search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ext4: reduce contention on s_orphan_lock
[linux/fpc-iii.git] / drivers / crypto / ccp / ccp-crypto-sha.c
blob873f234252456141911ddd5540e7f3270999edb9
1 /*
2 * AMD Cryptographic Coprocessor (CCP) SHA crypto API support
3 *
4 * Copyright (C) 2013 Advanced Micro Devices, Inc.
5 *
6 * Author: Tom Lendacky <thomas.lendacky@amd.com>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation.
11 */
12
13 #include <linux/module.h>
14 #include <linux/sched.h>
15 #include <linux/delay.h>
16 #include <linux/scatterlist.h>
17 #include <linux/crypto.h>
18 #include <crypto/algapi.h>
19 #include <crypto/hash.h>
20 #include <crypto/internal/hash.h>
21 #include <crypto/sha.h>
22 #include <crypto/scatterwalk.h>
23
24 #include "ccp-crypto.h"
25
26
27 static int ccp_sha_complete(struct crypto_async_request *async_req, int ret)
28 {
29 struct ahash_request *req = ahash_request_cast(async_req);
30 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
31 struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
32 unsigned int digest_size = crypto_ahash_digestsize(tfm);
33
34 if (ret)
35 goto e_free;
36
37 if (rctx->hash_rem) {
38 /* Save remaining data to buffer */
39 unsigned int offset = rctx->nbytes - rctx->hash_rem;
40 scatterwalk_map_and_copy(rctx->buf, rctx->src,
41 offset, rctx->hash_rem, 0);
42 rctx->buf_count = rctx->hash_rem;
43 } else
44 rctx->buf_count = 0;
45
46 /* Update result area if supplied */
47 if (req->result)
48 memcpy(req->result, rctx->ctx, digest_size);
49
50 e_free:
51 sg_free_table(&rctx->data_sg);
52
53 return ret;
54 }
55
56 static int ccp_do_sha_update(struct ahash_request *req, unsigned int nbytes,
57 unsigned int final)
58 {
59 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
60 struct ccp_ctx *ctx = crypto_ahash_ctx(tfm);
61 struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
62 struct scatterlist *sg;
63 unsigned int block_size =
64 crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
65 unsigned int sg_count;
66 gfp_t gfp;
67 u64 len;
68 int ret;
69
70 len = (u64)rctx->buf_count + (u64)nbytes;
71
72 if (!final && (len <= block_size)) {
73 scatterwalk_map_and_copy(rctx->buf + rctx->buf_count, req->src,
74 0, nbytes, 0);
75 rctx->buf_count += nbytes;
76
77 return 0;
78 }
79
80 rctx->src = req->src;
81 rctx->nbytes = nbytes;
82
83 rctx->final = final;
84 rctx->hash_rem = final ? 0 : len & (block_size - 1);
85 rctx->hash_cnt = len - rctx->hash_rem;
86 if (!final && !rctx->hash_rem) {
87 /* CCP can't do zero length final, so keep some data around */
88 rctx->hash_cnt -= block_size;
89 rctx->hash_rem = block_size;
90 }
91
92 /* Initialize the context scatterlist */
93 sg_init_one(&rctx->ctx_sg, rctx->ctx, sizeof(rctx->ctx));
94
95 sg = NULL;
96 if (rctx->buf_count && nbytes) {
97 /* Build the data scatterlist table - allocate enough entries
98 * for both data pieces (buffer and input data)
99 */
100 gfp = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
101 GFP_KERNEL : GFP_ATOMIC;
102 sg_count = sg_nents(req->src) + 1;
103 ret = sg_alloc_table(&rctx->data_sg, sg_count, gfp);
104 if (ret)
105 return ret;
106
107 sg_init_one(&rctx->buf_sg, rctx->buf, rctx->buf_count);
108 sg = ccp_crypto_sg_table_add(&rctx->data_sg, &rctx->buf_sg);
109 sg = ccp_crypto_sg_table_add(&rctx->data_sg, req->src);
110 sg_mark_end(sg);
111
112 sg = rctx->data_sg.sgl;
113 } else if (rctx->buf_count) {
114 sg_init_one(&rctx->buf_sg, rctx->buf, rctx->buf_count);
115
116 sg = &rctx->buf_sg;
117 } else if (nbytes) {
118 sg = req->src;
119 }
120
121 rctx->msg_bits += (rctx->hash_cnt << 3); /* Total in bits */
122
123 memset(&rctx->cmd, 0, sizeof(rctx->cmd));
124 INIT_LIST_HEAD(&rctx->cmd.entry);
125 rctx->cmd.engine = CCP_ENGINE_SHA;
126 rctx->cmd.u.sha.type = rctx->type;
127 rctx->cmd.u.sha.ctx = &rctx->ctx_sg;
128 rctx->cmd.u.sha.ctx_len = sizeof(rctx->ctx);
129 rctx->cmd.u.sha.src = sg;
130 rctx->cmd.u.sha.src_len = rctx->hash_cnt;
131 rctx->cmd.u.sha.opad = ctx->u.sha.key_len ?
132 &ctx->u.sha.opad_sg : NULL;
133 rctx->cmd.u.sha.opad_len = ctx->u.sha.key_len ?
134 ctx->u.sha.opad_count : 0;
135 rctx->cmd.u.sha.first = rctx->first;
136 rctx->cmd.u.sha.final = rctx->final;
137 rctx->cmd.u.sha.msg_bits = rctx->msg_bits;
138
139 rctx->first = 0;
140
141 ret = ccp_crypto_enqueue_request(&req->base, &rctx->cmd);
142
143 return ret;
144 }
145
146 static int ccp_sha_init(struct ahash_request *req)
147 {
148 struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
149 struct ccp_ctx *ctx = crypto_ahash_ctx(tfm);
150 struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
151 struct ccp_crypto_ahash_alg *alg =
152 ccp_crypto_ahash_alg(crypto_ahash_tfm(tfm));
153 unsigned int block_size =
154 crypto_tfm_alg_blocksize(crypto_ahash_tfm(tfm));
155
156 memset(rctx, 0, sizeof(*rctx));
157
158 rctx->type = alg->type;
159 rctx->first = 1;
160
161 if (ctx->u.sha.key_len) {
162 /* Buffer the HMAC key for first update */
163 memcpy(rctx->buf, ctx->u.sha.ipad, block_size);
164 rctx->buf_count = block_size;
165 }
166
167 return 0;
168 }
169
170 static int ccp_sha_update(struct ahash_request *req)
171 {
172 return ccp_do_sha_update(req, req->nbytes, 0);
173 }
174
175 static int ccp_sha_final(struct ahash_request *req)
176 {
177 return ccp_do_sha_update(req, 0, 1);
178 }
179
180 static int ccp_sha_finup(struct ahash_request *req)
181 {
182 return ccp_do_sha_update(req, req->nbytes, 1);
183 }
184
185 static int ccp_sha_digest(struct ahash_request *req)
186 {
187 int ret;
188
189 ret = ccp_sha_init(req);
190 if (ret)
191 return ret;
192
193 return ccp_sha_finup(req);
194 }
195
196 static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
197 unsigned int key_len)
198 {
199 struct ccp_ctx *ctx = crypto_tfm_ctx(crypto_ahash_tfm(tfm));
200 struct crypto_shash *shash = ctx->u.sha.hmac_tfm;
201 struct {
202 struct shash_desc sdesc;
203 char ctx[crypto_shash_descsize(shash)];
204 } desc;
205 unsigned int block_size = crypto_shash_blocksize(shash);
206 unsigned int digest_size = crypto_shash_digestsize(shash);
207 int i, ret;
208
209 /* Set to zero until complete */
210 ctx->u.sha.key_len = 0;
211
212 /* Clear key area to provide zero padding for keys smaller
213 * than the block size
214 */
215 memset(ctx->u.sha.key, 0, sizeof(ctx->u.sha.key));
216
217 if (key_len > block_size) {
218 /* Must hash the input key */
219 desc.sdesc.tfm = shash;
220 desc.sdesc.flags = crypto_ahash_get_flags(tfm) &
221 CRYPTO_TFM_REQ_MAY_SLEEP;
222
223 ret = crypto_shash_digest(&desc.sdesc, key, key_len,
224 ctx->u.sha.key);
225 if (ret) {
226 crypto_ahash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
227 return -EINVAL;
228 }
229
230 key_len = digest_size;
231 } else
232 memcpy(ctx->u.sha.key, key, key_len);
233
234 for (i = 0; i < block_size; i++) {
235 ctx->u.sha.ipad[i] = ctx->u.sha.key[i] ^ 0x36;
236 ctx->u.sha.opad[i] = ctx->u.sha.key[i] ^ 0x5c;
237 }
238
239 sg_init_one(&ctx->u.sha.opad_sg, ctx->u.sha.opad, block_size);
240 ctx->u.sha.opad_count = block_size;
241
242 ctx->u.sha.key_len = key_len;
243
244 return 0;
245 }
246
247 static int ccp_sha_cra_init(struct crypto_tfm *tfm)
248 {
249 struct ccp_ctx *ctx = crypto_tfm_ctx(tfm);
250 struct crypto_ahash *ahash = __crypto_ahash_cast(tfm);
251
252 ctx->complete = ccp_sha_complete;
253 ctx->u.sha.key_len = 0;
254
255 crypto_ahash_set_reqsize(ahash, sizeof(struct ccp_sha_req_ctx));
256
257 return 0;
258 }
259
260 static void ccp_sha_cra_exit(struct crypto_tfm *tfm)
261 {
262 }
263
264 static int ccp_hmac_sha_cra_init(struct crypto_tfm *tfm)
265 {
266 struct ccp_ctx *ctx = crypto_tfm_ctx(tfm);
267 struct ccp_crypto_ahash_alg *alg = ccp_crypto_ahash_alg(tfm);
268 struct crypto_shash *hmac_tfm;
269
270 hmac_tfm = crypto_alloc_shash(alg->child_alg, 0, 0);
271 if (IS_ERR(hmac_tfm)) {
272 pr_warn("could not load driver %s need for HMAC support\n",
273 alg->child_alg);
274 return PTR_ERR(hmac_tfm);
275 }
276
277 ctx->u.sha.hmac_tfm = hmac_tfm;
278
279 return ccp_sha_cra_init(tfm);
280 }
281
282 static void ccp_hmac_sha_cra_exit(struct crypto_tfm *tfm)
283 {
284 struct ccp_ctx *ctx = crypto_tfm_ctx(tfm);
285
286 if (ctx->u.sha.hmac_tfm)
287 crypto_free_shash(ctx->u.sha.hmac_tfm);
288
289 ccp_sha_cra_exit(tfm);
290 }
291
292 struct ccp_sha_def {
293 const char *name;
294 const char *drv_name;
295 enum ccp_sha_type type;
296 u32 digest_size;
297 u32 block_size;
298 };
299
300 static struct ccp_sha_def sha_algs[] = {
301 {
302 .name = "sha1",
303 .drv_name = "sha1-ccp",
304 .type = CCP_SHA_TYPE_1,
305 .digest_size = SHA1_DIGEST_SIZE,
306 .block_size = SHA1_BLOCK_SIZE,
307 },
308 {
309 .name = "sha224",
310 .drv_name = "sha224-ccp",
311 .type = CCP_SHA_TYPE_224,
312 .digest_size = SHA224_DIGEST_SIZE,
313 .block_size = SHA224_BLOCK_SIZE,
314 },
315 {
316 .name = "sha256",
317 .drv_name = "sha256-ccp",
318 .type = CCP_SHA_TYPE_256,
319 .digest_size = SHA256_DIGEST_SIZE,
320 .block_size = SHA256_BLOCK_SIZE,
321 },
322 };
323
324 static int ccp_register_hmac_alg(struct list_head *head,
325 const struct ccp_sha_def *def,
326 const struct ccp_crypto_ahash_alg *base_alg)
327 {
328 struct ccp_crypto_ahash_alg *ccp_alg;
329 struct ahash_alg *alg;
330 struct hash_alg_common *halg;
331 struct crypto_alg *base;
332 int ret;
333
334 ccp_alg = kzalloc(sizeof(*ccp_alg), GFP_KERNEL);
335 if (!ccp_alg)
336 return -ENOMEM;
337
338 /* Copy the base algorithm and only change what's necessary */
339 *ccp_alg = *base_alg;
340 INIT_LIST_HEAD(&ccp_alg->entry);
341
342 strncpy(ccp_alg->child_alg, def->name, CRYPTO_MAX_ALG_NAME);
343
344 alg = &ccp_alg->alg;
345 alg->setkey = ccp_sha_setkey;
346
347 halg = &alg->halg;
348
349 base = &halg->base;
350 snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "hmac(%s)", def->name);
351 snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, "hmac-%s",
352 def->drv_name);
353 base->cra_init = ccp_hmac_sha_cra_init;
354 base->cra_exit = ccp_hmac_sha_cra_exit;
355
356 ret = crypto_register_ahash(alg);
357 if (ret) {
358 pr_err("%s ahash algorithm registration error (%d)\n",
359 base->cra_name, ret);
360 kfree(ccp_alg);
361 return ret;
362 }
363
364 list_add(&ccp_alg->entry, head);
365
366 return ret;
367 }
368
369 static int ccp_register_sha_alg(struct list_head *head,
370 const struct ccp_sha_def *def)
371 {
372 struct ccp_crypto_ahash_alg *ccp_alg;
373 struct ahash_alg *alg;
374 struct hash_alg_common *halg;
375 struct crypto_alg *base;
376 int ret;
377
378 ccp_alg = kzalloc(sizeof(*ccp_alg), GFP_KERNEL);
379 if (!ccp_alg)
380 return -ENOMEM;
381
382 INIT_LIST_HEAD(&ccp_alg->entry);
383
384 ccp_alg->type = def->type;
385
386 alg = &ccp_alg->alg;
387 alg->init = ccp_sha_init;
388 alg->update = ccp_sha_update;
389 alg->final = ccp_sha_final;
390 alg->finup = ccp_sha_finup;
391 alg->digest = ccp_sha_digest;
392
393 halg = &alg->halg;
394 halg->digestsize = def->digest_size;
395
396 base = &halg->base;
397 snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
398 snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
399 def->drv_name);
400 base->cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_ASYNC |
401 CRYPTO_ALG_KERN_DRIVER_ONLY |
402 CRYPTO_ALG_NEED_FALLBACK;
403 base->cra_blocksize = def->block_size;
404 base->cra_ctxsize = sizeof(struct ccp_ctx);
405 base->cra_priority = CCP_CRA_PRIORITY;
406 base->cra_type = &crypto_ahash_type;
407 base->cra_init = ccp_sha_cra_init;
408 base->cra_exit = ccp_sha_cra_exit;
409 base->cra_module = THIS_MODULE;
410
411 ret = crypto_register_ahash(alg);
412 if (ret) {
413 pr_err("%s ahash algorithm registration error (%d)\n",
414 base->cra_name, ret);
415 kfree(ccp_alg);
416 return ret;
417 }
418
419 list_add(&ccp_alg->entry, head);
420
421 ret = ccp_register_hmac_alg(head, def, ccp_alg);
422
423 return ret;
424 }
425
426 int ccp_register_sha_algs(struct list_head *head)
427 {
428 int i, ret;
429
430 for (i = 0; i < ARRAY_SIZE(sha_algs); i++) {
431 ret = ccp_register_sha_alg(head, &sha_algs[i]);
432 if (ret)
433 return ret;
434 }
435
436 return 0;
437 }
Linux with added FPC-III support