1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Cryptographic API.
4 *
5 * SHA-512 and SHA-384 Secure Hash Algorithm.
6 *
7 * Adapted for OCTEON by Aaro Koskinen <aaro.koskinen@iki.fi>.
8 *
9 * Based on crypto/sha512_generic.c, which is:
10 *
11 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
12 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
13 * Copyright (c) 2003 Kyle McMartin <kyle@debian.org>
14 */
15
16 #include <linux/mm.h>
17 #include <crypto/sha2.h>
18 #include <crypto/sha512_base.h>
19 #include <linux/init.h>
20 #include <linux/types.h>
21 #include <linux/module.h>
22 #include <asm/byteorder.h>
23 #include <asm/octeon/octeon.h>
24 #include <crypto/internal/hash.h>
25
26 #include "octeon-crypto.h"
27
28 /*
29 * We pass everything as 64-bit. OCTEON can handle misaligned data.
30 */
31
octeon_sha512_store_hash(struct sha512_state * sctx)32 static void octeon_sha512_store_hash(struct sha512_state *sctx)
33 {
34 write_octeon_64bit_hash_sha512(sctx->state[0], 0);
35 write_octeon_64bit_hash_sha512(sctx->state[1], 1);
36 write_octeon_64bit_hash_sha512(sctx->state[2], 2);
37 write_octeon_64bit_hash_sha512(sctx->state[3], 3);
38 write_octeon_64bit_hash_sha512(sctx->state[4], 4);
39 write_octeon_64bit_hash_sha512(sctx->state[5], 5);
40 write_octeon_64bit_hash_sha512(sctx->state[6], 6);
41 write_octeon_64bit_hash_sha512(sctx->state[7], 7);
42 }
43
octeon_sha512_read_hash(struct sha512_state * sctx)44 static void octeon_sha512_read_hash(struct sha512_state *sctx)
45 {
46 sctx->state[0] = read_octeon_64bit_hash_sha512(0);
47 sctx->state[1] = read_octeon_64bit_hash_sha512(1);
48 sctx->state[2] = read_octeon_64bit_hash_sha512(2);
49 sctx->state[3] = read_octeon_64bit_hash_sha512(3);
50 sctx->state[4] = read_octeon_64bit_hash_sha512(4);
51 sctx->state[5] = read_octeon_64bit_hash_sha512(5);
52 sctx->state[6] = read_octeon_64bit_hash_sha512(6);
53 sctx->state[7] = read_octeon_64bit_hash_sha512(7);
54 }
55
octeon_sha512_transform(const void * _block)56 static void octeon_sha512_transform(const void *_block)
57 {
58 const u64 *block = _block;
59
60 write_octeon_64bit_block_sha512(block[0], 0);
61 write_octeon_64bit_block_sha512(block[1], 1);
62 write_octeon_64bit_block_sha512(block[2], 2);
63 write_octeon_64bit_block_sha512(block[3], 3);
64 write_octeon_64bit_block_sha512(block[4], 4);
65 write_octeon_64bit_block_sha512(block[5], 5);
66 write_octeon_64bit_block_sha512(block[6], 6);
67 write_octeon_64bit_block_sha512(block[7], 7);
68 write_octeon_64bit_block_sha512(block[8], 8);
69 write_octeon_64bit_block_sha512(block[9], 9);
70 write_octeon_64bit_block_sha512(block[10], 10);
71 write_octeon_64bit_block_sha512(block[11], 11);
72 write_octeon_64bit_block_sha512(block[12], 12);
73 write_octeon_64bit_block_sha512(block[13], 13);
74 write_octeon_64bit_block_sha512(block[14], 14);
75 octeon_sha512_start(block[15]);
76 }
77
__octeon_sha512_update(struct sha512_state * sctx,const u8 * data,unsigned int len)78 static void __octeon_sha512_update(struct sha512_state *sctx, const u8 *data,
79 unsigned int len)
80 {
81 unsigned int part_len;
82 unsigned int index;
83 unsigned int i;
84
85 /* Compute number of bytes mod 128. */
86 index = sctx->count[0] % SHA512_BLOCK_SIZE;
87
88 /* Update number of bytes. */
89 if ((sctx->count[0] += len) < len)
90 sctx->count[1]++;
91
92 part_len = SHA512_BLOCK_SIZE - index;
93
94 /* Transform as many times as possible. */
95 if (len >= part_len) {
96 memcpy(&sctx->buf[index], data, part_len);
97 octeon_sha512_transform(sctx->buf);
98
99 for (i = part_len; i + SHA512_BLOCK_SIZE <= len;
100 i += SHA512_BLOCK_SIZE)
101 octeon_sha512_transform(&data[i]);
102
103 index = 0;
104 } else {
105 i = 0;
106 }
107
108 /* Buffer remaining input. */
109 memcpy(&sctx->buf[index], &data[i], len - i);
110 }
111
octeon_sha512_update(struct shash_desc * desc,const u8 * data,unsigned int len)112 static int octeon_sha512_update(struct shash_desc *desc, const u8 *data,
113 unsigned int len)
114 {
115 struct sha512_state *sctx = shash_desc_ctx(desc);
116 struct octeon_cop2_state state;
117 unsigned long flags;
118
119 /*
120 * Small updates never reach the crypto engine, so the generic sha512 is
121 * faster because of the heavyweight octeon_crypto_enable() /
122 * octeon_crypto_disable().
123 */
124 if ((sctx->count[0] % SHA512_BLOCK_SIZE) + len < SHA512_BLOCK_SIZE)
125 return crypto_sha512_update(desc, data, len);
126
127 flags = octeon_crypto_enable(&state);
128 octeon_sha512_store_hash(sctx);
129
130 __octeon_sha512_update(sctx, data, len);
131
132 octeon_sha512_read_hash(sctx);
133 octeon_crypto_disable(&state, flags);
134
135 return 0;
136 }
137
octeon_sha512_final(struct shash_desc * desc,u8 * hash)138 static int octeon_sha512_final(struct shash_desc *desc, u8 *hash)
139 {
140 struct sha512_state *sctx = shash_desc_ctx(desc);
141 static u8 padding[128] = { 0x80, };
142 struct octeon_cop2_state state;
143 __be64 *dst = (__be64 *)hash;
144 unsigned int pad_len;
145 unsigned long flags;
146 unsigned int index;
147 __be64 bits[2];
148 int i;
149
150 /* Save number of bits. */
151 bits[1] = cpu_to_be64(sctx->count[0] << 3);
152 bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61);
153
154 /* Pad out to 112 mod 128. */
155 index = sctx->count[0] & 0x7f;
156 pad_len = (index < 112) ? (112 - index) : ((128+112) - index);
157
158 flags = octeon_crypto_enable(&state);
159 octeon_sha512_store_hash(sctx);
160
161 __octeon_sha512_update(sctx, padding, pad_len);
162
163 /* Append length (before padding). */
164 __octeon_sha512_update(sctx, (const u8 *)bits, sizeof(bits));
165
166 octeon_sha512_read_hash(sctx);
167 octeon_crypto_disable(&state, flags);
168
169 /* Store state in digest. */
170 for (i = 0; i < 8; i++)
171 dst[i] = cpu_to_be64(sctx->state[i]);
172
173 /* Zeroize sensitive information. */
174 memset(sctx, 0, sizeof(struct sha512_state));
175
176 return 0;
177 }
178
octeon_sha384_final(struct shash_desc * desc,u8 * hash)179 static int octeon_sha384_final(struct shash_desc *desc, u8 *hash)
180 {
181 u8 D[64];
182
183 octeon_sha512_final(desc, D);
184
185 memcpy(hash, D, 48);
186 memzero_explicit(D, 64);
187
188 return 0;
189 }
190
191 static struct shash_alg octeon_sha512_algs[2] = { {
192 .digestsize = SHA512_DIGEST_SIZE,
193 .init = sha512_base_init,
194 .update = octeon_sha512_update,
195 .final = octeon_sha512_final,
196 .descsize = sizeof(struct sha512_state),
197 .base = {
198 .cra_name = "sha512",
199 .cra_driver_name= "octeon-sha512",
200 .cra_priority = OCTEON_CR_OPCODE_PRIORITY,
201 .cra_blocksize = SHA512_BLOCK_SIZE,
202 .cra_module = THIS_MODULE,
203 }
204 }, {
205 .digestsize = SHA384_DIGEST_SIZE,
206 .init = sha384_base_init,
207 .update = octeon_sha512_update,
208 .final = octeon_sha384_final,
209 .descsize = sizeof(struct sha512_state),
210 .base = {
211 .cra_name = "sha384",
212 .cra_driver_name= "octeon-sha384",
213 .cra_priority = OCTEON_CR_OPCODE_PRIORITY,
214 .cra_blocksize = SHA384_BLOCK_SIZE,
215 .cra_module = THIS_MODULE,
216 }
217 } };
218
octeon_sha512_mod_init(void)219 static int __init octeon_sha512_mod_init(void)
220 {
221 if (!octeon_has_crypto())
222 return -ENOTSUPP;
223 return crypto_register_shashes(octeon_sha512_algs,
224 ARRAY_SIZE(octeon_sha512_algs));
225 }
226
octeon_sha512_mod_fini(void)227 static void __exit octeon_sha512_mod_fini(void)
228 {
229 crypto_unregister_shashes(octeon_sha512_algs,
230 ARRAY_SIZE(octeon_sha512_algs));
231 }
232
233 module_init(octeon_sha512_mod_init);
234 module_exit(octeon_sha512_mod_fini);
235
236 MODULE_LICENSE("GPL");
237 MODULE_DESCRIPTION("SHA-512 and SHA-384 Secure Hash Algorithms (OCTEON)");
238 MODULE_AUTHOR("Aaro Koskinen <aaro.koskinen@iki.fi>");
239