LXR linux/arch/mips/cavium-octeon/crypto/octeon-sha256.c

   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 * Cryptographic API.
   4 *
   5 * SHA-224 and SHA-256 Secure Hash Algorithm.
   6 *
   7 * Adapted for OCTEON by Aaro Koskinen <aaro.koskinen@iki.fi>.
   8 *
   9 * Based on crypto/sha256_generic.c, which is:
  10 *
  11 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
  12 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
  13 * Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
  14 * SHA224 Support Copyright 2007 Intel Corporation <jonathan.lynch@intel.com>
  15 */
  16
  17#include <linux/mm.h>
  18#include <crypto/sha2.h>
  19#include <linux/init.h>
  20#include <linux/types.h>
  21#include <linux/module.h>
  22#include <asm/byteorder.h>
  23#include <asm/octeon/octeon.h>
  24#include <crypto/internal/hash.h>
  25
  26#include "octeon-crypto.h"
  27
  28/*
  29 * We pass everything as 64-bit. OCTEON can handle misaligned data.
  30 */
  31
  32static void octeon_sha256_store_hash(struct sha256_state *sctx)
  33{
  34        u64 *hash = (u64 *)sctx->state;
  35
  36        write_octeon_64bit_hash_dword(hash[0], 0);
  37        write_octeon_64bit_hash_dword(hash[1], 1);
  38        write_octeon_64bit_hash_dword(hash[2], 2);
  39        write_octeon_64bit_hash_dword(hash[3], 3);
  40}
  41
  42static void octeon_sha256_read_hash(struct sha256_state *sctx)
  43{
  44        u64 *hash = (u64 *)sctx->state;
  45
  46        hash[0] = read_octeon_64bit_hash_dword(0);
  47        hash[1] = read_octeon_64bit_hash_dword(1);
  48        hash[2] = read_octeon_64bit_hash_dword(2);
  49        hash[3] = read_octeon_64bit_hash_dword(3);
  50}
  51
  52static void octeon_sha256_transform(const void *_block)
  53{
  54        const u64 *block = _block;
  55
  56        write_octeon_64bit_block_dword(block[0], 0);
  57        write_octeon_64bit_block_dword(block[1], 1);
  58        write_octeon_64bit_block_dword(block[2], 2);
  59        write_octeon_64bit_block_dword(block[3], 3);
  60        write_octeon_64bit_block_dword(block[4], 4);
  61        write_octeon_64bit_block_dword(block[5], 5);
  62        write_octeon_64bit_block_dword(block[6], 6);
  63        octeon_sha256_start(block[7]);
  64}
  65
  66static int octeon_sha224_init(struct shash_desc *desc)
  67{
  68        struct sha256_state *sctx = shash_desc_ctx(desc);
  69
  70        sctx->state[0] = SHA224_H0;
  71        sctx->state[1] = SHA224_H1;
  72        sctx->state[2] = SHA224_H2;
  73        sctx->state[3] = SHA224_H3;
  74        sctx->state[4] = SHA224_H4;
  75        sctx->state[5] = SHA224_H5;
  76        sctx->state[6] = SHA224_H6;
  77        sctx->state[7] = SHA224_H7;
  78        sctx->count = 0;
  79
  80        return 0;
  81}
  82
  83static int octeon_sha256_init(struct shash_desc *desc)
  84{
  85        struct sha256_state *sctx = shash_desc_ctx(desc);
  86
  87        sctx->state[0] = SHA256_H0;
  88        sctx->state[1] = SHA256_H1;
  89        sctx->state[2] = SHA256_H2;
  90        sctx->state[3] = SHA256_H3;
  91        sctx->state[4] = SHA256_H4;
  92        sctx->state[5] = SHA256_H5;
  93        sctx->state[6] = SHA256_H6;
  94        sctx->state[7] = SHA256_H7;
  95        sctx->count = 0;
  96
  97        return 0;
  98}
  99
 100static void __octeon_sha256_update(struct sha256_state *sctx, const u8 *data,
 101                                   unsigned int len)
 102{
 103        unsigned int partial;
 104        unsigned int done;
 105        const u8 *src;
 106
 107        partial = sctx->count % SHA256_BLOCK_SIZE;
 108        sctx->count += len;
 109        done = 0;
 110        src = data;
 111
 112        if ((partial + len) >= SHA256_BLOCK_SIZE) {
 113                if (partial) {
 114                        done = -partial;
 115                        memcpy(sctx->buf + partial, data,
 116                               done + SHA256_BLOCK_SIZE);
 117                        src = sctx->buf;
 118                }
 119
 120                do {
 121                        octeon_sha256_transform(src);
 122                        done += SHA256_BLOCK_SIZE;
 123                        src = data + done;
 124                } while (done + SHA256_BLOCK_SIZE <= len);
 125
 126                partial = 0;
 127        }
 128        memcpy(sctx->buf + partial, src, len - done);
 129}
 130
 131static int octeon_sha256_update(struct shash_desc *desc, const u8 *data,
 132                                unsigned int len)
 133{
 134        struct sha256_state *sctx = shash_desc_ctx(desc);
 135        struct octeon_cop2_state state;
 136        unsigned long flags;
 137
 138        /*
 139         * Small updates never reach the crypto engine, so the generic sha256 is
 140         * faster because of the heavyweight octeon_crypto_enable() /
 141         * octeon_crypto_disable().
 142         */
 143        if ((sctx->count % SHA256_BLOCK_SIZE) + len < SHA256_BLOCK_SIZE)
 144                return crypto_sha256_update(desc, data, len);
 145
 146        flags = octeon_crypto_enable(&state);
 147        octeon_sha256_store_hash(sctx);
 148
 149        __octeon_sha256_update(sctx, data, len);
 150
 151        octeon_sha256_read_hash(sctx);
 152        octeon_crypto_disable(&state, flags);
 153
 154        return 0;
 155}
 156
 157static int octeon_sha256_final(struct shash_desc *desc, u8 *out)
 158{
 159        struct sha256_state *sctx = shash_desc_ctx(desc);
 160        static const u8 padding[64] = { 0x80, };
 161        struct octeon_cop2_state state;
 162        __be32 *dst = (__be32 *)out;
 163        unsigned int pad_len;
 164        unsigned long flags;
 165        unsigned int index;
 166        __be64 bits;
 167        int i;
 168
 169        /* Save number of bits. */
 170        bits = cpu_to_be64(sctx->count << 3);
 171
 172        /* Pad out to 56 mod 64. */
 173        index = sctx->count & 0x3f;
 174        pad_len = (index < 56) ? (56 - index) : ((64+56) - index);
 175
 176        flags = octeon_crypto_enable(&state);
 177        octeon_sha256_store_hash(sctx);
 178
 179        __octeon_sha256_update(sctx, padding, pad_len);
 180
 181        /* Append length (before padding). */
 182        __octeon_sha256_update(sctx, (const u8 *)&bits, sizeof(bits));
 183
 184        octeon_sha256_read_hash(sctx);
 185        octeon_crypto_disable(&state, flags);
 186
 187        /* Store state in digest */
 188        for (i = 0; i < 8; i++)
 189                dst[i] = cpu_to_be32(sctx->state[i]);
 190
 191        /* Zeroize sensitive information. */
 192        memset(sctx, 0, sizeof(*sctx));
 193
 194        return 0;
 195}
 196
 197static int octeon_sha224_final(struct shash_desc *desc, u8 *hash)
 198{
 199        u8 D[SHA256_DIGEST_SIZE];
 200
 201        octeon_sha256_final(desc, D);
 202
 203        memcpy(hash, D, SHA224_DIGEST_SIZE);
 204        memzero_explicit(D, SHA256_DIGEST_SIZE);
 205
 206        return 0;
 207}
 208
 209static int octeon_sha256_export(struct shash_desc *desc, void *out)
 210{
 211        struct sha256_state *sctx = shash_desc_ctx(desc);
 212
 213        memcpy(out, sctx, sizeof(*sctx));
 214        return 0;
 215}
 216
 217static int octeon_sha256_import(struct shash_desc *desc, const void *in)
 218{
 219        struct sha256_state *sctx = shash_desc_ctx(desc);
 220
 221        memcpy(sctx, in, sizeof(*sctx));
 222        return 0;
 223}
 224
 225static struct shash_alg octeon_sha256_algs[2] = { {
 226        .digestsize     =       SHA256_DIGEST_SIZE,
 227        .init           =       octeon_sha256_init,
 228        .update         =       octeon_sha256_update,
 229        .final          =       octeon_sha256_final,
 230        .export         =       octeon_sha256_export,
 231        .import         =       octeon_sha256_import,
 232        .descsize       =       sizeof(struct sha256_state),
 233        .statesize      =       sizeof(struct sha256_state),
 234        .base           =       {
 235                .cra_name       =       "sha256",
 236                .cra_driver_name=       "octeon-sha256",
 237                .cra_priority   =       OCTEON_CR_OPCODE_PRIORITY,
 238                .cra_blocksize  =       SHA256_BLOCK_SIZE,
 239                .cra_module     =       THIS_MODULE,
 240        }
 241}, {
 242        .digestsize     =       SHA224_DIGEST_SIZE,
 243        .init           =       octeon_sha224_init,
 244        .update         =       octeon_sha256_update,
 245        .final          =       octeon_sha224_final,
 246        .descsize       =       sizeof(struct sha256_state),
 247        .base           =       {
 248                .cra_name       =       "sha224",
 249                .cra_driver_name=       "octeon-sha224",
 250                .cra_blocksize  =       SHA224_BLOCK_SIZE,
 251                .cra_module     =       THIS_MODULE,
 252        }
 253} };
 254
 255static int __init octeon_sha256_mod_init(void)
 256{
 257        if (!octeon_has_crypto())
 258                return -ENOTSUPP;
 259        return crypto_register_shashes(octeon_sha256_algs,
 260                                       ARRAY_SIZE(octeon_sha256_algs));
 261}
 262
 263static void __exit octeon_sha256_mod_fini(void)
 264{
 265        crypto_unregister_shashes(octeon_sha256_algs,
 266                                  ARRAY_SIZE(octeon_sha256_algs));
 267}
 268
 269module_init(octeon_sha256_mod_init);
 270module_exit(octeon_sha256_mod_fini);
 271
 272MODULE_LICENSE("GPL");
 273MODULE_DESCRIPTION("SHA-224 and SHA-256 Secure Hash Algorithm (OCTEON)");
 274MODULE_AUTHOR("Aaro Koskinen <aaro.koskinen@iki.fi>");
 275