[mirror_ubuntu-artful-kernel.git] / arch / arm64 / crypto / sha2-ce-glue.c

/*
 * sha2-ce-glue.c - SHA-224/SHA-256 using ARMv8 Crypto Extensions
 *
 * Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <asm/neon.h>
#include <asm/unaligned.h>
#include <crypto/internal/hash.h>
#include <crypto/sha.h>
#include <linux/cpufeature.h>
#include <linux/crypto.h>
#include <linux/module.h>

MODULE_DESCRIPTION("SHA-224/SHA-256 secure hash using ARMv8 Crypto Extensions");
MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
MODULE_LICENSE("GPL v2");

asmlinkage int sha2_ce_transform(int blocks, u8 const *src, u32 *state,
				 u8 *head, long bytes);

static int sha224_init(struct shash_desc *desc)
{
	struct sha256_state *sctx = shash_desc_ctx(desc);

	*sctx = (struct sha256_state){
		.state = {
			SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
			SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
		}
	};
	return 0;
}

static int sha256_init(struct shash_desc *desc)
{
	struct sha256_state *sctx = shash_desc_ctx(desc);

	*sctx = (struct sha256_state){
		.state = {
			SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
			SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
		}
	};
	return 0;
}

static int sha2_update(struct shash_desc *desc, const u8 *data,
		       unsigned int len)
{
	struct sha256_state *sctx = shash_desc_ctx(desc);
	unsigned int partial = sctx->count % SHA256_BLOCK_SIZE;

	sctx->count += len;

	if ((partial + len) >= SHA256_BLOCK_SIZE) {
		int blocks;

		if (partial) {
			int p = SHA256_BLOCK_SIZE - partial;

			memcpy(sctx->buf + partial, data, p);
			data += p;
			len -= p;
		}

		blocks = len / SHA256_BLOCK_SIZE;
		len %= SHA256_BLOCK_SIZE;

		kernel_neon_begin_partial(28);
		sha2_ce_transform(blocks, data, sctx->state,
				  partial ? sctx->buf : NULL, 0);
		kernel_neon_end();

		data += blocks * SHA256_BLOCK_SIZE;
		partial = 0;
	}
	if (len)
		memcpy(sctx->buf + partial, data, len);
	return 0;
}

static void sha2_final(struct shash_desc *desc)
{
	static const u8 padding[SHA256_BLOCK_SIZE] = { 0x80, };

	struct sha256_state *sctx = shash_desc_ctx(desc);
	__be64 bits = cpu_to_be64(sctx->count << 3);
	u32 padlen = SHA256_BLOCK_SIZE
		     - ((sctx->count + sizeof(bits)) % SHA256_BLOCK_SIZE);

	sha2_update(desc, padding, padlen);
	sha2_update(desc, (const u8 *)&bits, sizeof(bits));
}

static int sha224_final(struct shash_desc *desc, u8 *out)
{
	struct sha256_state *sctx = shash_desc_ctx(desc);
	__be32 *dst = (__be32 *)out;
	int i;

	sha2_final(desc);

	for (i = 0; i < SHA224_DIGEST_SIZE / sizeof(__be32); i++)
		put_unaligned_be32(sctx->state[i], dst++);

	*sctx = (struct sha256_state){};
	return 0;
}

static int sha256_final(struct shash_desc *desc, u8 *out)
{
	struct sha256_state *sctx = shash_desc_ctx(desc);
	__be32 *dst = (__be32 *)out;
	int i;

	sha2_final(desc);

	for (i = 0; i < SHA256_DIGEST_SIZE / sizeof(__be32); i++)
		put_unaligned_be32(sctx->state[i], dst++);

	*sctx = (struct sha256_state){};
	return 0;
}

static void sha2_finup(struct shash_desc *desc, const u8 *data,
		       unsigned int len)
{
	struct sha256_state *sctx = shash_desc_ctx(desc);
	int blocks;

	if (sctx->count || !len || (len % SHA256_BLOCK_SIZE)) {
		sha2_update(desc, data, len);
		sha2_final(desc);
		return;
	}

	/*
	 * Use a fast path if the input is a multiple of 64 bytes. In
	 * this case, there is no need to copy data around, and we can
	 * perform the entire digest calculation in a single invocation
	 * of sha2_ce_transform()
	 */
	blocks = len / SHA256_BLOCK_SIZE;

	kernel_neon_begin_partial(28);
	sha2_ce_transform(blocks, data, sctx->state, NULL, len);
	kernel_neon_end();
}

static int sha224_finup(struct shash_desc *desc, const u8 *data,
			unsigned int len, u8 *out)
{
	struct sha256_state *sctx = shash_desc_ctx(desc);
	__be32 *dst = (__be32 *)out;
	int i;

	sha2_finup(desc, data, len);

	for (i = 0; i < SHA224_DIGEST_SIZE / sizeof(__be32); i++)
		put_unaligned_be32(sctx->state[i], dst++);

	*sctx = (struct sha256_state){};
	return 0;
}

static int sha256_finup(struct shash_desc *desc, const u8 *data,
			unsigned int len, u8 *out)
{
	struct sha256_state *sctx = shash_desc_ctx(desc);
	__be32 *dst = (__be32 *)out;
	int i;

	sha2_finup(desc, data, len);

	for (i = 0; i < SHA256_DIGEST_SIZE / sizeof(__be32); i++)
		put_unaligned_be32(sctx->state[i], dst++);

	*sctx = (struct sha256_state){};
	return 0;
}

static int sha2_export(struct shash_desc *desc, void *out)
{
	struct sha256_state *sctx = shash_desc_ctx(desc);
	struct sha256_state *dst = out;

	*dst = *sctx;
	return 0;
}

static int sha2_import(struct shash_desc *desc, const void *in)
{
	struct sha256_state *sctx = shash_desc_ctx(desc);
	struct sha256_state const *src = in;

	*sctx = *src;
	return 0;
}

static struct shash_alg algs[] = { {
	.init			= sha224_init,
	.update			= sha2_update,
	.final			= sha224_final,
	.finup			= sha224_finup,
	.export			= sha2_export,
	.import			= sha2_import,
	.descsize		= sizeof(struct sha256_state),
	.digestsize		= SHA224_DIGEST_SIZE,
	.statesize		= sizeof(struct sha256_state),
	.base			= {
		.cra_name		= "sha224",
		.cra_driver_name	= "sha224-ce",
		.cra_priority		= 200,
		.cra_flags		= CRYPTO_ALG_TYPE_SHASH,
		.cra_blocksize		= SHA256_BLOCK_SIZE,
		.cra_module		= THIS_MODULE,
	}
}, {
	.init			= sha256_init,
	.update			= sha2_update,
	.final			= sha256_final,
	.finup			= sha256_finup,
	.export			= sha2_export,
	.import			= sha2_import,
	.descsize		= sizeof(struct sha256_state),
	.digestsize		= SHA256_DIGEST_SIZE,
	.statesize		= sizeof(struct sha256_state),
	.base			= {
		.cra_name		= "sha256",
		.cra_driver_name	= "sha256-ce",
		.cra_priority		= 200,
		.cra_flags		= CRYPTO_ALG_TYPE_SHASH,
		.cra_blocksize		= SHA256_BLOCK_SIZE,
		.cra_module		= THIS_MODULE,
	}
} };

static int __init sha2_ce_mod_init(void)
{
	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
}

static void __exit sha2_ce_mod_fini(void)
{
	crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}

module_cpu_feature_match(SHA2, sha2_ce_mod_init);
module_exit(sha2_ce_mod_fini);
Commit	Line	Data
6ba6c74d AB	1	/*
	2	* sha2-ce-glue.c - SHA-224/SHA-256 using ARMv8 Crypto Extensions
	3	*
	4	* Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org>
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License version 2 as
	8	* published by the Free Software Foundation.
	9	*/
	10
	11	#include <asm/neon.h>
	12	#include <asm/unaligned.h>
	13	#include <crypto/internal/hash.h>
	14	#include <crypto/sha.h>
	15	#include <linux/cpufeature.h>
	16	#include <linux/crypto.h>
	17	#include <linux/module.h>
	18
	19	MODULE_DESCRIPTION("SHA-224/SHA-256 secure hash using ARMv8 Crypto Extensions");
	20	MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
	21	MODULE_LICENSE("GPL v2");
	22
	23	asmlinkage int sha2_ce_transform(int blocks, u8 const src, u32 state,
	24	u8 *head, long bytes);
	25
	26	static int sha224_init(struct shash_desc *desc)
	27	{
	28	struct sha256_state *sctx = shash_desc_ctx(desc);
	29
	30	*sctx = (struct sha256_state){
	31	.state = {
	32	SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
	33	SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
	34	}
	35	};
	36	return 0;
	37	}
	38
	39	static int sha256_init(struct shash_desc *desc)
	40	{
	41	struct sha256_state *sctx = shash_desc_ctx(desc);
	42
	43	*sctx = (struct sha256_state){
	44	.state = {
	45	SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
	46	SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
	47	}
	48	};
	49	return 0;
	50	}
	51
	52	static int sha2_update(struct shash_desc desc, const u8 data,
	53	unsigned int len)
	54	{
	55	struct sha256_state *sctx = shash_desc_ctx(desc);
	56	unsigned int partial = sctx->count % SHA256_BLOCK_SIZE;
	57
	58	sctx->count += len;
	59
	60	if ((partial + len) >= SHA256_BLOCK_SIZE) {
	61	int blocks;
	62
	63	if (partial) {
	64	int p = SHA256_BLOCK_SIZE - partial;
65
66	memcpy(sctx->buf + partial, data, p);
67	data += p;
68	len -= p;
69	}
70
71	blocks = len / SHA256_BLOCK_SIZE;
72	len %= SHA256_BLOCK_SIZE;
73
74	kernel_neon_begin_partial(28);
75	sha2_ce_transform(blocks, data, sctx->state,
76	partial ? sctx->buf : NULL, 0);
77	kernel_neon_end();
78
79	data += blocks * SHA256_BLOCK_SIZE;
80	partial = 0;
81	}
82	if (len)
83	memcpy(sctx->buf + partial, data, len);
84	return 0;
85	}
86
87	static void sha2_final(struct shash_desc *desc)
88	{
89	static const u8 padding[SHA256_BLOCK_SIZE] = { 0x80, };
90
91	struct sha256_state *sctx = shash_desc_ctx(desc);
92	__be64 bits = cpu_to_be64(sctx->count << 3);
93	u32 padlen = SHA256_BLOCK_SIZE
94	- ((sctx->count + sizeof(bits)) % SHA256_BLOCK_SIZE);
95
96	sha2_update(desc, padding, padlen);
97	sha2_update(desc, (const u8 *)&bits, sizeof(bits));
98	}
99
100	static int sha224_final(struct shash_desc desc, u8 out)
101	{
102	struct sha256_state *sctx = shash_desc_ctx(desc);
103	__be32 dst = (__be32 )out;
104	int i;
105
106	sha2_final(desc);
107
108	for (i = 0; i < SHA224_DIGEST_SIZE / sizeof(__be32); i++)
109	put_unaligned_be32(sctx->state[i], dst++);
110
111	*sctx = (struct sha256_state){};
112	return 0;
113	}
114
115	static int sha256_final(struct shash_desc desc, u8 out)
116	{
117	struct sha256_state *sctx = shash_desc_ctx(desc);
118	__be32 dst = (__be32 )out;
119	int i;
120
121	sha2_final(desc);
122
123	for (i = 0; i < SHA256_DIGEST_SIZE / sizeof(__be32); i++)
124	put_unaligned_be32(sctx->state[i], dst++);
125
126	*sctx = (struct sha256_state){};
127	return 0;
128	}
129
130	static void sha2_finup(struct shash_desc desc, const u8 data,
131	unsigned int len)
132	{
133	struct sha256_state *sctx = shash_desc_ctx(desc);
134	int blocks;
135
136	if (sctx->count \|\| !len \|\| (len % SHA256_BLOCK_SIZE)) {
137	sha2_update(desc, data, len);
138	sha2_final(desc);
139	return;
140	}
141
142	/*
143	* Use a fast path if the input is a multiple of 64 bytes. In
144	* this case, there is no need to copy data around, and we can
145	* perform the entire digest calculation in a single invocation
146	* of sha2_ce_transform()
147	*/
148	blocks = len / SHA256_BLOCK_SIZE;
149
150	kernel_neon_begin_partial(28);
151	sha2_ce_transform(blocks, data, sctx->state, NULL, len);
152	kernel_neon_end();
6ba6c74d AB	153	}
	154
	155	static int sha224_finup(struct shash_desc desc, const u8 data,
	156	unsigned int len, u8 *out)
	157	{
	158	struct sha256_state *sctx = shash_desc_ctx(desc);
	159	__be32 dst = (__be32 )out;
	160	int i;
	161
	162	sha2_finup(desc, data, len);
	163
	164	for (i = 0; i < SHA224_DIGEST_SIZE / sizeof(__be32); i++)
	165	put_unaligned_be32(sctx->state[i], dst++);
	166
	167	*sctx = (struct sha256_state){};
	168	return 0;
	169	}
	170
	171	static int sha256_finup(struct shash_desc desc, const u8 data,
	172	unsigned int len, u8 *out)
	173	{
	174	struct sha256_state *sctx = shash_desc_ctx(desc);
	175	__be32 dst = (__be32 )out;
	176	int i;
	177
	178	sha2_finup(desc, data, len);
	179
	180	for (i = 0; i < SHA256_DIGEST_SIZE / sizeof(__be32); i++)
	181	put_unaligned_be32(sctx->state[i], dst++);
	182
	183	*sctx = (struct sha256_state){};
	184	return 0;
	185	}
	186
	187	static int sha2_export(struct shash_desc desc, void out)
	188	{
	189	struct sha256_state *sctx = shash_desc_ctx(desc);
	190	struct sha256_state *dst = out;
	191
	192	dst = sctx;
	193	return 0;
	194	}
	195
	196	static int sha2_import(struct shash_desc desc, const void in)
	197	{
	198	struct sha256_state *sctx = shash_desc_ctx(desc);
	199	struct sha256_state const *src = in;
	200
	201	sctx = src;
	202	return 0;
	203	}
	204
	205	static struct shash_alg algs[] = { {
	206	.init = sha224_init,
	207	.update = sha2_update,
	208	.final = sha224_final,
	209	.finup = sha224_finup,
	210	.export = sha2_export,
	211	.import = sha2_import,
	212	.descsize = sizeof(struct sha256_state),
	213	.digestsize = SHA224_DIGEST_SIZE,
	214	.statesize = sizeof(struct sha256_state),
	215	.base = {
	216	.cra_name = "sha224",
217	.cra_driver_name = "sha224-ce",
218	.cra_priority = 200,
219	.cra_flags = CRYPTO_ALG_TYPE_SHASH,
220	.cra_blocksize = SHA256_BLOCK_SIZE,
221	.cra_module = THIS_MODULE,
222	}
223	}, {
224	.init = sha256_init,
225	.update = sha2_update,
226	.final = sha256_final,
227	.finup = sha256_finup,
228	.export = sha2_export,
229	.import = sha2_import,
230	.descsize = sizeof(struct sha256_state),
231	.digestsize = SHA256_DIGEST_SIZE,
232	.statesize = sizeof(struct sha256_state),
233	.base = {
234	.cra_name = "sha256",
235	.cra_driver_name = "sha256-ce",
236	.cra_priority = 200,
237	.cra_flags = CRYPTO_ALG_TYPE_SHASH,
238	.cra_blocksize = SHA256_BLOCK_SIZE,
239	.cra_module = THIS_MODULE,
240	}
241	} };
242
243	static int __init sha2_ce_mod_init(void)
244	{
245	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
246	}
247
248	static void __exit sha2_ce_mod_fini(void)
249	{
250	crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
251	}
252
253	module_cpu_feature_match(SHA2, sha2_ce_mod_init);
254	module_exit(sha2_ce_mod_fini);