Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 00fec2a10b
Branches Tags
linux_kernel
/
arch
/
arm64
/
crypto
/
sha2-ce-glue.c

sha2-ce-glue.c 6.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255 
  1. /*
    2. 

  2.  * sha2-ce-glue.c - SHA-224/SHA-256 using ARMv8 Crypto Extensions
    3. 

  3.  *
    4. 

  4.  * Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org>
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License version 2 as
    8. 

  8.  * published by the Free Software Foundation.
    9. 

  9.  */
    10. 

  10. 

  11. #include <asm/neon.h>
    12. 

  12. #include <asm/unaligned.h>
    13. 

  13. #include <crypto/internal/hash.h>
    14. 

  14. #include <crypto/sha.h>
    15. 

  15. #include <linux/cpufeature.h>
    16. 

  16. #include <linux/crypto.h>
    17. 

  17. #include <linux/module.h>
    18. 

  18. 

  19. MODULE_DESCRIPTION("SHA-224/SHA-256 secure hash using ARMv8 Crypto Extensions");
    20. 

  20. MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
    21. 

  21. MODULE_LICENSE("GPL v2");
    22. 

  22. 

  23. asmlinkage int sha2_ce_transform(int blocks, u8 const *src, u32 *state,
    24. 

  24. 				 u8 *head, long bytes);
    25. 

  25. 

  26. static int sha224_init(struct shash_desc *desc)
    27. 

  27. {
    28. 

  28. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    29. 

  29. 

  30. 	*sctx = (struct sha256_state){
    31. 

  31. 		.state = {
    32. 

  32. 			SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
    33. 

  33. 			SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
    34. 

  34. 		}
    35. 

  35. 	};
    36. 

  36. 	return 0;
    37. 

  37. }
    38. 

  38. 

  39. static int sha256_init(struct shash_desc *desc)
    40. 

  40. {
    41. 

  41. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    42. 

  42. 

  43. 	*sctx = (struct sha256_state){
    44. 

  44. 		.state = {
    45. 

  45. 			SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
    46. 

  46. 			SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
    47. 

  47. 		}
    48. 

  48. 	};
    49. 

  49. 	return 0;
    50. 

  50. }
    51. 

  51. 

  52. static int sha2_update(struct shash_desc *desc, const u8 *data,
    53. 

  53. 		       unsigned int len)
    54. 

  54. {
    55. 

  55. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    56. 

  56. 	unsigned int partial = sctx->count % SHA256_BLOCK_SIZE;
    57. 

  57. 

  58. 	sctx->count += len;
    59. 

  59. 

  60. 	if ((partial + len) >= SHA256_BLOCK_SIZE) {
    61. 

  61. 		int blocks;
    62. 

  62. 

  63. 		if (partial) {
    64. 

  64. 			int p = SHA256_BLOCK_SIZE - partial;
    65. 

  65. 

  66. 			memcpy(sctx->buf + partial, data, p);
    67. 

  67. 			data += p;
    68. 

  68. 			len -= p;
    69. 

  69. 		}
    70. 

  70. 

  71. 		blocks = len / SHA256_BLOCK_SIZE;
    72. 

  72. 		len %= SHA256_BLOCK_SIZE;
    73. 

  73. 

  74. 		kernel_neon_begin_partial(28);
    75. 

  75. 		sha2_ce_transform(blocks, data, sctx->state,
    76. 

  76. 				  partial ? sctx->buf : NULL, 0);
    77. 

  77. 		kernel_neon_end();
    78. 

  78. 

  79. 		data += blocks * SHA256_BLOCK_SIZE;
    80. 

  80. 		partial = 0;
    81. 

  81. 	}
    82. 

  82. 	if (len)
    83. 

  83. 		memcpy(sctx->buf + partial, data, len);
    84. 

  84. 	return 0;
    85. 

  85. }
    86. 

  86. 

  87. static void sha2_final(struct shash_desc *desc)
    88. 

  88. {
    89. 

  89. 	static const u8 padding[SHA256_BLOCK_SIZE] = { 0x80, };
    90. 

  90. 

  91. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    92. 

  92. 	__be64 bits = cpu_to_be64(sctx->count << 3);
    93. 

  93. 	u32 padlen = SHA256_BLOCK_SIZE
    94. 

  94. 		     - ((sctx->count + sizeof(bits)) % SHA256_BLOCK_SIZE);
    95. 

  95. 

  96. 	sha2_update(desc, padding, padlen);
    97. 

  97. 	sha2_update(desc, (const u8 *)&bits, sizeof(bits));
    98. 

  98. }
    99. 

  99. 

  100. static int sha224_final(struct shash_desc *desc, u8 *out)
    101. 

  101. {
    102. 

  102. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    103. 

  103. 	__be32 *dst = (__be32 *)out;
    104. 

  104. 	int i;
    105. 

  105. 

  106. 	sha2_final(desc);
    107. 

  107. 

  108. 	for (i = 0; i < SHA224_DIGEST_SIZE / sizeof(__be32); i++)
    109. 

  109. 		put_unaligned_be32(sctx->state[i], dst++);
    110. 

  110. 

  111. 	*sctx = (struct sha256_state){};
    112. 

  112. 	return 0;
    113. 

  113. }
    114. 

  114. 

  115. static int sha256_final(struct shash_desc *desc, u8 *out)
    116. 

  116. {
    117. 

  117. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    118. 

  118. 	__be32 *dst = (__be32 *)out;
    119. 

  119. 	int i;
    120. 

  120. 

  121. 	sha2_final(desc);
    122. 

  122. 

  123. 	for (i = 0; i < SHA256_DIGEST_SIZE / sizeof(__be32); i++)
    124. 

  124. 		put_unaligned_be32(sctx->state[i], dst++);
    125. 

  125. 

  126. 	*sctx = (struct sha256_state){};
    127. 

  127. 	return 0;
    128. 

  128. }
    129. 

  129. 

  130. static void sha2_finup(struct shash_desc *desc, const u8 *data,
    131. 

  131. 		       unsigned int len)
    132. 

  132. {
    133. 

  133. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    134. 

  134. 	int blocks;
    135. 

  135. 

  136. 	if (sctx->count || !len || (len % SHA256_BLOCK_SIZE)) {
    137. 

  137. 		sha2_update(desc, data, len);
    138. 

  138. 		sha2_final(desc);
    139. 

  139. 		return;
    140. 

  140. 	}
    141. 

  141. 

  142. 	/*
    143. 

  143. 	 * Use a fast path if the input is a multiple of 64 bytes. In
    144. 

  144. 	 * this case, there is no need to copy data around, and we can
    145. 

  145. 	 * perform the entire digest calculation in a single invocation
    146. 

  146. 	 * of sha2_ce_transform()
    147. 

  147. 	 */
    148. 

  148. 	blocks = len / SHA256_BLOCK_SIZE;
    149. 

  149. 

  150. 	kernel_neon_begin_partial(28);
    151. 

  151. 	sha2_ce_transform(blocks, data, sctx->state, NULL, len);
    152. 

  152. 	kernel_neon_end();
    153. 

  153. 	data += blocks * SHA256_BLOCK_SIZE;
    154. 

  154. }
    155. 

  155. 

  156. static int sha224_finup(struct shash_desc *desc, const u8 *data,
    157. 

  157. 			unsigned int len, u8 *out)
    158. 

  158. {
    159. 

  159. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    160. 

  160. 	__be32 *dst = (__be32 *)out;
    161. 

  161. 	int i;
    162. 

  162. 

  163. 	sha2_finup(desc, data, len);
    164. 

  164. 

  165. 	for (i = 0; i < SHA224_DIGEST_SIZE / sizeof(__be32); i++)
    166. 

  166. 		put_unaligned_be32(sctx->state[i], dst++);
    167. 

  167. 

  168. 	*sctx = (struct sha256_state){};
    169. 

  169. 	return 0;
    170. 

  170. }
    171. 

  171. 

  172. static int sha256_finup(struct shash_desc *desc, const u8 *data,
    173. 

  173. 			unsigned int len, u8 *out)
    174. 

  174. {
    175. 

  175. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    176. 

  176. 	__be32 *dst = (__be32 *)out;
    177. 

  177. 	int i;
    178. 

  178. 

  179. 	sha2_finup(desc, data, len);
    180. 

  180. 

  181. 	for (i = 0; i < SHA256_DIGEST_SIZE / sizeof(__be32); i++)
    182. 

  182. 		put_unaligned_be32(sctx->state[i], dst++);
    183. 

  183. 

  184. 	*sctx = (struct sha256_state){};
    185. 

  185. 	return 0;
    186. 

  186. }
    187. 

  187. 

  188. static int sha2_export(struct shash_desc *desc, void *out)
    189. 

  189. {
    190. 

  190. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    191. 

  191. 	struct sha256_state *dst = out;
    192. 

  192. 

  193. 	*dst = *sctx;
    194. 

  194. 	return 0;
    195. 

  195. }
    196. 

  196. 

  197. static int sha2_import(struct shash_desc *desc, const void *in)
    198. 

  198. {
    199. 

  199. 	struct sha256_state *sctx = shash_desc_ctx(desc);
    200. 

  200. 	struct sha256_state const *src = in;
    201. 

  201. 

  202. 	*sctx = *src;
    203. 

  203. 	return 0;
    204. 

  204. }
    205. 

  205. 

  206. static struct shash_alg algs[] = { {
    207. 

  207. 	.init			= sha224_init,
    208. 

  208. 	.update			= sha2_update,
    209. 

  209. 	.final			= sha224_final,
    210. 

  210. 	.finup			= sha224_finup,
    211. 

  211. 	.export			= sha2_export,
    212. 

  212. 	.import			= sha2_import,
    213. 

  213. 	.descsize		= sizeof(struct sha256_state),
    214. 

  214. 	.digestsize		= SHA224_DIGEST_SIZE,
    215. 

  215. 	.statesize		= sizeof(struct sha256_state),
    216. 

  216. 	.base			= {
    217. 

  217. 		.cra_name		= "sha224",
    218. 

  218. 		.cra_driver_name	= "sha224-ce",
    219. 

  219. 		.cra_priority		= 200,
    220. 

  220. 		.cra_flags		= CRYPTO_ALG_TYPE_SHASH,
    221. 

  221. 		.cra_blocksize		= SHA256_BLOCK_SIZE,
    222. 

  222. 		.cra_module		= THIS_MODULE,
    223. 

  223. 	}
    224. 

  224. }, {
    225. 

  225. 	.init			= sha256_init,
    226. 

  226. 	.update			= sha2_update,
    227. 

  227. 	.final			= sha256_final,
    228. 

  228. 	.finup			= sha256_finup,
    229. 

  229. 	.export			= sha2_export,
    230. 

  230. 	.import			= sha2_import,
    231. 

  231. 	.descsize		= sizeof(struct sha256_state),
    232. 

  232. 	.digestsize		= SHA256_DIGEST_SIZE,
    233. 

  233. 	.statesize		= sizeof(struct sha256_state),
    234. 

  234. 	.base			= {
    235. 

  235. 		.cra_name		= "sha256",
    236. 

  236. 		.cra_driver_name	= "sha256-ce",
    237. 

  237. 		.cra_priority		= 200,
    238. 

  238. 		.cra_flags		= CRYPTO_ALG_TYPE_SHASH,
    239. 

  239. 		.cra_blocksize		= SHA256_BLOCK_SIZE,
    240. 

  240. 		.cra_module		= THIS_MODULE,
    241. 

  241. 	}
    242. 

  242. } };
    243. 

  243. 

  244. static int __init sha2_ce_mod_init(void)
    245. 

  245. {
    246. 

  246. 	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
    247. 

  247. }
    248. 

  248. 

  249. static void __exit sha2_ce_mod_fini(void)
    250. 

  250. {
    251. 

  251. 	crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
    252. 

  252. }
    253. 

  253. 

  254. module_cpu_feature_match(SHA2, sha2_ce_mod_init);
    255. 

  255. module_exit(sha2_ce_mod_fini);
    256.