drivers/crypto/padlock-sha.c

   1 /*
   2  * Cryptographic API.
   3  *
   4  * Support for VIA PadLock hardware crypto engine.
   5  *
   6  * Copyright (c) 2006  Michal Ludvig <michal@logix.cz>
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  */
  14
  15 #include <crypto/algapi.h>
  16 #include <crypto/sha.h>
  17 #include <linux/err.h>
  18 #include <linux/module.h>
  19 #include <linux/init.h>
  20 #include <linux/errno.h>
  21 #include <linux/cryptohash.h>
  22 #include <linux/interrupt.h>
  23 #include <linux/kernel.h>
  24 #include <linux/scatterlist.h>
  25 #include <asm/i387.h>
  26 #include "padlock.h"
  27
  28 #define SHA1_DEFAULT_FALLBACK   "sha1-generic"
  29 #define SHA256_DEFAULT_FALLBACK "sha256-generic"
  30
  31 struct padlock_sha_ctx {
  32         char            *data;
  33         size_t          used;
  34         int             bypass;
  35         void (*f_sha_padlock)(const char *in, char *out, int count);
  36         struct hash_desc fallback;
  37 };
  38
  39 static inline struct padlock_sha_ctx *ctx(struct crypto_tfm *tfm)
  40 {
  41         return crypto_tfm_ctx(tfm);
  42 }
  43
  44 /* We'll need aligned address on the stack */
  45 #define NEAREST_ALIGNED(ptr) \
  46         ((void *)ALIGN((size_t)(ptr), PADLOCK_ALIGNMENT))
  47
  48 static struct crypto_alg sha1_alg, sha256_alg;
  49
  50 static void padlock_sha_bypass(struct crypto_tfm *tfm)
  51 {
  52         if (ctx(tfm)->bypass)
  53                 return;
  54
  55         crypto_hash_init(&ctx(tfm)->fallback);
  56         if (ctx(tfm)->data && ctx(tfm)->used) {
  57                 struct scatterlist sg;
  58
  59                 sg_init_one(&sg, ctx(tfm)->data, ctx(tfm)->used);
  60                 crypto_hash_update(&ctx(tfm)->fallback, &sg, sg.length);
  61         }
  62
  63         ctx(tfm)->used = 0;
  64         ctx(tfm)->bypass = 1;
  65 }
  66
  67 static void padlock_sha_init(struct crypto_tfm *tfm)
  68 {
  69         ctx(tfm)->used = 0;
  70         ctx(tfm)->bypass = 0;
  71 }
  72
  73 static void padlock_sha_update(struct crypto_tfm *tfm,
  74                         const uint8_t *data, unsigned int length)
  75 {
  76         /* Our buffer is always one page. */
  77         if (unlikely(!ctx(tfm)->bypass &&
  78                      (ctx(tfm)->used + length > PAGE_SIZE)))
  79                 padlock_sha_bypass(tfm);
  80
  81         if (unlikely(ctx(tfm)->bypass)) {
  82                 struct scatterlist sg;
  83                 sg_init_one(&sg, (uint8_t *)data, length);
  84                 crypto_hash_update(&ctx(tfm)->fallback, &sg, length);
  85                 return;
  86         }
  87
  88         memcpy(ctx(tfm)->data + ctx(tfm)->used, data, length);
  89         ctx(tfm)->used += length;
  90 }
  91
  92 static inline void padlock_output_block(uint32_t *src,
  93                         uint32_t *dst, size_t count)
  94 {
  95         while (count--)
  96                 *dst++ = swab32(*src++);
  97 }
  98
  99 static void padlock_do_sha1(const char *in, char *out, int count)
 100 {
 101         /* We can't store directly to *out as it may be unaligned. */
 102         /* BTW Don't reduce the buffer size below 128 Bytes!
 103          *     PadLock microcode needs it that big. */
 104         char buf[128+16];
 105         char *result = NEAREST_ALIGNED(buf);
 106         int ts_state;
 107
 108         ((uint32_t *)result)[0] = SHA1_H0;
 109         ((uint32_t *)result)[1] = SHA1_H1;
 110         ((uint32_t *)result)[2] = SHA1_H2;
 111         ((uint32_t *)result)[3] = SHA1_H3;
 112         ((uint32_t *)result)[4] = SHA1_H4;
 113
 114         /* prevent taking the spurious DNA fault with padlock. */
 115         ts_state = irq_ts_save();
 116         asm volatile (".byte 0xf3,0x0f,0xa6,0xc8" /* rep xsha1 */
 117                       : "+S"(in), "+D"(result)
 118                       : "c"(count), "a"(0));
 119         irq_ts_restore(ts_state);
 120
 121         padlock_output_block((uint32_t *)result, (uint32_t *)out, 5);
 122 }
 123
 124 static void padlock_do_sha256(const char *in, char *out, int count)
 125 {
 126         /* We can't store directly to *out as it may be unaligned. */
 127         /* BTW Don't reduce the buffer size below 128 Bytes!
 128          *     PadLock microcode needs it that big. */
 129         char buf[128+16];
 130         char *result = NEAREST_ALIGNED(buf);
 131         int ts_state;
 132
 133         ((uint32_t *)result)[0] = SHA256_H0;
 134         ((uint32_t *)result)[1] = SHA256_H1;
 135         ((uint32_t *)result)[2] = SHA256_H2;
 136         ((uint32_t *)result)[3] = SHA256_H3;
 137         ((uint32_t *)result)[4] = SHA256_H4;
 138         ((uint32_t *)result)[5] = SHA256_H5;
 139         ((uint32_t *)result)[6] = SHA256_H6;
 140         ((uint32_t *)result)[7] = SHA256_H7;
 141
 142         /* prevent taking the spurious DNA fault with padlock. */
 143         ts_state = irq_ts_save();
 144         asm volatile (".byte 0xf3,0x0f,0xa6,0xd0" /* rep xsha256 */
 145                       : "+S"(in), "+D"(result)
 146                       : "c"(count), "a"(0));
 147         irq_ts_restore(ts_state);
 148
 149         padlock_output_block((uint32_t *)result, (uint32_t *)out, 8);
 150 }
 151
 152 static void padlock_sha_final(struct crypto_tfm *tfm, uint8_t *out)
 153 {
 154         if (unlikely(ctx(tfm)->bypass)) {
 155                 crypto_hash_final(&ctx(tfm)->fallback, out);
 156                 ctx(tfm)->bypass = 0;
 157                 return;
 158         }
 159
 160         /* Pass the input buffer to PadLock microcode... */
 161         ctx(tfm)->f_sha_padlock(ctx(tfm)->data, out, ctx(tfm)->used);
 162
 163         ctx(tfm)->used = 0;
 164 }
 165
 166 static int padlock_cra_init(struct crypto_tfm *tfm)
 167 {
 168         const char *fallback_driver_name = tfm->__crt_alg->cra_name;
 169         struct crypto_hash *fallback_tfm;
 170
 171         /* For now we'll allocate one page. This
 172          * could eventually be configurable one day. */
 173         ctx(tfm)->data = (char *)__get_free_page(GFP_KERNEL);
 174         if (!ctx(tfm)->data)
 175                 return -ENOMEM;
 176
 177         /* Allocate a fallback and abort if it failed. */
 178         fallback_tfm = crypto_alloc_hash(fallback_driver_name, 0,
 179                                          CRYPTO_ALG_ASYNC |
 180                                          CRYPTO_ALG_NEED_FALLBACK);
 181         if (IS_ERR(fallback_tfm)) {
 182                 printk(KERN_WARNING PFX "Fallback driver '%s' could not be loaded!\n",
 183                        fallback_driver_name);
 184                 free_page((unsigned long)(ctx(tfm)->data));
 185                 return PTR_ERR(fallback_tfm);
 186         }
 187
 188         ctx(tfm)->fallback.tfm = fallback_tfm;
 189         return 0;
 190 }
 191
 192 static int padlock_sha1_cra_init(struct crypto_tfm *tfm)
 193 {
 194         ctx(tfm)->f_sha_padlock = padlock_do_sha1;
 195
 196         return padlock_cra_init(tfm);
 197 }
 198
 199 static int padlock_sha256_cra_init(struct crypto_tfm *tfm)
 200 {
 201         ctx(tfm)->f_sha_padlock = padlock_do_sha256;
 202
 203         return padlock_cra_init(tfm);
 204 }
 205
 206 static void padlock_cra_exit(struct crypto_tfm *tfm)
 207 {
 208         if (ctx(tfm)->data) {
 209                 free_page((unsigned long)(ctx(tfm)->data));
 210                 ctx(tfm)->data = NULL;
 211         }
 212
 213         crypto_free_hash(ctx(tfm)->fallback.tfm);
 214         ctx(tfm)->fallback.tfm = NULL;
 215 }
 216
 217 static struct crypto_alg sha1_alg = {
 218         .cra_name               =       "sha1",
 219         .cra_driver_name        =       "sha1-padlock",
 220         .cra_priority           =       PADLOCK_CRA_PRIORITY,
 221         .cra_flags              =       CRYPTO_ALG_TYPE_DIGEST |
 222                                         CRYPTO_ALG_NEED_FALLBACK,
 223         .cra_blocksize          =       SHA1_BLOCK_SIZE,
 224         .cra_ctxsize            =       sizeof(struct padlock_sha_ctx),
 225         .cra_module             =       THIS_MODULE,
 226         .cra_list               =       LIST_HEAD_INIT(sha1_alg.cra_list),
 227         .cra_init               =       padlock_sha1_cra_init,
 228         .cra_exit               =       padlock_cra_exit,
 229         .cra_u                  =       {
 230                 .digest = {
 231                         .dia_digestsize =       SHA1_DIGEST_SIZE,
 232                         .dia_init       =       padlock_sha_init,
 233                         .dia_update     =       padlock_sha_update,
 234                         .dia_final      =       padlock_sha_final,
 235                 }
 236         }
 237 };
 238
 239 static struct crypto_alg sha256_alg = {
 240         .cra_name               =       "sha256",
 241         .cra_driver_name        =       "sha256-padlock",
 242         .cra_priority           =       PADLOCK_CRA_PRIORITY,
 243         .cra_flags              =       CRYPTO_ALG_TYPE_DIGEST |
 244                                         CRYPTO_ALG_NEED_FALLBACK,
 245         .cra_blocksize          =       SHA256_BLOCK_SIZE,
 246         .cra_ctxsize            =       sizeof(struct padlock_sha_ctx),
 247         .cra_module             =       THIS_MODULE,
 248         .cra_list               =       LIST_HEAD_INIT(sha256_alg.cra_list),
 249         .cra_init               =       padlock_sha256_cra_init,
 250         .cra_exit               =       padlock_cra_exit,
 251         .cra_u                  =       {
 252                 .digest = {
 253                         .dia_digestsize =       SHA256_DIGEST_SIZE,
 254                         .dia_init       =       padlock_sha_init,
 255                         .dia_update     =       padlock_sha_update,
 256                         .dia_final      =       padlock_sha_final,
 257                 }
 258         }
 259 };
 260
 261 static int __init padlock_init(void)
 262 {
 263         int rc = -ENODEV;
 264
 265         if (!cpu_has_phe) {
 266                 printk(KERN_ERR PFX "VIA PadLock Hash Engine not detected.\n");
 267                 return -ENODEV;
 268         }
 269
 270         if (!cpu_has_phe_enabled) {
 271                 printk(KERN_ERR PFX "VIA PadLock detected, but not enabled. Hmm, strange...\n");
 272                 return -ENODEV;
 273         }
 274
 275         rc = crypto_register_alg(&sha1_alg);
 276         if (rc)
 277                 goto out;
 278
 279         rc = crypto_register_alg(&sha256_alg);
 280         if (rc)
 281                 goto out_unreg1;
 282
 283         printk(KERN_NOTICE PFX "Using VIA PadLock ACE for SHA1/SHA256 algorithms.\n");
 284
 285         return 0;
 286
 287 out_unreg1:
 288         crypto_unregister_alg(&sha1_alg);
 289 out:
 290         printk(KERN_ERR PFX "VIA PadLock SHA1/SHA256 initialization failed.\n");
 291         return rc;
 292 }
 293
 294 static void __exit padlock_fini(void)
 295 {
 296         crypto_unregister_alg(&sha1_alg);
 297         crypto_unregister_alg(&sha256_alg);
 298 }
 299
 300 module_init(padlock_init);
 301 module_exit(padlock_fini);
 302
 303 MODULE_DESCRIPTION("VIA PadLock SHA1/SHA256 algorithms support.");
 304 MODULE_LICENSE("GPL");
 305 MODULE_AUTHOR("Michal Ludvig");
 306
 307 MODULE_ALIAS("sha1");
 308 MODULE_ALIAS("sha256");
 309 MODULE_ALIAS("sha1-padlock");
 310 MODULE_ALIAS("sha256-padlock");