arch/arm64/crypto/sha3-ce-glue.c

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 /*
   3  * sha3-ce-glue.c - core SHA-3 transform using v8.2 Crypto Extensions
   4  *
   5  * Copyright (C) 2018 Linaro Ltd <ard.biesheuvel@linaro.org>
   6  *
   7  * This program is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU General Public License version 2 as
   9  * published by the Free Software Foundation.
  10  */
  11
  12 #include <asm/hwcap.h>
  13 #include <asm/neon.h>
  14 #include <asm/simd.h>
  15 #include <asm/unaligned.h>
  16 #include <crypto/internal/hash.h>
  17 #include <crypto/internal/simd.h>
  18 #include <crypto/sha3.h>
  19 #include <linux/cpufeature.h>
  20 #include <linux/crypto.h>
  21 #include <linux/module.h>
  22
  23 MODULE_DESCRIPTION("SHA3 secure hash using ARMv8 Crypto Extensions");
  24 MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");
  25 MODULE_LICENSE("GPL v2");
  26
  27 asmlinkage void sha3_ce_transform(u64 *st, const u8 *data, int blocks,
  28                                   int md_len);
  29
  30 static int sha3_update(struct shash_desc *desc, const u8 *data,
  31                        unsigned int len)
  32 {
  33         struct sha3_state *sctx = shash_desc_ctx(desc);
  34         unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
  35
  36         if (!crypto_simd_usable())
  37                 return crypto_sha3_update(desc, data, len);
  38
  39         if ((sctx->partial + len) >= sctx->rsiz) {
  40                 int blocks;
  41
  42                 if (sctx->partial) {
  43                         int p = sctx->rsiz - sctx->partial;
  44
  45                         memcpy(sctx->buf + sctx->partial, data, p);
  46                         kernel_neon_begin();
  47                         sha3_ce_transform(sctx->st, sctx->buf, 1, digest_size);
  48                         kernel_neon_end();
  49
  50                         data += p;
  51                         len -= p;
  52                         sctx->partial = 0;
  53                 }
  54
  55                 blocks = len / sctx->rsiz;
  56                 len %= sctx->rsiz;
  57
  58                 if (blocks) {
  59                         kernel_neon_begin();
  60                         sha3_ce_transform(sctx->st, data, blocks, digest_size);
  61                         kernel_neon_end();
  62                         data += blocks * sctx->rsiz;
  63                 }
  64         }
  65
  66         if (len) {
  67                 memcpy(sctx->buf + sctx->partial, data, len);
  68                 sctx->partial += len;
  69         }
  70         return 0;
  71 }
  72
  73 static int sha3_final(struct shash_desc *desc, u8 *out)
  74 {
  75         struct sha3_state *sctx = shash_desc_ctx(desc);
  76         unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
  77         __le64 *digest = (__le64 *)out;
  78         int i;
  79
  80         if (!crypto_simd_usable())
  81                 return crypto_sha3_final(desc, out);
  82
  83         sctx->buf[sctx->partial++] = 0x06;
  84         memset(sctx->buf + sctx->partial, 0, sctx->rsiz - sctx->partial);
  85         sctx->buf[sctx->rsiz - 1] |= 0x80;
  86
  87         kernel_neon_begin();
  88         sha3_ce_transform(sctx->st, sctx->buf, 1, digest_size);
  89         kernel_neon_end();
  90
  91         for (i = 0; i < digest_size / 8; i++)
  92                 put_unaligned_le64(sctx->st[i], digest++);
  93
  94         if (digest_size & 4)
  95                 put_unaligned_le32(sctx->st[i], (__le32 *)digest);
  96
  97         memzero_explicit(sctx, sizeof(*sctx));
  98         return 0;
  99 }
 100
 101 static struct shash_alg algs[] = { {
 102         .digestsize             = SHA3_224_DIGEST_SIZE,
 103         .init                   = crypto_sha3_init,
 104         .update                 = sha3_update,
 105         .final                  = sha3_final,
 106         .descsize               = sizeof(struct sha3_state),
 107         .base.cra_name          = "sha3-224",
 108         .base.cra_driver_name   = "sha3-224-ce",
 109         .base.cra_blocksize     = SHA3_224_BLOCK_SIZE,
 110         .base.cra_module        = THIS_MODULE,
 111         .base.cra_priority      = 200,
 112 }, {
 113         .digestsize             = SHA3_256_DIGEST_SIZE,
 114         .init                   = crypto_sha3_init,
 115         .update                 = sha3_update,
 116         .final                  = sha3_final,
 117         .descsize               = sizeof(struct sha3_state),
 118         .base.cra_name          = "sha3-256",
 119         .base.cra_driver_name   = "sha3-256-ce",
 120         .base.cra_blocksize     = SHA3_256_BLOCK_SIZE,
 121         .base.cra_module        = THIS_MODULE,
 122         .base.cra_priority      = 200,
 123 }, {
 124         .digestsize             = SHA3_384_DIGEST_SIZE,
 125         .init                   = crypto_sha3_init,
 126         .update                 = sha3_update,
 127         .final                  = sha3_final,
 128         .descsize               = sizeof(struct sha3_state),
 129         .base.cra_name          = "sha3-384",
 130         .base.cra_driver_name   = "sha3-384-ce",
 131         .base.cra_blocksize     = SHA3_384_BLOCK_SIZE,
 132         .base.cra_module        = THIS_MODULE,
 133         .base.cra_priority      = 200,
 134 }, {
 135         .digestsize             = SHA3_512_DIGEST_SIZE,
 136         .init                   = crypto_sha3_init,
 137         .update                 = sha3_update,
 138         .final                  = sha3_final,
 139         .descsize               = sizeof(struct sha3_state),
 140         .base.cra_name          = "sha3-512",
 141         .base.cra_driver_name   = "sha3-512-ce",
 142         .base.cra_blocksize     = SHA3_512_BLOCK_SIZE,
 143         .base.cra_module        = THIS_MODULE,
 144         .base.cra_priority      = 200,
 145 } };
 146
 147 static int __init sha3_neon_mod_init(void)
 148 {
 149         return crypto_register_shashes(algs, ARRAY_SIZE(algs));
 150 }
 151
 152 static void __exit sha3_neon_mod_fini(void)
 153 {
 154         crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
 155 }
 156
 157 module_cpu_feature_match(SHA3, sha3_neon_mod_init);
 158 module_exit(sha3_neon_mod_fini);