1 /*
2  * Glue code for SHA-1 implementation for SPE instructions (PPC)
3  *
4  * Based on generic implementation.
5  *
6  * Copyright (c) 2015 Markus Stockhausen <stockhausen@collogia.de>
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms of the GNU General Public License as published by the Free
10  * Software Foundation; either version 2 of the License, or (at your option)
11  * any later version.
12  *
13  */
14 
15 #include <crypto/internal/hash.h>
16 #include <linux/init.h>
17 #include <linux/module.h>
18 #include <linux/mm.h>
19 #include <linux/cryptohash.h>
20 #include <linux/types.h>
21 #include <crypto/sha.h>
22 #include <asm/byteorder.h>
23 #include <asm/switch_to.h>
24 #include <linux/hardirq.h>
25 
26 /*
27  * MAX_BYTES defines the number of bytes that are allowed to be processed
28  * between preempt_disable() and preempt_enable(). SHA1 takes ~1000
29  * operations per 64 bytes. e500 cores can issue two arithmetic instructions
30  * per clock cycle using one 32/64 bit unit (SU1) and one 32 bit unit (SU2).
31  * Thus 2KB of input data will need an estimated maximum of 18,000 cycles.
32  * Headroom for cache misses included. Even with the low end model clocked
33  * at 667 MHz this equals to a critical time window of less than 27us.
34  *
35  */
36 #define MAX_BYTES 2048
37 
38 extern void ppc_spe_sha1_transform(u32 *state, const u8 *src, u32 blocks);
39 
40 static void spe_begin(void)
41 {
42 	/* We just start SPE operations and will save SPE registers later. */
43 	preempt_disable();
44 	enable_kernel_spe();
45 }
46 
47 static void spe_end(void)
48 {
49 	disable_kernel_spe();
50 	/* reenable preemption */
51 	preempt_enable();
52 }
53 
54 static inline void ppc_sha1_clear_context(struct sha1_state *sctx)
55 {
56 	int count = sizeof(struct sha1_state) >> 2;
57 	u32 *ptr = (u32 *)sctx;
58 
59 	/* make sure we can clear the fast way */
60 	BUILD_BUG_ON(sizeof(struct sha1_state) % 4);
61 	do { *ptr++ = 0; } while (--count);
62 }
63 
64 static int ppc_spe_sha1_init(struct shash_desc *desc)
65 {
66 	struct sha1_state *sctx = shash_desc_ctx(desc);
67 
68 	sctx->state[0] = SHA1_H0;
69 	sctx->state[1] = SHA1_H1;
70 	sctx->state[2] = SHA1_H2;
71 	sctx->state[3] = SHA1_H3;
72 	sctx->state[4] = SHA1_H4;
73 	sctx->count = 0;
74 
75 	return 0;
76 }
77 
78 static int ppc_spe_sha1_update(struct shash_desc *desc, const u8 *data,
79 			unsigned int len)
80 {
81 	struct sha1_state *sctx = shash_desc_ctx(desc);
82 	const unsigned int offset = sctx->count & 0x3f;
83 	const unsigned int avail = 64 - offset;
84 	unsigned int bytes;
85 	const u8 *src = data;
86 
87 	if (avail > len) {
88 		sctx->count += len;
89 		memcpy((char *)sctx->buffer + offset, src, len);
90 		return 0;
91 	}
92 
93 	sctx->count += len;
94 
95 	if (offset) {
96 		memcpy((char *)sctx->buffer + offset, src, avail);
97 
98 		spe_begin();
99 		ppc_spe_sha1_transform(sctx->state, (const u8 *)sctx->buffer, 1);
100 		spe_end();
101 
102 		len -= avail;
103 		src += avail;
104 	}
105 
106 	while (len > 63) {
107 		bytes = (len > MAX_BYTES) ? MAX_BYTES : len;
108 		bytes = bytes & ~0x3f;
109 
110 		spe_begin();
111 		ppc_spe_sha1_transform(sctx->state, src, bytes >> 6);
112 		spe_end();
113 
114 		src += bytes;
115 		len -= bytes;
116 	};
117 
118 	memcpy((char *)sctx->buffer, src, len);
119 	return 0;
120 }
121 
122 static int ppc_spe_sha1_final(struct shash_desc *desc, u8 *out)
123 {
124 	struct sha1_state *sctx = shash_desc_ctx(desc);
125 	const unsigned int offset = sctx->count & 0x3f;
126 	char *p = (char *)sctx->buffer + offset;
127 	int padlen;
128 	__be64 *pbits = (__be64 *)(((char *)&sctx->buffer) + 56);
129 	__be32 *dst = (__be32 *)out;
130 
131 	padlen = 55 - offset;
132 	*p++ = 0x80;
133 
134 	spe_begin();
135 
136 	if (padlen < 0) {
137 		memset(p, 0x00, padlen + sizeof (u64));
138 		ppc_spe_sha1_transform(sctx->state, sctx->buffer, 1);
139 		p = (char *)sctx->buffer;
140 		padlen = 56;
141 	}
142 
143 	memset(p, 0, padlen);
144 	*pbits = cpu_to_be64(sctx->count << 3);
145 	ppc_spe_sha1_transform(sctx->state, sctx->buffer, 1);
146 
147 	spe_end();
148 
149 	dst[0] = cpu_to_be32(sctx->state[0]);
150 	dst[1] = cpu_to_be32(sctx->state[1]);
151 	dst[2] = cpu_to_be32(sctx->state[2]);
152 	dst[3] = cpu_to_be32(sctx->state[3]);
153 	dst[4] = cpu_to_be32(sctx->state[4]);
154 
155 	ppc_sha1_clear_context(sctx);
156 	return 0;
157 }
158 
159 static int ppc_spe_sha1_export(struct shash_desc *desc, void *out)
160 {
161 	struct sha1_state *sctx = shash_desc_ctx(desc);
162 
163 	memcpy(out, sctx, sizeof(*sctx));
164 	return 0;
165 }
166 
167 static int ppc_spe_sha1_import(struct shash_desc *desc, const void *in)
168 {
169 	struct sha1_state *sctx = shash_desc_ctx(desc);
170 
171 	memcpy(sctx, in, sizeof(*sctx));
172 	return 0;
173 }
174 
175 static struct shash_alg alg = {
176 	.digestsize	=	SHA1_DIGEST_SIZE,
177 	.init		=	ppc_spe_sha1_init,
178 	.update		=	ppc_spe_sha1_update,
179 	.final		=	ppc_spe_sha1_final,
180 	.export		=	ppc_spe_sha1_export,
181 	.import		=	ppc_spe_sha1_import,
182 	.descsize	=	sizeof(struct sha1_state),
183 	.statesize	=	sizeof(struct sha1_state),
184 	.base		=	{
185 		.cra_name	=	"sha1",
186 		.cra_driver_name=	"sha1-ppc-spe",
187 		.cra_priority	=	300,
188 		.cra_flags	=	CRYPTO_ALG_TYPE_SHASH,
189 		.cra_blocksize	=	SHA1_BLOCK_SIZE,
190 		.cra_module	=	THIS_MODULE,
191 	}
192 };
193 
194 static int __init ppc_spe_sha1_mod_init(void)
195 {
196 	return crypto_register_shash(&alg);
197 }
198 
199 static void __exit ppc_spe_sha1_mod_fini(void)
200 {
201 	crypto_unregister_shash(&alg);
202 }
203 
204 module_init(ppc_spe_sha1_mod_init);
205 module_exit(ppc_spe_sha1_mod_fini);
206 
207 MODULE_LICENSE("GPL");
208 MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm, SPE optimized");
209 
210 MODULE_ALIAS_CRYPTO("sha1");
211 MODULE_ALIAS_CRYPTO("sha1-ppc-spe");
212