2 * Linux/arm64 port of the OpenSSL SHA256 implementation for AArch64
4 * Copyright (c) 2016 Linaro Ltd. <ard.biesheuvel@linaro.org>
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
13 #include <asm/hwcap.h>
16 #include <crypto/internal/hash.h>
17 #include <crypto/sha.h>
18 #include <crypto/sha256_base.h>
19 #include <linux/cryptohash.h>
20 #include <linux/types.h>
21 #include <linux/string.h>
23 MODULE_DESCRIPTION("SHA-224/SHA-256 secure hash for arm64");
24 MODULE_AUTHOR("Andy Polyakov <appro@openssl.org>");
25 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
26 MODULE_LICENSE("GPL v2");
27 MODULE_ALIAS_CRYPTO("sha224");
28 MODULE_ALIAS_CRYPTO("sha256");
30 asmlinkage
void sha256_block_data_order(u32
*digest
, const void *data
,
31 unsigned int num_blks
);
32 EXPORT_SYMBOL(sha256_block_data_order
);
34 asmlinkage
void sha256_block_neon(u32
*digest
, const void *data
,
35 unsigned int num_blks
);
37 static int sha256_update(struct shash_desc
*desc
, const u8
*data
,
40 return sha256_base_do_update(desc
, data
, len
,
41 (sha256_block_fn
*)sha256_block_data_order
);
44 static int sha256_finup(struct shash_desc
*desc
, const u8
*data
,
45 unsigned int len
, u8
*out
)
48 sha256_base_do_update(desc
, data
, len
,
49 (sha256_block_fn
*)sha256_block_data_order
);
50 sha256_base_do_finalize(desc
,
51 (sha256_block_fn
*)sha256_block_data_order
);
53 return sha256_base_finish(desc
, out
);
56 static int sha256_final(struct shash_desc
*desc
, u8
*out
)
58 return sha256_finup(desc
, NULL
, 0, out
);
61 static struct shash_alg algs
[] = { {
62 .digestsize
= SHA256_DIGEST_SIZE
,
63 .init
= sha256_base_init
,
64 .update
= sha256_update
,
65 .final
= sha256_final
,
66 .finup
= sha256_finup
,
67 .descsize
= sizeof(struct sha256_state
),
68 .base
.cra_name
= "sha256",
69 .base
.cra_driver_name
= "sha256-arm64",
70 .base
.cra_priority
= 100,
71 .base
.cra_flags
= CRYPTO_ALG_TYPE_SHASH
,
72 .base
.cra_blocksize
= SHA256_BLOCK_SIZE
,
73 .base
.cra_module
= THIS_MODULE
,
75 .digestsize
= SHA224_DIGEST_SIZE
,
76 .init
= sha224_base_init
,
77 .update
= sha256_update
,
78 .final
= sha256_final
,
79 .finup
= sha256_finup
,
80 .descsize
= sizeof(struct sha256_state
),
81 .base
.cra_name
= "sha224",
82 .base
.cra_driver_name
= "sha224-arm64",
83 .base
.cra_priority
= 100,
84 .base
.cra_flags
= CRYPTO_ALG_TYPE_SHASH
,
85 .base
.cra_blocksize
= SHA224_BLOCK_SIZE
,
86 .base
.cra_module
= THIS_MODULE
,
89 static int sha256_update_neon(struct shash_desc
*desc
, const u8
*data
,
92 struct sha256_state
*sctx
= shash_desc_ctx(desc
);
95 return sha256_base_do_update(desc
, data
, len
,
96 (sha256_block_fn
*)sha256_block_data_order
);
99 unsigned int chunk
= len
;
102 * Don't hog the CPU for the entire time it takes to process all
103 * input when running on a preemptible kernel, but process the
104 * data block by block instead.
106 if (IS_ENABLED(CONFIG_PREEMPT
) &&
107 chunk
+ sctx
->count
% SHA256_BLOCK_SIZE
> SHA256_BLOCK_SIZE
)
108 chunk
= SHA256_BLOCK_SIZE
-
109 sctx
->count
% SHA256_BLOCK_SIZE
;
112 sha256_base_do_update(desc
, data
, chunk
,
113 (sha256_block_fn
*)sha256_block_neon
);
121 static int sha256_finup_neon(struct shash_desc
*desc
, const u8
*data
,
122 unsigned int len
, u8
*out
)
124 if (!may_use_simd()) {
126 sha256_base_do_update(desc
, data
, len
,
127 (sha256_block_fn
*)sha256_block_data_order
);
128 sha256_base_do_finalize(desc
,
129 (sha256_block_fn
*)sha256_block_data_order
);
132 sha256_update_neon(desc
, data
, len
);
134 sha256_base_do_finalize(desc
,
135 (sha256_block_fn
*)sha256_block_neon
);
138 return sha256_base_finish(desc
, out
);
141 static int sha256_final_neon(struct shash_desc
*desc
, u8
*out
)
143 return sha256_finup_neon(desc
, NULL
, 0, out
);
146 static struct shash_alg neon_algs
[] = { {
147 .digestsize
= SHA256_DIGEST_SIZE
,
148 .init
= sha256_base_init
,
149 .update
= sha256_update_neon
,
150 .final
= sha256_final_neon
,
151 .finup
= sha256_finup_neon
,
152 .descsize
= sizeof(struct sha256_state
),
153 .base
.cra_name
= "sha256",
154 .base
.cra_driver_name
= "sha256-arm64-neon",
155 .base
.cra_priority
= 150,
156 .base
.cra_flags
= CRYPTO_ALG_TYPE_SHASH
,
157 .base
.cra_blocksize
= SHA256_BLOCK_SIZE
,
158 .base
.cra_module
= THIS_MODULE
,
160 .digestsize
= SHA224_DIGEST_SIZE
,
161 .init
= sha224_base_init
,
162 .update
= sha256_update_neon
,
163 .final
= sha256_final_neon
,
164 .finup
= sha256_finup_neon
,
165 .descsize
= sizeof(struct sha256_state
),
166 .base
.cra_name
= "sha224",
167 .base
.cra_driver_name
= "sha224-arm64-neon",
168 .base
.cra_priority
= 150,
169 .base
.cra_flags
= CRYPTO_ALG_TYPE_SHASH
,
170 .base
.cra_blocksize
= SHA224_BLOCK_SIZE
,
171 .base
.cra_module
= THIS_MODULE
,
174 static int __init
sha256_mod_init(void)
176 int ret
= crypto_register_shashes(algs
, ARRAY_SIZE(algs
));
180 if (elf_hwcap
& HWCAP_ASIMD
) {
181 ret
= crypto_register_shashes(neon_algs
, ARRAY_SIZE(neon_algs
));
183 crypto_unregister_shashes(algs
, ARRAY_SIZE(algs
));
188 static void __exit
sha256_mod_fini(void)
190 if (elf_hwcap
& HWCAP_ASIMD
)
191 crypto_unregister_shashes(neon_algs
, ARRAY_SIZE(neon_algs
));
192 crypto_unregister_shashes(algs
, ARRAY_SIZE(algs
));
195 module_init(sha256_mod_init
);
196 module_exit(sha256_mod_fini
);
