1 /*
2 * sha2-ce-glue.c - SHA-224/SHA-256 using ARMv8 Crypto Extensions
3 *
4 * Copyright (C) 2014 - 2017 Linaro Ltd <ard.biesheuvel@linaro.org>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11 #include <asm/neon.h>
12 #include <asm/simd.h>
13 #include <asm/unaligned.h>
14 #include <crypto/internal/hash.h>
15 #include <crypto/sha.h>
16 #include <crypto/sha256_base.h>
17 #include <linux/cpufeature.h>
18 #include <linux/crypto.h>
19 #include <linux/module.h>
20
21 MODULE_DESCRIPTION("SHA-224/SHA-256 secure hash using ARMv8 Crypto Extensions");
22 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
23 MODULE_LICENSE("GPL v2");
24
25 struct sha256_ce_state {
26 struct sha256_state sst;
27 u32 finalize;
28 };
29
30 asmlinkage void sha2_ce_transform(struct sha256_ce_state *sst, u8 const *src,
31 int blocks);
32 #ifdef CONFIG_CFI_CLANG
__cfi_sha2_ce_transform(struct sha256_state * sst,u8 const * src,int blocks)33 static inline void __cfi_sha2_ce_transform(struct sha256_state *sst,
34 u8 const *src, int blocks)
35 {
36 sha2_ce_transform((struct sha256_ce_state *)sst, src, blocks);
37 }
38 #define sha2_ce_transform __cfi_sha2_ce_transform
39 #endif
40
41 const u32 sha256_ce_offsetof_count = offsetof(struct sha256_ce_state,
42 sst.count);
43 const u32 sha256_ce_offsetof_finalize = offsetof(struct sha256_ce_state,
44 finalize);
45
46 asmlinkage void sha256_block_data_order(u32 *digest, u8 const *src, int blocks);
47
sha256_ce_update(struct shash_desc * desc,const u8 * data,unsigned int len)48 static int sha256_ce_update(struct shash_desc *desc, const u8 *data,
49 unsigned int len)
50 {
51 struct sha256_ce_state *sctx = shash_desc_ctx(desc);
52
53 if (!may_use_simd())
54 return sha256_base_do_update(desc, data, len,
55 (sha256_block_fn *)sha256_block_data_order);
56
57 sctx->finalize = 0;
58 kernel_neon_begin();
59 sha256_base_do_update(desc, data, len,
60 (sha256_block_fn *)sha2_ce_transform);
61 kernel_neon_end();
62
63 return 0;
64 }
65
sha256_ce_finup(struct shash_desc * desc,const u8 * data,unsigned int len,u8 * out)66 static int sha256_ce_finup(struct shash_desc *desc, const u8 *data,
67 unsigned int len, u8 *out)
68 {
69 struct sha256_ce_state *sctx = shash_desc_ctx(desc);
70 bool finalize = !sctx->sst.count && !(len % SHA256_BLOCK_SIZE) && len;
71
72 if (!may_use_simd()) {
73 if (len)
74 sha256_base_do_update(desc, data, len,
75 (sha256_block_fn *)sha256_block_data_order);
76 sha256_base_do_finalize(desc,
77 (sha256_block_fn *)sha256_block_data_order);
78 return sha256_base_finish(desc, out);
79 }
80
81 /*
82 * Allow the asm code to perform the finalization if there is no
83 * partial data and the input is a round multiple of the block size.
84 */
85 sctx->finalize = finalize;
86
87 kernel_neon_begin();
88 sha256_base_do_update(desc, data, len,
89 (sha256_block_fn *)sha2_ce_transform);
90 if (!finalize)
91 sha256_base_do_finalize(desc,
92 (sha256_block_fn *)sha2_ce_transform);
93 kernel_neon_end();
94 return sha256_base_finish(desc, out);
95 }
96
sha256_ce_final(struct shash_desc * desc,u8 * out)97 static int sha256_ce_final(struct shash_desc *desc, u8 *out)
98 {
99 struct sha256_ce_state *sctx = shash_desc_ctx(desc);
100
101 if (!may_use_simd()) {
102 sha256_base_do_finalize(desc,
103 (sha256_block_fn *)sha256_block_data_order);
104 return sha256_base_finish(desc, out);
105 }
106
107 sctx->finalize = 0;
108 kernel_neon_begin();
109 sha256_base_do_finalize(desc, (sha256_block_fn *)sha2_ce_transform);
110 kernel_neon_end();
111 return sha256_base_finish(desc, out);
112 }
113
114 static struct shash_alg algs[] = { {
115 .init = sha224_base_init,
116 .update = sha256_ce_update,
117 .final = sha256_ce_final,
118 .finup = sha256_ce_finup,
119 .descsize = sizeof(struct sha256_ce_state),
120 .digestsize = SHA224_DIGEST_SIZE,
121 .base = {
122 .cra_name = "sha224",
123 .cra_driver_name = "sha224-ce",
124 .cra_priority = 200,
125 .cra_flags = CRYPTO_ALG_TYPE_SHASH,
126 .cra_blocksize = SHA256_BLOCK_SIZE,
127 .cra_module = THIS_MODULE,
128 }
129 }, {
130 .init = sha256_base_init,
131 .update = sha256_ce_update,
132 .final = sha256_ce_final,
133 .finup = sha256_ce_finup,
134 .descsize = sizeof(struct sha256_ce_state),
135 .digestsize = SHA256_DIGEST_SIZE,
136 .base = {
137 .cra_name = "sha256",
138 .cra_driver_name = "sha256-ce",
139 .cra_priority = 200,
140 .cra_flags = CRYPTO_ALG_TYPE_SHASH,
141 .cra_blocksize = SHA256_BLOCK_SIZE,
142 .cra_module = THIS_MODULE,
143 }
144 } };
145
sha2_ce_mod_init(void)146 static int __init sha2_ce_mod_init(void)
147 {
148 return crypto_register_shashes(algs, ARRAY_SIZE(algs));
149 }
150
sha2_ce_mod_fini(void)151 static void __exit sha2_ce_mod_fini(void)
152 {
153 crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
154 }
155
156 module_cpu_feature_match(SHA2, sha2_ce_mod_init);
157 module_exit(sha2_ce_mod_fini);
158