), IN1 118 pshufb BSWAP, IN1 119 pxor IN1, ACC 120 call __clmul_gf128mul_ble 121 add $16, %rdx 122 dec %rcx 123 jnz .Lnext_block 124 movups ACC, (%rdi) 125 FRAME_END 126 RET 127SYM_FUNC_END(ghash_blocks_pclmul) 128