Commit 60f208d7836216885cdcd6f77a02f31dbc66f169
Committed by
Herbert Xu
Herbert Xu
1 parent
497f2e6b8b
Exists in
master
and in
39 other branches
crypto: talitos - add support for sha224
SEC h/w versions 2.1 and above support sha224 via explicit instruction. Performing sha224 ahashes on earlier versions is still possible because they support sha256 (sha224 is sha256 with different initial constants and a different truncation length). We do this by overriding hardware context self-initialization, and perform it manually in s/w instead. Thanks to Lee for his fixes for correct execution on actual sec2.0 h/w. Signed-off-by: Kim Phillips <kim.phillips@freescale.com> Signed-off by: Lee Nipper <lee.nipper@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Showing 2 changed files with 75 additions and 10 deletions Side-by-side Diff
drivers/crypto/talitos.c
| 1 | 1 | /* |
| 2 | 2 | * talitos - Freescale Integrated Security Engine (SEC) device driver |
| 3 | 3 | * |
| 4 | - * Copyright (c) 2008 Freescale Semiconductor, Inc. | |
| 4 | + * Copyright (c) 2008-2010 Freescale Semiconductor, Inc. | |
| 5 | 5 | * |
| 6 | 6 | * Scatterlist Crypto API glue code copied from files with the following: |
| 7 | 7 | * Copyright (c) 2006-2007 Herbert Xu <herbert@gondor.apana.org.au> |
| ... | ... | @@ -156,6 +156,7 @@ |
| 156 | 156 | /* .features flag */ |
| 157 | 157 | #define TALITOS_FTR_SRC_LINK_TBL_LEN_INCLUDES_EXTENT 0x00000001 |
| 158 | 158 | #define TALITOS_FTR_HW_AUTH_CHECK 0x00000002 |
| 159 | +#define TALITOS_FTR_SHA224_HWINIT 0x00000004 | |
| 159 | 160 | |
| 160 | 161 | static void to_talitos_ptr(struct talitos_ptr *talitos_ptr, dma_addr_t dma_addr) |
| 161 | 162 | { |
| 162 | 163 | |
| ... | ... | @@ -720,10 +721,11 @@ |
| 720 | 721 | |
| 721 | 722 | struct talitos_ahash_req_ctx { |
| 722 | 723 | u64 count; |
| 723 | - u8 hw_context[TALITOS_MDEU_MAX_CONTEXT_SIZE]; | |
| 724 | + u32 hw_context[TALITOS_MDEU_MAX_CONTEXT_SIZE / sizeof(u32)]; | |
| 724 | 725 | unsigned int hw_context_size; |
| 725 | 726 | u8 buf[HASH_MAX_BLOCK_SIZE]; |
| 726 | 727 | u8 bufnext[HASH_MAX_BLOCK_SIZE]; |
| 728 | + unsigned int swinit; | |
| 727 | 729 | unsigned int first; |
| 728 | 730 | unsigned int last; |
| 729 | 731 | unsigned int to_hash_later; |
| 730 | 732 | |
| ... | ... | @@ -1631,12 +1633,13 @@ |
| 1631 | 1633 | /* first DWORD empty */ |
| 1632 | 1634 | desc->ptr[0] = zero_entry; |
| 1633 | 1635 | |
| 1634 | - /* hash context in (if not first) */ | |
| 1635 | - if (!req_ctx->first) { | |
| 1636 | + /* hash context in */ | |
| 1637 | + if (!req_ctx->first || req_ctx->swinit) { | |
| 1636 | 1638 | map_single_talitos_ptr(dev, &desc->ptr[1], |
| 1637 | 1639 | req_ctx->hw_context_size, |
| 1638 | 1640 | (char *)req_ctx->hw_context, 0, |
| 1639 | 1641 | DMA_TO_DEVICE); |
| 1642 | + req_ctx->swinit = 0; | |
| 1640 | 1643 | } else { |
| 1641 | 1644 | desc->ptr[1] = zero_entry; |
| 1642 | 1645 | /* Indicate next op is not the first. */ |
| ... | ... | @@ -1722,7 +1725,8 @@ |
| 1722 | 1725 | |
| 1723 | 1726 | /* Initialize the context */ |
| 1724 | 1727 | req_ctx->count = 0; |
| 1725 | - req_ctx->first = 1; /* first indicates h/w must init it's context */ | |
| 1728 | + req_ctx->first = 1; /* first indicates h/w must init its context */ | |
| 1729 | + req_ctx->swinit = 0; /* assume h/w init of context */ | |
| 1726 | 1730 | req_ctx->hw_context_size = |
| 1727 | 1731 | (crypto_ahash_digestsize(tfm) <= SHA256_DIGEST_SIZE) |
| 1728 | 1732 | ? TALITOS_MDEU_CONTEXT_SIZE_MD5_SHA1_SHA256 |
| ... | ... | @@ -1731,6 +1735,33 @@ |
| 1731 | 1735 | return 0; |
| 1732 | 1736 | } |
| 1733 | 1737 | |
| 1738 | +/* | |
| 1739 | + * on h/w without explicit sha224 support, we initialize h/w context | |
| 1740 | + * manually with sha224 constants, and tell it to run sha256. | |
| 1741 | + */ | |
| 1742 | +static int ahash_init_sha224_swinit(struct ahash_request *areq) | |
| 1743 | +{ | |
| 1744 | + struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq); | |
| 1745 | + | |
| 1746 | + ahash_init(areq); | |
| 1747 | + req_ctx->swinit = 1;/* prevent h/w initting context with sha256 values*/ | |
| 1748 | + | |
| 1749 | + req_ctx->hw_context[0] = cpu_to_be32(SHA224_H0); | |
| 1750 | + req_ctx->hw_context[1] = cpu_to_be32(SHA224_H1); | |
| 1751 | + req_ctx->hw_context[2] = cpu_to_be32(SHA224_H2); | |
| 1752 | + req_ctx->hw_context[3] = cpu_to_be32(SHA224_H3); | |
| 1753 | + req_ctx->hw_context[4] = cpu_to_be32(SHA224_H4); | |
| 1754 | + req_ctx->hw_context[5] = cpu_to_be32(SHA224_H5); | |
| 1755 | + req_ctx->hw_context[6] = cpu_to_be32(SHA224_H6); | |
| 1756 | + req_ctx->hw_context[7] = cpu_to_be32(SHA224_H7); | |
| 1757 | + | |
| 1758 | + /* init 64-bit count */ | |
| 1759 | + req_ctx->hw_context[8] = 0; | |
| 1760 | + req_ctx->hw_context[9] = 0; | |
| 1761 | + | |
| 1762 | + return 0; | |
| 1763 | +} | |
| 1764 | + | |
| 1734 | 1765 | static int ahash_process_req(struct ahash_request *areq, unsigned int nbytes) |
| 1735 | 1766 | { |
| 1736 | 1767 | struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq); |
| ... | ... | @@ -1799,8 +1830,8 @@ |
| 1799 | 1830 | else |
| 1800 | 1831 | edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_CONT; |
| 1801 | 1832 | |
| 1802 | - /* On first one, request SEC to INIT hash. */ | |
| 1803 | - if (req_ctx->first) | |
| 1833 | + /* request SEC to INIT hash. */ | |
| 1834 | + if (req_ctx->first && !req_ctx->swinit) | |
| 1804 | 1835 | edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_INIT; |
| 1805 | 1836 | |
| 1806 | 1837 | /* When the tfm context has a keylen, it's an HMAC. |
| 1807 | 1838 | |
| ... | ... | @@ -1843,8 +1874,9 @@ |
| 1843 | 1874 | static int ahash_digest(struct ahash_request *areq) |
| 1844 | 1875 | { |
| 1845 | 1876 | struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq); |
| 1877 | + struct crypto_ahash *ahash = crypto_ahash_reqtfm(areq); | |
| 1846 | 1878 | |
| 1847 | - ahash_init(areq); | |
| 1879 | + ahash->init(areq); | |
| 1848 | 1880 | req_ctx->last = 1; |
| 1849 | 1881 | |
| 1850 | 1882 | return ahash_process_req(areq, areq->nbytes); |
| ... | ... | @@ -2116,6 +2148,27 @@ |
| 2116 | 2148 | .final = ahash_final, |
| 2117 | 2149 | .finup = ahash_finup, |
| 2118 | 2150 | .digest = ahash_digest, |
| 2151 | + .halg.digestsize = SHA224_DIGEST_SIZE, | |
| 2152 | + .halg.base = { | |
| 2153 | + .cra_name = "sha224", | |
| 2154 | + .cra_driver_name = "sha224-talitos", | |
| 2155 | + .cra_blocksize = SHA224_BLOCK_SIZE, | |
| 2156 | + .cra_flags = CRYPTO_ALG_TYPE_AHASH | | |
| 2157 | + CRYPTO_ALG_ASYNC, | |
| 2158 | + .cra_type = &crypto_ahash_type | |
| 2159 | + } | |
| 2160 | + }, | |
| 2161 | + .desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU | | |
| 2162 | + DESC_HDR_SEL0_MDEUA | | |
| 2163 | + DESC_HDR_MODE0_MDEU_SHA224, | |
| 2164 | + }, | |
| 2165 | + { .type = CRYPTO_ALG_TYPE_AHASH, | |
| 2166 | + .alg.hash = { | |
| 2167 | + .init = ahash_init, | |
| 2168 | + .update = ahash_update, | |
| 2169 | + .final = ahash_final, | |
| 2170 | + .finup = ahash_finup, | |
| 2171 | + .digest = ahash_digest, | |
| 2119 | 2172 | .halg.digestsize = SHA256_DIGEST_SIZE, |
| 2120 | 2173 | .halg.base = { |
| 2121 | 2174 | .cra_name = "sha256", |
| ... | ... | @@ -2298,6 +2351,7 @@ |
| 2298 | 2351 | struct talitos_alg_template |
| 2299 | 2352 | *template) |
| 2300 | 2353 | { |
| 2354 | + struct talitos_private *priv = dev_get_drvdata(dev); | |
| 2301 | 2355 | struct talitos_crypto_alg *t_alg; |
| 2302 | 2356 | struct crypto_alg *alg; |
| 2303 | 2357 | |
| ... | ... | @@ -2319,6 +2373,14 @@ |
| 2319 | 2373 | case CRYPTO_ALG_TYPE_AHASH: |
| 2320 | 2374 | alg = &t_alg->algt.alg.hash.halg.base; |
| 2321 | 2375 | alg->cra_init = talitos_cra_init_ahash; |
| 2376 | + if (!(priv->features & TALITOS_FTR_SHA224_HWINIT) && | |
| 2377 | + !strcmp(alg->cra_name, "sha224")) { | |
| 2378 | + t_alg->algt.alg.hash.init = ahash_init_sha224_swinit; | |
| 2379 | + t_alg->algt.desc_hdr_template = | |
| 2380 | + DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU | | |
| 2381 | + DESC_HDR_SEL0_MDEUA | | |
| 2382 | + DESC_HDR_MODE0_MDEU_SHA256; | |
| 2383 | + } | |
| 2322 | 2384 | break; |
| 2323 | 2385 | } |
| 2324 | 2386 | |
| ... | ... | @@ -2406,7 +2468,8 @@ |
| 2406 | 2468 | priv->features |= TALITOS_FTR_SRC_LINK_TBL_LEN_INCLUDES_EXTENT; |
| 2407 | 2469 | |
| 2408 | 2470 | if (of_device_is_compatible(np, "fsl,sec2.1")) |
| 2409 | - priv->features |= TALITOS_FTR_HW_AUTH_CHECK; | |
| 2471 | + priv->features |= TALITOS_FTR_HW_AUTH_CHECK | | |
| 2472 | + TALITOS_FTR_SHA224_HWINIT; | |
| 2410 | 2473 | |
| 2411 | 2474 | priv->chan = kzalloc(sizeof(struct talitos_channel) * |
| 2412 | 2475 | priv->num_channels, GFP_KERNEL); |
drivers/crypto/talitos.h
| 1 | 1 | /* |
| 2 | 2 | * Freescale SEC (talitos) device register and descriptor header defines |
| 3 | 3 | * |
| 4 | - * Copyright (c) 2006-2008 Freescale Semiconductor, Inc. | |
| 4 | + * Copyright (c) 2006-2010 Freescale Semiconductor, Inc. | |
| 5 | 5 | * |
| 6 | 6 | * Redistribution and use in source and binary forms, with or without |
| 7 | 7 | * modification, are permitted provided that the following conditions |
| ... | ... | @@ -164,6 +164,7 @@ |
| 164 | 164 | #define DESC_HDR_MODE0_MDEU_INIT cpu_to_be32(0x01000000) |
| 165 | 165 | #define DESC_HDR_MODE0_MDEU_HMAC cpu_to_be32(0x00800000) |
| 166 | 166 | #define DESC_HDR_MODE0_MDEU_PAD cpu_to_be32(0x00400000) |
| 167 | +#define DESC_HDR_MODE0_MDEU_SHA224 cpu_to_be32(0x00300000) | |
| 167 | 168 | #define DESC_HDR_MODE0_MDEU_MD5 cpu_to_be32(0x00200000) |
| 168 | 169 | #define DESC_HDR_MODE0_MDEU_SHA256 cpu_to_be32(0x00100000) |
| 169 | 170 | #define DESC_HDR_MODE0_MDEU_SHA1 cpu_to_be32(0x00000000) |
| ... | ... | @@ -187,6 +188,7 @@ |
| 187 | 188 | #define DESC_HDR_MODE1_MDEU_INIT cpu_to_be32(0x00001000) |
| 188 | 189 | #define DESC_HDR_MODE1_MDEU_HMAC cpu_to_be32(0x00000800) |
| 189 | 190 | #define DESC_HDR_MODE1_MDEU_PAD cpu_to_be32(0x00000400) |
| 191 | +#define DESC_HDR_MODE1_MDEU_SHA224 cpu_to_be32(0x00000300) | |
| 190 | 192 | #define DESC_HDR_MODE1_MDEU_MD5 cpu_to_be32(0x00000200) |
| 191 | 193 | #define DESC_HDR_MODE1_MDEU_SHA256 cpu_to_be32(0x00000100) |
| 192 | 194 | #define DESC_HDR_MODE1_MDEU_SHA1 cpu_to_be32(0x00000000) |