xref: /linux/arch/arm64/crypto/sha2-ce-glue.c (revision 3932b9ca55b0be314a36d3e84faff3e823c081f5) 
1 /*
2  * sha2-ce-glue.c - SHA-224/SHA-256 using ARMv8 Crypto Extensions
3  *
4  * Copyright (C) 2014 Linaro Ltd <ard.biesheuvel@linaro.org>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation.
9  */
10 
11 #include <asm/neon.h>
12 #include <asm/unaligned.h>
13 #include <crypto/internal/hash.h>
14 #include <crypto/sha.h>
15 #include <linux/cpufeature.h>
16 #include <linux/crypto.h>
17 #include <linux/module.h>
18 
19 MODULE_DESCRIPTION("SHA-224/SHA-256 secure hash using ARMv8 Crypto Extensions");
20 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
21 MODULE_LICENSE("GPL v2");
22 
23 asmlinkage int sha2_ce_transform(int blocks, u8 const *src, u32 *state,
24 				 u8 *head, long bytes);
25 
26 static int sha224_init(struct shash_desc *desc)
27 {
28 	struct sha256_state *sctx = shash_desc_ctx(desc);
29 
30 	*sctx = (struct sha256_state){
31 		.state = {
32 			SHA224_H0, SHA224_H1, SHA224_H2, SHA224_H3,
33 			SHA224_H4, SHA224_H5, SHA224_H6, SHA224_H7,
34 		}
35 	};
36 	return 0;
37 }
38 
39 static int sha256_init(struct shash_desc *desc)
40 {
41 	struct sha256_state *sctx = shash_desc_ctx(desc);
42 
43 	*sctx = (struct sha256_state){
44 		.state = {
45 			SHA256_H0, SHA256_H1, SHA256_H2, SHA256_H3,
46 			SHA256_H4, SHA256_H5, SHA256_H6, SHA256_H7,
47 		}
48 	};
49 	return 0;
50 }
51 
52 static int sha2_update(struct shash_desc *desc, const u8 *data,
53 		       unsigned int len)
54 {
55 	struct sha256_state *sctx = shash_desc_ctx(desc);
56 	unsigned int partial = sctx->count % SHA256_BLOCK_SIZE;
57 
58 	sctx->count += len;
59 
60 	if ((partial + len) >= SHA256_BLOCK_SIZE) {
61 		int blocks;
62 
63 		if (partial) {
64 			int p = SHA256_BLOCK_SIZE - partial;
65 
66 			memcpy(sctx->buf + partial, data, p);
67 			data += p;
68 			len -= p;
69 		}
70 
71 		blocks = len / SHA256_BLOCK_SIZE;
72 		len %= SHA256_BLOCK_SIZE;
73 
74 		kernel_neon_begin_partial(28);
75 		sha2_ce_transform(blocks, data, sctx->state,
76 				  partial ? sctx->buf : NULL, 0);
77 		kernel_neon_end();
78 
79 		data += blocks * SHA256_BLOCK_SIZE;
80 		partial = 0;
81 	}
82 	if (len)
83 		memcpy(sctx->buf + partial, data, len);
84 	return 0;
85 }
86 
87 static void sha2_final(struct shash_desc *desc)
88 {
89 	static const u8 padding[SHA256_BLOCK_SIZE] = { 0x80, };
90 
91 	struct sha256_state *sctx = shash_desc_ctx(desc);
92 	__be64 bits = cpu_to_be64(sctx->count << 3);
93 	u32 padlen = SHA256_BLOCK_SIZE
94 		     - ((sctx->count + sizeof(bits)) % SHA256_BLOCK_SIZE);
95 
96 	sha2_update(desc, padding, padlen);
97 	sha2_update(desc, (const u8 *)&bits, sizeof(bits));
98 }
99 
100 static int sha224_final(struct shash_desc *desc, u8 *out)
101 {
102 	struct sha256_state *sctx = shash_desc_ctx(desc);
103 	__be32 *dst = (__be32 *)out;
104 	int i;
105 
106 	sha2_final(desc);
107 
108 	for (i = 0; i < SHA224_DIGEST_SIZE / sizeof(__be32); i++)
109 		put_unaligned_be32(sctx->state[i], dst++);
110 
111 	*sctx = (struct sha256_state){};
112 	return 0;
113 }
114 
115 static int sha256_final(struct shash_desc *desc, u8 *out)
116 {
117 	struct sha256_state *sctx = shash_desc_ctx(desc);
118 	__be32 *dst = (__be32 *)out;
119 	int i;
120 
121 	sha2_final(desc);
122 
123 	for (i = 0; i < SHA256_DIGEST_SIZE / sizeof(__be32); i++)
124 		put_unaligned_be32(sctx->state[i], dst++);
125 
126 	*sctx = (struct sha256_state){};
127 	return 0;
128 }
129 
130 static void sha2_finup(struct shash_desc *desc, const u8 *data,
131 		       unsigned int len)
132 {
133 	struct sha256_state *sctx = shash_desc_ctx(desc);
134 	int blocks;
135 
136 	if (sctx->count || !len || (len % SHA256_BLOCK_SIZE)) {
137 		sha2_update(desc, data, len);
138 		sha2_final(desc);
139 		return;
140 	}
141 
142 	/*
143 	 * Use a fast path if the input is a multiple of 64 bytes. In
144 	 * this case, there is no need to copy data around, and we can
145 	 * perform the entire digest calculation in a single invocation
146 	 * of sha2_ce_transform()
147 	 */
148 	blocks = len / SHA256_BLOCK_SIZE;
149 
150 	kernel_neon_begin_partial(28);
151 	sha2_ce_transform(blocks, data, sctx->state, NULL, len);
152 	kernel_neon_end();
153 }
154 
155 static int sha224_finup(struct shash_desc *desc, const u8 *data,
156 			unsigned int len, u8 *out)
157 {
158 	struct sha256_state *sctx = shash_desc_ctx(desc);
159 	__be32 *dst = (__be32 *)out;
160 	int i;
161 
162 	sha2_finup(desc, data, len);
163 
164 	for (i = 0; i < SHA224_DIGEST_SIZE / sizeof(__be32); i++)
165 		put_unaligned_be32(sctx->state[i], dst++);
166 
167 	*sctx = (struct sha256_state){};
168 	return 0;
169 }
170 
171 static int sha256_finup(struct shash_desc *desc, const u8 *data,
172 			unsigned int len, u8 *out)
173 {
174 	struct sha256_state *sctx = shash_desc_ctx(desc);
175 	__be32 *dst = (__be32 *)out;
176 	int i;
177 
178 	sha2_finup(desc, data, len);
179 
180 	for (i = 0; i < SHA256_DIGEST_SIZE / sizeof(__be32); i++)
181 		put_unaligned_be32(sctx->state[i], dst++);
182 
183 	*sctx = (struct sha256_state){};
184 	return 0;
185 }
186 
187 static int sha2_export(struct shash_desc *desc, void *out)
188 {
189 	struct sha256_state *sctx = shash_desc_ctx(desc);
190 	struct sha256_state *dst = out;
191 
192 	*dst = *sctx;
193 	return 0;
194 }
195 
196 static int sha2_import(struct shash_desc *desc, const void *in)
197 {
198 	struct sha256_state *sctx = shash_desc_ctx(desc);
199 	struct sha256_state const *src = in;
200 
201 	*sctx = *src;
202 	return 0;
203 }
204 
205 static struct shash_alg algs[] = { {
206 	.init			= sha224_init,
207 	.update			= sha2_update,
208 	.final			= sha224_final,
209 	.finup			= sha224_finup,
210 	.export			= sha2_export,
211 	.import			= sha2_import,
212 	.descsize		= sizeof(struct sha256_state),
213 	.digestsize		= SHA224_DIGEST_SIZE,
214 	.statesize		= sizeof(struct sha256_state),
215 	.base			= {
216 		.cra_name		= "sha224",
217 		.cra_driver_name	= "sha224-ce",
218 		.cra_priority		= 200,
219 		.cra_flags		= CRYPTO_ALG_TYPE_SHASH,
220 		.cra_blocksize		= SHA256_BLOCK_SIZE,
221 		.cra_module		= THIS_MODULE,
222 	}
223 }, {
224 	.init			= sha256_init,
225 	.update			= sha2_update,
226 	.final			= sha256_final,
227 	.finup			= sha256_finup,
228 	.export			= sha2_export,
229 	.import			= sha2_import,
230 	.descsize		= sizeof(struct sha256_state),
231 	.digestsize		= SHA256_DIGEST_SIZE,
232 	.statesize		= sizeof(struct sha256_state),
233 	.base			= {
234 		.cra_name		= "sha256",
235 		.cra_driver_name	= "sha256-ce",
236 		.cra_priority		= 200,
237 		.cra_flags		= CRYPTO_ALG_TYPE_SHASH,
238 		.cra_blocksize		= SHA256_BLOCK_SIZE,
239 		.cra_module		= THIS_MODULE,
240 	}
241 } };
242 
243 static int __init sha2_ce_mod_init(void)
244 {
245 	return crypto_register_shashes(algs, ARRAY_SIZE(algs));
246 }
247 
248 static void __exit sha2_ce_mod_fini(void)
249 {
250 	crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
251 }
252 
253 module_cpu_feature_match(SHA2, sha2_ce_mod_init);
254 module_exit(sha2_ce_mod_fini);
255