linux/crypto/ghash-generic.c
<<
>>
Prefs
   1/*
   2 * GHASH: digest algorithm for GCM (Galois/Counter Mode).
   3 *
   4 * Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi>
   5 * Copyright (c) 2009 Intel Corp.
   6 *   Author: Huang Ying <ying.huang@intel.com>
   7 *
   8 * The algorithm implementation is copied from gcm.c.
   9 *
  10 * This program is free software; you can redistribute it and/or modify it
  11 * under the terms of the GNU General Public License version 2 as published
  12 * by the Free Software Foundation.
  13 */
  14
  15#include <crypto/algapi.h>
  16#include <crypto/gf128mul.h>
  17#include <crypto/ghash.h>
  18#include <crypto/internal/hash.h>
  19#include <linux/crypto.h>
  20#include <linux/init.h>
  21#include <linux/kernel.h>
  22#include <linux/module.h>
  23
  24static int ghash_init(struct shash_desc *desc)
  25{
  26        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
  27
  28        memset(dctx, 0, sizeof(*dctx));
  29
  30        return 0;
  31}
  32
  33static int ghash_setkey(struct crypto_shash *tfm,
  34                        const u8 *key, unsigned int keylen)
  35{
  36        struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
  37
  38        if (keylen != GHASH_BLOCK_SIZE) {
  39                crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
  40                return -EINVAL;
  41        }
  42
  43        if (ctx->gf128)
  44                gf128mul_free_4k(ctx->gf128);
  45        ctx->gf128 = gf128mul_init_4k_lle((be128 *)key);
  46        if (!ctx->gf128)
  47                return -ENOMEM;
  48
  49        return 0;
  50}
  51
  52static int ghash_update(struct shash_desc *desc,
  53                         const u8 *src, unsigned int srclen)
  54{
  55        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
  56        struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
  57        u8 *dst = dctx->buffer;
  58
  59        if (dctx->bytes) {
  60                int n = min(srclen, dctx->bytes);
  61                u8 *pos = dst + (GHASH_BLOCK_SIZE - dctx->bytes);
  62
  63                dctx->bytes -= n;
  64                srclen -= n;
  65
  66                while (n--)
  67                        *pos++ ^= *src++;
  68
  69                if (!dctx->bytes)
  70                        gf128mul_4k_lle((be128 *)dst, ctx->gf128);
  71        }
  72
  73        while (srclen >= GHASH_BLOCK_SIZE) {
  74                crypto_xor(dst, src, GHASH_BLOCK_SIZE);
  75                gf128mul_4k_lle((be128 *)dst, ctx->gf128);
  76                src += GHASH_BLOCK_SIZE;
  77                srclen -= GHASH_BLOCK_SIZE;
  78        }
  79
  80        if (srclen) {
  81                dctx->bytes = GHASH_BLOCK_SIZE - srclen;
  82                while (srclen--)
  83                        *dst++ ^= *src++;
  84        }
  85
  86        return 0;
  87}
  88
  89static void ghash_flush(struct ghash_ctx *ctx, struct ghash_desc_ctx *dctx)
  90{
  91        u8 *dst = dctx->buffer;
  92
  93        if (dctx->bytes) {
  94                u8 *tmp = dst + (GHASH_BLOCK_SIZE - dctx->bytes);
  95
  96                while (dctx->bytes--)
  97                        *tmp++ ^= 0;
  98
  99                gf128mul_4k_lle((be128 *)dst, ctx->gf128);
 100        }
 101
 102        dctx->bytes = 0;
 103}
 104
 105static int ghash_final(struct shash_desc *desc, u8 *dst)
 106{
 107        struct ghash_desc_ctx *dctx = shash_desc_ctx(desc);
 108        struct ghash_ctx *ctx = crypto_shash_ctx(desc->tfm);
 109        u8 *buf = dctx->buffer;
 110
 111        ghash_flush(ctx, dctx);
 112        memcpy(dst, buf, GHASH_BLOCK_SIZE);
 113
 114        return 0;
 115}
 116
 117static void ghash_exit_tfm(struct crypto_tfm *tfm)
 118{
 119        struct ghash_ctx *ctx = crypto_tfm_ctx(tfm);
 120        if (ctx->gf128)
 121                gf128mul_free_4k(ctx->gf128);
 122}
 123
 124static struct shash_alg ghash_alg = {
 125        .digestsize     = GHASH_DIGEST_SIZE,
 126        .init           = ghash_init,
 127        .update         = ghash_update,
 128        .final          = ghash_final,
 129        .setkey         = ghash_setkey,
 130        .descsize       = sizeof(struct ghash_desc_ctx),
 131        .base           = {
 132                .cra_name               = "ghash",
 133                .cra_driver_name        = "ghash-generic",
 134                .cra_priority           = 100,
 135                .cra_blocksize          = GHASH_BLOCK_SIZE,
 136                .cra_ctxsize            = sizeof(struct ghash_ctx),
 137                .cra_module             = THIS_MODULE,
 138                .cra_exit               = ghash_exit_tfm,
 139        },
 140};
 141
 142static int __init ghash_mod_init(void)
 143{
 144        return crypto_register_shash(&ghash_alg);
 145}
 146
 147static void __exit ghash_mod_exit(void)
 148{
 149        crypto_unregister_shash(&ghash_alg);
 150}
 151
 152module_init(ghash_mod_init);
 153module_exit(ghash_mod_exit);
 154
 155MODULE_LICENSE("GPL");
 156MODULE_DESCRIPTION("GHASH Message Digest Algorithm");
 157MODULE_ALIAS_CRYPTO("ghash");
 158MODULE_ALIAS_CRYPTO("ghash-generic");
 159