1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Cryptographic API. 4 * 5 * SHA-512 and SHA-384 Secure Hash Algorithm. 6 * 7 * Adapted for OCTEON by Aaro Koskinen <aaro.koskinen@iki.fi>. 8 * 9 * Based on crypto/sha512_generic.c, which is: 10 * 11 * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com> 12 * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk> 13 * Copyright (c) 2003 Kyle McMartin <kyle@debian.org> 14 */ 15 16#include <linux/mm.h> 17#include <crypto/sha.h> 18#include <linux/init.h> 19#include <linux/types.h> 20#include <linux/module.h> 21#include <asm/byteorder.h> 22#include <asm/octeon/octeon.h> 23#include <crypto/internal/hash.h> 24 25#include "octeon-crypto.h" 26 27/* 28 * We pass everything as 64-bit. OCTEON can handle misaligned data. 29 */ 30 31static void octeon_sha512_store_hash(struct sha512_state *sctx) 32{ 33 write_octeon_64bit_hash_sha512(sctx->state[0], 0); 34 write_octeon_64bit_hash_sha512(sctx->state[1], 1); 35 write_octeon_64bit_hash_sha512(sctx->state[2], 2); 36 write_octeon_64bit_hash_sha512(sctx->state[3], 3); 37 write_octeon_64bit_hash_sha512(sctx->state[4], 4); 38 write_octeon_64bit_hash_sha512(sctx->state[5], 5); 39 write_octeon_64bit_hash_sha512(sctx->state[6], 6); 40 write_octeon_64bit_hash_sha512(sctx->state[7], 7); 41} 42 43static void octeon_sha512_read_hash(struct sha512_state *sctx) 44{ 45 sctx->state[0] = read_octeon_64bit_hash_sha512(0); 46 sctx->state[1] = read_octeon_64bit_hash_sha512(1); 47 sctx->state[2] = read_octeon_64bit_hash_sha512(2); 48 sctx->state[3] = read_octeon_64bit_hash_sha512(3); 49 sctx->state[4] = read_octeon_64bit_hash_sha512(4); 50 sctx->state[5] = read_octeon_64bit_hash_sha512(5); 51 sctx->state[6] = read_octeon_64bit_hash_sha512(6); 52 sctx->state[7] = read_octeon_64bit_hash_sha512(7); 53} 54 55static void octeon_sha512_transform(const void *_block) 56{ 57 const u64 *block = _block; 58 59 write_octeon_64bit_block_sha512(block[0], 0); 60 write_octeon_64bit_block_sha512(block[1], 1); 61 write_octeon_64bit_block_sha512(block[2], 2); 62 write_octeon_64bit_block_sha512(block[3], 3); 63 write_octeon_64bit_block_sha512(block[4], 4); 64 write_octeon_64bit_block_sha512(block[5], 5); 65 write_octeon_64bit_block_sha512(block[6], 6); 66 write_octeon_64bit_block_sha512(block[7], 7); 67 write_octeon_64bit_block_sha512(block[8], 8); 68 write_octeon_64bit_block_sha512(block[9], 9); 69 write_octeon_64bit_block_sha512(block[10], 10); 70 write_octeon_64bit_block_sha512(block[11], 11); 71 write_octeon_64bit_block_sha512(block[12], 12); 72 write_octeon_64bit_block_sha512(block[13], 13); 73 write_octeon_64bit_block_sha512(block[14], 14); 74 octeon_sha512_start(block[15]); 75} 76 77static int octeon_sha512_init(struct shash_desc *desc) 78{ 79 struct sha512_state *sctx = shash_desc_ctx(desc); 80 81 sctx->state[0] = SHA512_H0; 82 sctx->state[1] = SHA512_H1; 83 sctx->state[2] = SHA512_H2; 84 sctx->state[3] = SHA512_H3; 85 sctx->state[4] = SHA512_H4; 86 sctx->state[5] = SHA512_H5; 87 sctx->state[6] = SHA512_H6; 88 sctx->state[7] = SHA512_H7; 89 sctx->count[0] = sctx->count[1] = 0; 90 91 return 0; 92} 93 94static int octeon_sha384_init(struct shash_desc *desc) 95{ 96 struct sha512_state *sctx = shash_desc_ctx(desc); 97 98 sctx->state[0] = SHA384_H0; 99 sctx->state[1] = SHA384_H1; 100 sctx->state[2] = SHA384_H2; 101 sctx->state[3] = SHA384_H3; 102 sctx->state[4] = SHA384_H4; 103 sctx->state[5] = SHA384_H5; 104 sctx->state[6] = SHA384_H6; 105 sctx->state[7] = SHA384_H7; 106 sctx->count[0] = sctx->count[1] = 0; 107 108 return 0; 109} 110 111static void __octeon_sha512_update(struct sha512_state *sctx, const u8 *data, 112 unsigned int len) 113{ 114 unsigned int part_len; 115 unsigned int index; 116 unsigned int i; 117 118 /* Compute number of bytes mod 128. */ 119 index = sctx->count[0] % SHA512_BLOCK_SIZE; 120 121 /* Update number of bytes. */ 122 if ((sctx->count[0] += len) < len) 123 sctx->count[1]++; 124 125 part_len = SHA512_BLOCK_SIZE - index; 126 127 /* Transform as many times as possible. */ 128 if (len >= part_len) { 129 memcpy(&sctx->buf[index], data, part_len); 130 octeon_sha512_transform(sctx->buf); 131 132 for (i = part_len; i + SHA512_BLOCK_SIZE <= len; 133 i += SHA512_BLOCK_SIZE) 134 octeon_sha512_transform(&data[i]); 135 136 index = 0; 137 } else { 138 i = 0; 139 } 140 141 /* Buffer remaining input. */ 142 memcpy(&sctx->buf[index], &data[i], len - i); 143} 144 145static int octeon_sha512_update(struct shash_desc *desc, const u8 *data, 146 unsigned int len) 147{ 148 struct sha512_state *sctx = shash_desc_ctx(desc); 149 struct octeon_cop2_state state; 150 unsigned long flags; 151 152 /* 153 * Small updates never reach the crypto engine, so the generic sha512 is 154 * faster because of the heavyweight octeon_crypto_enable() / 155 * octeon_crypto_disable(). 156 */ 157 if ((sctx->count[0] % SHA512_BLOCK_SIZE) + len < SHA512_BLOCK_SIZE) 158 return crypto_sha512_update(desc, data, len); 159 160 flags = octeon_crypto_enable(&state); 161 octeon_sha512_store_hash(sctx); 162 163 __octeon_sha512_update(sctx, data, len); 164 165 octeon_sha512_read_hash(sctx); 166 octeon_crypto_disable(&state, flags); 167 168 return 0; 169} 170 171static int octeon_sha512_final(struct shash_desc *desc, u8 *hash) 172{ 173 struct sha512_state *sctx = shash_desc_ctx(desc); 174 static u8 padding[128] = { 0x80, }; 175 struct octeon_cop2_state state; 176 __be64 *dst = (__be64 *)hash; 177 unsigned int pad_len; 178 unsigned long flags; 179 unsigned int index; 180 __be64 bits[2]; 181 int i; 182 183 /* Save number of bits. */ 184 bits[1] = cpu_to_be64(sctx->count[0] << 3); 185 bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61); 186 187 /* Pad out to 112 mod 128. */ 188 index = sctx->count[0] & 0x7f; 189 pad_len = (index < 112) ? (112 - index) : ((128+112) - index); 190 191 flags = octeon_crypto_enable(&state); 192 octeon_sha512_store_hash(sctx); 193 194 __octeon_sha512_update(sctx, padding, pad_len); 195 196 /* Append length (before padding). */ 197 __octeon_sha512_update(sctx, (const u8 *)bits, sizeof(bits)); 198 199 octeon_sha512_read_hash(sctx); 200 octeon_crypto_disable(&state, flags); 201 202 /* Store state in digest. */ 203 for (i = 0; i < 8; i++) 204 dst[i] = cpu_to_be64(sctx->state[i]); 205 206 /* Zeroize sensitive information. */ 207 memset(sctx, 0, sizeof(struct sha512_state)); 208 209 return 0; 210} 211 212static int octeon_sha384_final(struct shash_desc *desc, u8 *hash) 213{ 214 u8 D[64]; 215 216 octeon_sha512_final(desc, D); 217 218 memcpy(hash, D, 48); 219 memzero_explicit(D, 64); 220 221 return 0; 222} 223 224static struct shash_alg octeon_sha512_algs[2] = { { 225 .digestsize = SHA512_DIGEST_SIZE, 226 .init = octeon_sha512_init, 227 .update = octeon_sha512_update, 228 .final = octeon_sha512_final, 229 .descsize = sizeof(struct sha512_state), 230 .base = { 231 .cra_name = "sha512", 232 .cra_driver_name= "octeon-sha512", 233 .cra_priority = OCTEON_CR_OPCODE_PRIORITY, 234 .cra_blocksize = SHA512_BLOCK_SIZE, 235 .cra_module = THIS_MODULE, 236 } 237}, { 238 .digestsize = SHA384_DIGEST_SIZE, 239 .init = octeon_sha384_init, 240 .update = octeon_sha512_update, 241 .final = octeon_sha384_final, 242 .descsize = sizeof(struct sha512_state), 243 .base = { 244 .cra_name = "sha384", 245 .cra_driver_name= "octeon-sha384", 246 .cra_priority = OCTEON_CR_OPCODE_PRIORITY, 247 .cra_blocksize = SHA384_BLOCK_SIZE, 248 .cra_module = THIS_MODULE, 249 } 250} }; 251 252static int __init octeon_sha512_mod_init(void) 253{ 254 if (!octeon_has_crypto()) 255 return -ENOTSUPP; 256 return crypto_register_shashes(octeon_sha512_algs, 257 ARRAY_SIZE(octeon_sha512_algs)); 258} 259 260static void __exit octeon_sha512_mod_fini(void) 261{ 262 crypto_unregister_shashes(octeon_sha512_algs, 263 ARRAY_SIZE(octeon_sha512_algs)); 264} 265 266module_init(octeon_sha512_mod_init); 267module_exit(octeon_sha512_mod_fini); 268 269MODULE_LICENSE("GPL"); 270MODULE_DESCRIPTION("SHA-512 and SHA-384 Secure Hash Algorithms (OCTEON)"); 271MODULE_AUTHOR("Aaro Koskinen <aaro.koskinen@iki.fi>"); 272