From patchwork Thu Mar 6 04:12:48 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 25774 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-qa0-f69.google.com (mail-qa0-f69.google.com [209.85.216.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 1311B203C3 for ; Thu, 6 Mar 2014 04:14:55 +0000 (UTC) Received: by mail-qa0-f69.google.com with SMTP id w5sf4690238qac.0 for ; Wed, 05 Mar 2014 20:14:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:subject:date:message-id :in-reply-to:references:cc:precedence:list-id:list-unsubscribe :list-archive:list-post:list-help:list-subscribe:mime-version:sender :errors-to:x-original-sender:x-original-authentication-results :mailing-list:content-type:content-transfer-encoding; bh=ES4FF8m8JmVFdCXH/RPI8ilT7H1qIekHt34kusSRhKI=; b=Mq1uj29+RQuMAtUEZGmPv2xZ1gSll1iAMlPGn7dM7tVgYjTTqzyIEY0LBfpx1Ebwzp L721tk8zua1uHKCGWnGJErzabhnHDothnul4WANfXaLhx2b2rmocsvVbiI+lEg4xuD/Q Spx/QABZr2AaoCobeKP4uJoEi6upyBo4uijTSmlno7U0Pn9sQUBaCwBPQ+HePcSUYYt+ Pm8cfTPh0LZmmnbQiDnIupFd09jyy6cCDJ3JATZ3VTSRWD5P6L2f0FopEHKjTxw8fa/g mqzWLH+wCPWNEHo5BSZsYoKOQOjuLiWCkxPZ3lXW2S1MbolALvFtkehigKG0locVr/zN YPkw== X-Gm-Message-State: ALoCoQm+dhdW0Q6j4pzzUUUrkwVuxLeMMO5vLzA2c461rz21TtefzsE2AFsoC0WyfUTgEmMxcJsH X-Received: by 10.58.85.3 with SMTP id d3mr2324630vez.40.1394079295753; Wed, 05 Mar 2014 20:14:55 -0800 (PST) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.98.169 with SMTP id o38ls596745qge.37.gmail; Wed, 05 Mar 2014 20:14:55 -0800 (PST) X-Received: by 10.52.135.65 with SMTP id pq1mr6254908vdb.13.1394079295592; Wed, 05 Mar 2014 20:14:55 -0800 (PST) Received: from mail-ve0-f177.google.com (mail-ve0-f177.google.com [209.85.128.177]) by mx.google.com with ESMTPS id tt2si1481392vdc.35.2014.03.05.20.14.55 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 05 Mar 2014 20:14:55 -0800 (PST) Received-SPF: neutral (google.com: 209.85.128.177 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.128.177; Received: by mail-ve0-f177.google.com with SMTP id sa20so2023830veb.36 for ; Wed, 05 Mar 2014 20:14:55 -0800 (PST) X-Received: by 10.220.11.141 with SMTP id t13mr61742vct.30.1394079295460; Wed, 05 Mar 2014 20:14:55 -0800 (PST) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.220.78.9 with SMTP id i9csp9575vck; Wed, 5 Mar 2014 20:14:54 -0800 (PST) X-Received: by 10.194.90.233 with SMTP id bz9mr6204166wjb.65.1394079294329; Wed, 05 Mar 2014 20:14:54 -0800 (PST) Received: from casper.infradead.org (casper.infradead.org. [2001:770:15f::2]) by mx.google.com with ESMTPS id 10si3190141wjp.35.2014.03.05.20.14.53 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Mar 2014 20:14:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org designates 2001:770:15f::2 as permitted sender) client-ip=2001:770:15f::2; Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1WLPgl-0002QW-Sc; Thu, 06 Mar 2014 04:13:44 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1WLPge-0001y3-Gc; Thu, 06 Mar 2014 04:13:36 +0000 Received: from mail-pb0-f52.google.com ([209.85.160.52]) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1WLPgT-0001wr-GO for linux-arm-kernel@lists.infradead.org; Thu, 06 Mar 2014 04:13:27 +0000 Received: by mail-pb0-f52.google.com with SMTP id rr13so2037046pbb.39 for ; Wed, 05 Mar 2014 20:13:04 -0800 (PST) X-Received: by 10.68.179.98 with SMTP id df2mr11447515pbc.51.1394079184074; Wed, 05 Mar 2014 20:13:04 -0800 (PST) Received: from ards-macbook-pro.local (z88l218.static.ctm.net. [202.175.88.218]) by mx.google.com with ESMTPSA id fk4sm27773287pab.23.2014.03.05.20.13.01 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 05 Mar 2014 20:13:03 -0800 (PST) From: Ard Biesheuvel To: catalin.marinas@arm.com, will.deacon@arm.com, linux-arm-kernel@lists.infradead.org Subject: [PATCH 2/2] arm64: Add support for SHA1 using ARMv8 Crypto Extensions Date: Thu, 6 Mar 2014 12:12:48 +0800 Message-Id: <1394079168-27666-3-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: <1394079168-27666-1-git-send-email-ard.biesheuvel@linaro.org> References: <1394079168-27666-1-git-send-email-ard.biesheuvel@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20140305_231325_705471_BAA4982A X-CRM114-Status: GOOD ( 19.89 ) X-Spam-Score: -2.6 (--) X-Spam-Report: SpamAssassin version 3.3.2 on merlin.infradead.org summary: Content analysis details: (-2.6 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [209.85.160.52 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] Cc: Ard Biesheuvel , nico@linaro.org, steve.capper@arm.com X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patch=linaro.org@lists.infradead.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: ard.biesheuvel@linaro.org X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 209.85.128.177 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 This patch adds support for the SHA1 hash algorithm using the NEON based SHA1 instructions that were introduced in ARM v8. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/Makefile | 2 + arch/arm64/crypto/sha1-ce-core.S | 121 +++++++++++++++++++++++++++++++ arch/arm64/crypto/sha1-ce-glue.c | 149 +++++++++++++++++++++++++++++++++++++++ crypto/Kconfig | 6 ++ 4 files changed, 278 insertions(+) create mode 100644 arch/arm64/crypto/sha1-ce-core.S create mode 100644 arch/arm64/crypto/sha1-ce-glue.c diff --git a/arch/arm64/crypto/Makefile b/arch/arm64/crypto/Makefile index ac58945c50b3..f66d508eff9e 100644 --- a/arch/arm64/crypto/Makefile +++ b/arch/arm64/crypto/Makefile @@ -9,5 +9,7 @@ # obj-$(CONFIG_CRYPTO_AES_ARM64_CE) += aes-ce-cipher.o +obj-$(CONFIG_CRYPTO_SHA1_ARM64_CE) += sha1-ce.o CFLAGS_aes-ce-cipher.o += -march=armv8-a+crypto +sha1-ce-y := sha1-ce-glue.o sha1-ce-core.o diff --git a/arch/arm64/crypto/sha1-ce-core.S b/arch/arm64/crypto/sha1-ce-core.S new file mode 100644 index 000000000000..2c05e0786949 --- /dev/null +++ b/arch/arm64/crypto/sha1-ce-core.S @@ -0,0 +1,121 @@ +/* + * linux/arch/arm64/crypto/sha1-ce-core.S + * + * Copyright (C) 2014 Linaro Ltd + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include + + .text + .arch armv8-a+crypto + + .macro sha1_round, op, ws, dg0, dg1, dg2 + sha1h s\dg2, s\dg0 + sha1\op q\dg0, s\dg1, \ws + .endm + + .macro sha1_update, rc, ws, s0, s1, s2, s3 + sha1su0 \s0, \s1, \s2 + sha1su1 \s0, \s3 + add \ws, \s0, \rc + .endm + + /* + * The SHA1 round constants + */ + .align 4 +.Lsha1_rcon: + .word 0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6 + + /* + * void sha1_ce_transform(u32 *state, u8 const *src, int blocks) + */ +ENTRY(sha1_ce_transform) + /* load round constants */ + adr x3, .Lsha1_rcon + ld1r {v0.4s}, [x3], #4 + ld1r {v1.4s}, [x3], #4 + ld1r {v2.4s}, [x3], #4 + ld1r {v3.4s}, [x3] + + /* load state */ + add x3, x0, #16 + ld1 {v15.4s}, [x0] + ld1 {v16.s}[0], [x3] + + /* loop over src in 64 byte chunks */ +0: sub w2, w2, #1 + + /* load input */ + ld1 {v8.4s-v11.4s}, [x1], #64 + rev32 v8.16b, v8.16b + rev32 v9.16b, v9.16b + rev32 v10.16b, v10.16b + rev32 v11.16b, v11.16b + + /* copy state */ + mov v12.16b, v15.16b + mov v13.16b, v16.16b + + /* round 1 */ + add v4.4s, v8.4s, v0.4s + add v5.4s, v9.4s, v0.4s + add v6.4s, v10.4s, v0.4s + add v7.4s, v11.4s, v0.4s + sha1_round c, v4.4s, 12, 13, 14 + sha1_update v0.4s, v4.4s, v8.4s, v9.4s, v10.4s, v11.4s + sha1_round c, v5.4s, 12, 14, 13 + sha1_update v1.4s, v5.4s, v9.4s, v10.4s, v11.4s, v8.4s + sha1_round c, v6.4s, 12, 13, 14 + sha1_update v1.4s, v6.4s, v10.4s, v11.4s, v8.4s, v9.4s + sha1_round c, v7.4s, 12, 14, 13 + sha1_update v1.4s, v7.4s, v11.4s, v8.4s, v9.4s, v10.4s + sha1_round c, v4.4s, 12, 13, 14 + sha1_update v1.4s, v4.4s, v8.4s, v9.4s, v10.4s, v11.4s + + /* round 2 */ + sha1_round p, v5.4s, 12, 14, 13 + sha1_update v1.4s, v5.4s, v9.4s, v10.4s, v11.4s, v8.4s + sha1_round p, v6.4s, 12, 13, 14 + sha1_update v2.4s, v6.4s, v10.4s, v11.4s, v8.4s, v9.4s + sha1_round p, v7.4s, 12, 14, 13 + sha1_update v2.4s, v7.4s, v11.4s, v8.4s, v9.4s, v10.4s + sha1_round p, v4.4s, 12, 13, 14 + sha1_update v2.4s, v4.4s, v8.4s, v9.4s, v10.4s, v11.4s + sha1_round p, v5.4s, 12, 14, 13 + sha1_update v2.4s, v5.4s, v9.4s, v10.4s, v11.4s, v8.4s + + /* round 3 */ + sha1_round m, v6.4s, 12, 13, 14 + sha1_update v2.4s, v6.4s, v10.4s, v11.4s, v8.4s, v9.4s + sha1_round m, v7.4s, 12, 14, 13 + sha1_update v3.4s, v7.4s, v11.4s, v8.4s, v9.4s, v10.4s + sha1_round m, v4.4s, 12, 13, 14 + sha1_update v3.4s, v4.4s, v8.4s, v9.4s, v10.4s, v11.4s + sha1_round m, v5.4s, 12, 14, 13 + sha1_update v3.4s, v5.4s, v9.4s, v10.4s, v11.4s, v8.4s + sha1_round m, v6.4s, 12, 13, 14 + sha1_update v3.4s, v6.4s, v10.4s, v11.4s, v8.4s, v9.4s + + /* round 4 */ + sha1_round p, v7.4s, 12, 14, 13 + sha1_update v3.4s, v7.4s, v11.4s, v8.4s, v9.4s, v10.4s + sha1_round p, v4.4s, 12, 13, 14 + sha1_round p, v5.4s, 12, 14, 13 + sha1_round p, v6.4s, 12, 13, 14 + sha1_round p, v7.4s, 12, 14, 13 + + /* update state */ + add v15.4s, v15.4s, v12.4s + add v16.4s, v16.4s, v13.4s + cbnz w2, 0b + + /* store new state */ + st1 {v15.4s}, [x0] + st1 {v16.s}[0], [x3] + ret +ENDPROC(sha1_ce_transform) diff --git a/arch/arm64/crypto/sha1-ce-glue.c b/arch/arm64/crypto/sha1-ce-glue.c new file mode 100644 index 000000000000..7c79552bbe70 --- /dev/null +++ b/arch/arm64/crypto/sha1-ce-glue.c @@ -0,0 +1,149 @@ +/* + * linux/arch/arm64/crypto/sha1-ce-glue.c + * + * Copyright (C) 2014 Linaro Ltd + * + * Derived from linux/crypto/sha1_generic.c + * + * Copyright (c) Alan Smithee. + * Copyright (c) Andrew McDonald + * Copyright (c) Jean-Francois Dive + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +MODULE_DESCRIPTION("SHA1 secure hash using ARMv8 Crypto Extensions"); +MODULE_AUTHOR("Ard Biesheuvel "); +MODULE_LICENSE("GPL"); + +asmlinkage void sha1_ce_transform(u32 *state, u8 const *src, int blocks); + +static int sha1_init(struct shash_desc *desc) +{ + struct sha1_state *sctx = shash_desc_ctx(desc); + + *sctx = (struct sha1_state){ + .state = { SHA1_H0, SHA1_H1, SHA1_H2, SHA1_H3, SHA1_H4 }, + }; + + return 0; +} + +static int sha1_update(struct shash_desc *desc, const u8 *data, + unsigned int len) +{ + struct sha1_state *sctx = shash_desc_ctx(desc); + unsigned int partial, done = 0; + + partial = sctx->count % SHA1_BLOCK_SIZE; + + if ((partial + len) >= SHA1_BLOCK_SIZE) { + int blocks; + + kernel_neon_begin_partial(18); + if (partial) { + done = SHA1_BLOCK_SIZE - partial; + memcpy(sctx->buffer + partial, data, done); + sha1_ce_transform(sctx->state, sctx->buffer, 1); + partial = 0; + } + + blocks = (len - done) / SHA1_BLOCK_SIZE; + if (blocks) { + sha1_ce_transform(sctx->state, &data[done], blocks); + done += blocks * SHA1_BLOCK_SIZE; + } + kernel_neon_end(); + } + memcpy(sctx->buffer + partial, &data[done], len - done); + sctx->count += len; + return 0; +} + +/* Add padding and return the message digest. */ +static int sha1_final(struct shash_desc *desc, u8 *out) +{ + struct sha1_state *sctx = shash_desc_ctx(desc); + __be32 *dst = (__be32 *)out; + u32 i, index, padlen; + __be64 bits; + static const u8 padding[64] = { 0x80, }; + + bits = cpu_to_be64(sctx->count << 3); + + /* Pad out to 56 mod 64 */ + index = sctx->count & 0x3f; + padlen = (index < 56) ? (56 - index) : ((64+56) - index); + sha1_update(desc, padding, padlen); + + /* Append length */ + sha1_update(desc, (const u8 *)&bits, sizeof(bits)); + + /* Store state in digest */ + for (i = 0; i < 5; i++) + dst[i] = cpu_to_be32(sctx->state[i]); + + /* Wipe context */ + memset(sctx, 0, sizeof *sctx); + + return 0; +} + +static int sha1_export(struct shash_desc *desc, void *out) +{ + struct sha1_state *sctx = shash_desc_ctx(desc); + + memcpy(out, sctx, sizeof(*sctx)); + return 0; +} + +static int sha1_import(struct shash_desc *desc, const void *in) +{ + struct sha1_state *sctx = shash_desc_ctx(desc); + + memcpy(sctx, in, sizeof(*sctx)); + return 0; +} + +static struct shash_alg alg = { + .digestsize = SHA1_DIGEST_SIZE, + .init = sha1_init, + .update = sha1_update, + .final = sha1_final, + .export = sha1_export, + .import = sha1_import, + .descsize = sizeof(struct sha1_state), + .statesize = sizeof(struct sha1_state), + .base = { + .cra_name = "sha1", + .cra_driver_name = "sha1-ce", + .cra_priority = 200, + .cra_flags = CRYPTO_ALG_TYPE_SHASH, + .cra_blocksize = SHA1_BLOCK_SIZE, + .cra_module = THIS_MODULE, + } +}; + +static int __init sha1_generic_mod_init(void) +{ + return crypto_register_shash(&alg); +} + +static void __exit sha1_generic_mod_fini(void) +{ + crypto_unregister_shash(&alg); +} + +module_cpu_feature_match(SHA1, sha1_generic_mod_init); +module_exit(sha1_generic_mod_fini); diff --git a/crypto/Kconfig b/crypto/Kconfig index f1d98bc346b6..44333536127c 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -500,6 +500,12 @@ config CRYPTO_SHA1_SSSE3 using Supplemental SSE3 (SSSE3) instructions or Advanced Vector Extensions (AVX), when available. +config CRYPTO_SHA1_ARM64_CE + tristate "SHA1 digest algorithm (ARMv8 Crypto Extensions)" + depends on ARM64 && KERNEL_MODE_NEON + select CRYPTO_SHA1 + select CRYPTO_HASH + config CRYPTO_SHA256_SSSE3 tristate "SHA256 digest algorithm (SSSE3/AVX/AVX2)" depends on X86 && 64BIT