diff options
author | blogic <blogic@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2012-10-05 10:12:53 +0000 |
---|---|---|
committer | blogic <blogic@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2012-10-05 10:12:53 +0000 |
commit | 5c105d9f3fd086aff195d3849dcf847d6b0bd927 (patch) | |
tree | 1229a11f725bfa58aa7c57a76898553bb5f6654a /target/linux/ubicom32/files/arch/ubicom32/crypto | |
download | openwrt-5c105d9f3fd086aff195d3849dcf847d6b0bd927.tar.gz openwrt-5c105d9f3fd086aff195d3849dcf847d6b0bd927.zip |
branch Attitude Adjustment
git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@33625 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/linux/ubicom32/files/arch/ubicom32/crypto')
11 files changed, 2865 insertions, 0 deletions
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/Makefile b/target/linux/ubicom32/files/arch/ubicom32/crypto/Makefile new file mode 100644 index 000000000..2d8e5863c --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/Makefile @@ -0,0 +1,36 @@ +# +# arch/ubicom32/crypto/Makefile +# <TODO: Replace with short file description> +# +# (C) Copyright 2009, Ubicom, Inc. +# +# This file is part of the Ubicom32 Linux Kernel Port. +# +# The Ubicom32 Linux Kernel Port is free software: you can redistribute +# it and/or modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation, either version 2 of the +# License, or (at your option) any later version. +# +# The Ubicom32 Linux Kernel Port is distributed in the hope that it +# will be useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See +# the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with the Ubicom32 Linux Kernel Port. If not, +# see <http://www.gnu.org/licenses/>. +# +# Ubicom32 implementation derived from (with many thanks): +# arch/m68knommu +# arch/blackfin +# arch/parisc +# +obj-$(CONFIG_CRYPTO_UBICOM32) += crypto_ubicom32.o +obj-$(CONFIG_CRYPTO_AES_UBICOM32) += aes_ubicom32.o +obj-$(CONFIG_CRYPTO_DES_UBICOM32) += des.o +obj-$(CONFIG_CRYPTO_MD5_UBICOM32) += md5.o +obj-$(CONFIG_CRYPTO_SHA1_UBICOM32) += sha1.o + +des-y := des_ubicom32.o des_check_key.o +md5-y := md5_ubicom32.o md5_ubicom32_asm.o +sha1-y := sha1_ubicom32.o diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/aes_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/aes_ubicom32.c new file mode 100644 index 000000000..f0b9f86bc --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/aes_ubicom32.c @@ -0,0 +1,458 @@ +/* + * arch/ubicom32/crypto/aes_ubicom32.c + * Ubicom32 implementation of the AES Cipher Algorithm. + * + * (C) Copyright 2009, Ubicom, Inc. + * + * This file is part of the Ubicom32 Linux Kernel Port. + * + * The Ubicom32 Linux Kernel Port is free software: you can redistribute + * it and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, either version 2 of the + * License, or (at your option) any later version. + * + * The Ubicom32 Linux Kernel Port is distributed in the hope that it + * will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the Ubicom32 Linux Kernel Port. If not, + * see <http://www.gnu.org/licenses/>. + * + * Ubicom32 implementation derived from (with many thanks): + * arch/m68knommu + * arch/blackfin + * arch/parisc + */ +#include <crypto/aes.h> +#include <crypto/algapi.h> +#include <linux/err.h> +#include <linux/module.h> +#include <linux/init.h> +#include <linux/spinlock.h> +#include "crypto_ubicom32.h" +#include <asm/linkage.h> + +struct ubicom32_aes_ctx { + u8 key[AES_MAX_KEY_SIZE]; + u32 ctrl; + int key_len; +}; + +static inline void aes_hw_set_key(const u8 *key, u8 key_len) +{ + /* + * switch case has more overhead than 4 move.4 instructions, so just copy 256 bits + */ + SEC_SET_KEY_256(key); +} + +static inline void aes_hw_set_iv(const u8 *iv) +{ + SEC_SET_IV_4W(iv); +} + +static inline void aes_hw_cipher(u8 *out, const u8 *in) +{ + SEC_SET_INPUT_4W(in); + + asm volatile ( + " ; start AES by writing 0x40(SECURITY_BASE) \n\t" + " move.4 0x40(%0), #0x01 \n\t" + " pipe_flush 0 \n\t" + " \n\t" + " ; wait for the module to calculate the output \n\t" + " btst 0x04(%0), #0 \n\t" + " jmpne.f .-4 \n\t" + : + : "a" (SEC_BASE) + : "cc" + ); + + SEC_GET_OUTPUT_4W(out); +} + +static int __ocm_text aes_set_key(struct crypto_tfm *tfm, const u8 *in_key, + unsigned int key_len) +{ + struct ubicom32_aes_ctx *uctx = crypto_tfm_ctx(tfm); + + uctx->key_len = key_len; + memcpy(uctx->key, in_key, key_len); + + /* + * leave out HASH_ALG (none = 0), CBC (no = 0), DIR (unknown) yet + */ + switch (uctx->key_len) { + case 16: + uctx->ctrl = SEC_KEY_128_BITS | SEC_ALG_AES; + break; + case 24: + uctx->ctrl = SEC_KEY_192_BITS | SEC_ALG_AES; + break; + case 32: + uctx->ctrl = SEC_KEY_256_BITS | SEC_ALG_AES; + break; + } + + return 0; +} + +static inline void aes_cipher(struct crypto_tfm *tfm, u8 *out, const u8 *in, u32 extra_flags) +{ + const struct ubicom32_aes_ctx *uctx = crypto_tfm_ctx(tfm); + + hw_crypto_lock(); + hw_crypto_check(); + hw_crypto_set_ctrl(uctx->ctrl | extra_flags); + + aes_hw_set_key(uctx->key, uctx->key_len); + aes_hw_cipher(out, in); + + hw_crypto_unlock(); +} + +static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) +{ + aes_cipher(tfm, out, in, SEC_DIR_ENCRYPT); +} + +static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) +{ + aes_cipher(tfm, out, in, SEC_DIR_DECRYPT); +} + +static struct crypto_alg aes_alg = { + .cra_name = "aes", + .cra_driver_name = "aes-ubicom32", + .cra_priority = CRYPTO_UBICOM32_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_CIPHER, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_aes_ctx), + .cra_alignmask = CRYPTO_UBICOM32_ALIGNMENT - 1, + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(aes_alg.cra_list), + .cra_u = { + .cipher = { + .cia_min_keysize = AES_MIN_KEY_SIZE, + .cia_max_keysize = AES_MAX_KEY_SIZE, + .cia_setkey = aes_set_key, + .cia_encrypt = aes_encrypt, + .cia_decrypt = aes_decrypt, + } + } +}; + +static void __ocm_text ecb_aes_crypt_loop(u8 *out, u8 *in, unsigned int n) +{ + while (likely(n)) { + aes_hw_cipher(out, in); + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + n -= AES_BLOCK_SIZE; + } +} + +static int __ocm_text ecb_aes_crypt(struct blkcipher_desc *desc, struct scatterlist *dst, + struct scatterlist *src, unsigned int nbytes, u32 extra_flags) +{ + const struct ubicom32_aes_ctx *uctx = crypto_blkcipher_ctx(desc->tfm); + int ret; + + struct blkcipher_walk walk; + blkcipher_walk_init(&walk, dst, src, nbytes); + ret = blkcipher_walk_virt(desc, &walk); + if (ret) { + return ret; + } + + hw_crypto_lock(); + hw_crypto_check(); + + hw_crypto_set_ctrl(uctx->ctrl | extra_flags); + aes_hw_set_key(uctx->key, uctx->key_len); + + while (likely((nbytes = walk.nbytes))) { + /* only use complete blocks */ + unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1); + u8 *out = walk.dst.virt.addr; + u8 *in = walk.src.virt.addr; + + /* finish n/16 blocks */ + ecb_aes_crypt_loop(out, in, n); + + nbytes &= AES_BLOCK_SIZE - 1; + ret = blkcipher_walk_done(desc, &walk, nbytes); + } + + hw_crypto_unlock(); + return ret; +} + +static int ecb_aes_encrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, struct scatterlist *src, + unsigned int nbytes) +{ + return ecb_aes_crypt(desc, dst, src, nbytes, SEC_DIR_ENCRYPT); +} + +static int ecb_aes_decrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, struct scatterlist *src, + unsigned int nbytes) +{ + return ecb_aes_crypt(desc, dst, src, nbytes, SEC_DIR_DECRYPT); +} + +static struct crypto_alg ecb_aes_alg = { + .cra_name = "ecb(aes)", + .cra_driver_name = "ecb-aes-ubicom32", + .cra_priority = CRYPTO_UBICOM32_COMPOSITE_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_aes_ctx), + .cra_alignmask = CRYPTO_UBICOM32_ALIGNMENT - 1, + .cra_type = &crypto_blkcipher_type, + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(ecb_aes_alg.cra_list), + .cra_u = { + .blkcipher = { + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, + .setkey = aes_set_key, + .encrypt = ecb_aes_encrypt, + .decrypt = ecb_aes_decrypt, + } + } +}; + +#if CRYPTO_UBICOM32_LOOP_ASM +void __ocm_text cbc_aes_encrypt_loop(u8 *out, u8 *in, u8 *iv, unsigned int n) +{ + asm volatile ( + "; set init. iv 4w \n\t" + " move.4 0x50(%0), 0x0(%3) \n\t" + " move.4 0x54(%0), 0x4(%3) \n\t" + " move.4 0x58(%0), 0x8(%3) \n\t" + " move.4 0x5c(%0), 0xc(%3) \n\t" + " \n\t" + "; we know n > 0, so we can always \n\t" + "; load the first block \n\t" + "; set input 4w \n\t" + " move.4 0x30(%0), 0x0(%2) \n\t" + " move.4 0x34(%0), 0x4(%2) \n\t" + " move.4 0x38(%0), 0x8(%2) \n\t" + " move.4 0x3c(%0), 0xc(%2) \n\t" + " \n\t" + "; kickoff hw \n\t" + " move.4 0x40(%0), %2 \n\t" + " \n\t" + "; update n & flush \n\t" + " add.4 %4, #-16, %4 \n\t" + " pipe_flush 0 \n\t" + " \n\t" + "; while (n): work on 2nd block \n\t" + " 1: lsl.4 d15, %4, #0x0 \n\t" + " jmpeq.f 5f \n\t" + " \n\t" + "; set input 4w (2nd) \n\t" + " move.4 0x30(%0), 0x10(%2) \n\t" + " move.4 0x34(%0), 0x14(%2) \n\t" + " move.4 0x38(%0), 0x18(%2) \n\t" + " move.4 0x3c(%0), 0x1c(%2) \n\t" + " \n\t" + "; update n/in asap while waiting \n\t" + " add.4 %4, #-16, %4 \n\t" + " move.4 d15, 16(%2)++ \n\t" + " \n\t" + "; wait for the previous output \n\t" + " btst 0x04(%0), #0 \n\t" + " jmpne.f -4 \n\t" + " \n\t" + "; read previous output \n\t" + " move.4 0x0(%1), 0x50(%0) \n\t" + " move.4 0x4(%1), 0x54(%0) \n\t" + " move.4 0x8(%1), 0x58(%0) \n\t" + " move.4 0xc(%1), 0x5c(%0) \n\t" + " \n\t" + "; kick off hw for 2nd input \n\t" + " move.4 0x40(%0), %2 \n\t" + " \n\t" + "; update out asap \n\t" + " move.4 d15, 16(%1)++ \n\t" + " \n\t" + "; go back to loop \n\t" + " jmpt 1b \n\t" + " \n\t" + "; wait for last output \n\t" + " 5: btst 0x04(%0), #0 \n\t" + " jmpne.f -4 \n\t" + " \n\t" + "; read last output \n\t" + " move.4 0x0(%1), 0x50(%0) \n\t" + " move.4 0x4(%1), 0x54(%0) \n\t" + " move.4 0x8(%1), 0x58(%0) \n\t" + " move.4 0xc(%1), 0x5c(%0) \n\t" + " \n\t" + "; copy out iv \n\t" + " move.4 0x0(%3), 0x50(%0) \n\t" + " move.4 0x4(%3), 0x54(%0) \n\t" + " move.4 0x8(%3), 0x58(%0) \n\t" + " move.4 0xc(%3), 0x5c(%0) \n\t" + " \n\t" + : + : "a" (SEC_BASE), "a" (out), "a" (in), "a" (iv), "d" (n) + : "d15", "cc" + ); +} + +#else + +static void __ocm_text cbc_aes_encrypt_loop(u8 *out, u8 *in, u8 *iv, unsigned int n) +{ + aes_hw_set_iv(iv); + while (likely(n)) { + aes_hw_cipher(out, in); + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + n -= AES_BLOCK_SIZE; + } + SEC_COPY_4W(iv, out - AES_BLOCK_SIZE); +} + +#endif + +static void __ocm_text cbc_aes_decrypt_loop(u8 *out, u8 *in, u8 *iv, unsigned int n) +{ + while (likely(n)) { + aes_hw_set_iv(iv); + SEC_COPY_4W(iv, in); + aes_hw_cipher(out, in); + out += AES_BLOCK_SIZE; + in += AES_BLOCK_SIZE; + n -= AES_BLOCK_SIZE; + } +} + +static int __ocm_text cbc_aes_crypt(struct blkcipher_desc *desc, + struct scatterlist *dst, struct scatterlist *src, + unsigned int nbytes, u32 extra_flags) +{ + struct ubicom32_aes_ctx *uctx = crypto_blkcipher_ctx(desc->tfm); + int ret; + + struct blkcipher_walk walk; + blkcipher_walk_init(&walk, dst, src, nbytes); + ret = blkcipher_walk_virt(desc, &walk); + if (unlikely(ret)) { + return ret; + } + + hw_crypto_lock(); + hw_crypto_check(); + + hw_crypto_set_ctrl(uctx->ctrl | extra_flags); + aes_hw_set_key(uctx->key, uctx->key_len); + + while (likely((nbytes = walk.nbytes))) { + /* only use complete blocks */ + unsigned int n = nbytes & ~(AES_BLOCK_SIZE - 1); + if (likely(n)) { + u8 *out = walk.dst.virt.addr; + u8 *in = walk.src.virt.addr; + + if (extra_flags & SEC_DIR_ENCRYPT) { + cbc_aes_encrypt_loop(out, in, walk.iv, n); + } else { + cbc_aes_decrypt_loop(out, in, walk.iv, n); + } + } + + nbytes &= AES_BLOCK_SIZE - 1; + ret = blkcipher_walk_done(desc, &walk, nbytes); + } + hw_crypto_unlock(); + + return ret; +} + +static int __ocm_text cbc_aes_encrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, struct scatterlist *src, + unsigned int nbytes) +{ + return cbc_aes_crypt(desc, dst, src, nbytes, SEC_DIR_ENCRYPT | SEC_CBC_SET); +} + +static int __ocm_text cbc_aes_decrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, struct scatterlist *src, + unsigned int nbytes) +{ + return cbc_aes_crypt(desc, dst, src, nbytes, SEC_DIR_DECRYPT | SEC_CBC_SET); +} + +static struct crypto_alg cbc_aes_alg = { + .cra_name = "cbc(aes)", + .cra_driver_name = "cbc-aes-ubicom32", + .cra_priority = CRYPTO_UBICOM32_COMPOSITE_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_aes_ctx), + .cra_alignmask = CRYPTO_UBICOM32_ALIGNMENT - 1, + .cra_type = &crypto_blkcipher_type, + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(cbc_aes_alg.cra_list), + .cra_u = { + .blkcipher = { + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, + .ivsize = AES_BLOCK_SIZE, + .setkey = aes_set_key, + .encrypt = cbc_aes_encrypt, + .decrypt = cbc_aes_decrypt, + } + } +}; + +static int __init aes_init(void) +{ + int ret; + + hw_crypto_init(); + + ret = crypto_register_alg(&aes_alg); + if (ret) + goto aes_err; + + ret = crypto_register_alg(&ecb_aes_alg); + if (ret) + goto ecb_aes_err; + + ret = crypto_register_alg(&cbc_aes_alg); + if (ret) + goto cbc_aes_err; + +out: + return ret; + +cbc_aes_err: + crypto_unregister_alg(&ecb_aes_alg); +ecb_aes_err: + crypto_unregister_alg(&aes_alg); +aes_err: + goto out; +} + +static void __exit aes_fini(void) +{ + crypto_unregister_alg(&cbc_aes_alg); + crypto_unregister_alg(&ecb_aes_alg); + crypto_unregister_alg(&aes_alg); +} + +module_init(aes_init); +module_exit(aes_fini); + +MODULE_ALIAS("aes"); + +MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm"); +MODULE_LICENSE("GPL"); diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_des.h b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_des.h new file mode 100644 index 000000000..3fc0ac361 --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_des.h @@ -0,0 +1,34 @@ +/* + * arch/ubicom32/crypto/crypto_des.h + * Function for checking keys for the DES and Triple DES Encryption + * algorithms. + * + * (C) Copyright 2009, Ubicom, Inc. + * + * This file is part of the Ubicom32 Linux Kernel Port. + * + * The Ubicom32 Linux Kernel Port is free software: you can redistribute + * it and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, either version 2 of the + * License, or (at your option) any later version. + * + * The Ubicom32 Linux Kernel Port is distributed in the hope that it + * will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the Ubicom32 Linux Kernel Port. If not, + * see <http://www.gnu.org/licenses/>. + * + * Ubicom32 implementation derived from (with many thanks): + * arch/m68knommu + * arch/blackfin + * arch/parisc + */ +#ifndef __CRYPTO_DES_H__ +#define __CRYPTO_DES_H__ + +extern int crypto_des_check_key(const u8*, unsigned int, u32*); + +#endif /* __CRYPTO_DES_H__ */ diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.c new file mode 100644 index 000000000..237ebbd9f --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.c @@ -0,0 +1,50 @@ +/* + * arch/ubicom32/crypto/crypto_ubicom32.c + * Generic code to support ubicom32 hardware crypto accelerator + * + * (C) Copyright 2009, Ubicom, Inc. + * + * This file is part of the Ubicom32 Linux Kernel Port. + * + * The Ubicom32 Linux Kernel Port is free software: you can redistribute + * it and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, either version 2 of the + * License, or (at your option) any later version. + * + * The Ubicom32 Linux Kernel Port is distributed in the hope that it + * will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the Ubicom32 Linux Kernel Port. If not, + * see <http://www.gnu.org/licenses/>. + * + * Ubicom32 implementation derived from (with many thanks): + * arch/m68knommu + * arch/blackfin + * arch/parisc + */ +#include "crypto_ubicom32.h" + +spinlock_t crypto_ubicom32_lock; +bool crypto_ubicom32_inited = false; +volatile bool crypto_ubicom32_on = false; +volatile unsigned long crypto_ubicom32_last_use; + +struct timer_list crypto_ubicom32_ps_timer; +void crypto_ubicom32_ps_check(unsigned long data) +{ + unsigned long idle_time = msecs_to_jiffies(HW_CRYPTO_PS_MAX_IDLE_MS); + + BUG_ON(!crypto_ubicom32_on); + + if (((jiffies - crypto_ubicom32_last_use) > idle_time) && spin_trylock_bh(&crypto_ubicom32_lock)) { + hw_crypto_turn_off(); + spin_unlock_bh(&crypto_ubicom32_lock); + return; + } + + /* keep monitoring */ + hw_crypto_ps_start(); +} diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.h b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.h new file mode 100644 index 000000000..e754c19b9 --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/crypto_ubicom32.h @@ -0,0 +1,346 @@ +/* + * arch/ubicom32/crypto/crypto_ubicom32.h + * Support for Ubicom32 cryptographic instructions. + * + * (C) Copyright 2009, Ubicom, Inc. + * + * This file is part of the Ubicom32 Linux Kernel Port. + * + * The Ubicom32 Linux Kernel Port is free software: you can redistribute + * it and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, either version 2 of the + * License, or (at your option) any later version. + * + * The Ubicom32 Linux Kernel Port is distributed in the hope that it + * will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the Ubicom32 Linux Kernel Port. If not, + * see <http://www.gnu.org/licenses/>. + * + * Ubicom32 implementation derived from (with many thanks): + * arch/m68knommu + * arch/blackfin + * arch/parisc + */ +#ifndef _CRYPTO_ARCH_UBICOM32_CRYPT_H +#define _CRYPTO_ARCH_UBICOM32_CRYPT_H + +#include <linux/module.h> +#include <linux/kernel.h> +#include <linux/jiffies.h> +#include <linux/timer.h> +#include <linux/spinlock.h> +#include <asm/errno.h> +#include <asm/io.h> +#include <asm/ip5000.h> + +#define CRYPTO_UBICOM32_LOOP_ASM 1 +#define CRYPTO_UBICOM32_ALIGNMENT 4 +#define SEC_ALIGNED(p) (((u32)p & 3) == 0) + +#define SEC_BASE SECURITY_BASE +#define SEC_KEY_OFFSET SECURITY_KEY_VALUE(0) +#define SEC_INPUT_OFFSET SECURITY_KEY_IN(0) +#define SEC_OUTPUT_OFFSET SECURITY_KEY_OUT(0) +#define SEC_HASH_OFFSET SECURITY_KEY_HASH(0) + +#define SEC_KEY_128_BITS SECURITY_CTRL_KEY_SIZE(0) +#define SEC_KEY_192_BITS SECURITY_CTRL_KEY_SIZE(1) +#define SEC_KEY_256_BITS SECURITY_CTRL_KEY_SIZE(2) + +#define SEC_HASH_NONE SECURITY_CTRL_HASH_ALG_NONE +#define SEC_HASH_MD5 SECURITY_CTRL_HASH_ALG_MD5 +#define SEC_HASH_SHA1 SECURITY_CTRL_HASH_ALG_SHA1 + +#define SEC_CBC_SET SECURITY_CTRL_CBC +#define SEC_CBC_NONE 0 + +#define SEC_ALG_AES SECURITY_CTRL_CIPHER_ALG_AES +#define SEC_ALG_NONE SECURITY_CTRL_CIPHER_ALG_NONE +#define SEC_ALG_DES SECURITY_CTRL_CIPHER_ALG_DES +#define SEC_ALG_3DES SECURITY_CTRL_CIPHER_ALG_3DES + +#define SEC_DIR_ENCRYPT SECURITY_CTRL_ENCIPHER +#define SEC_DIR_DECRYPT 0 + +#define CRYPTO_UBICOM32_PRIORITY 300 +#define CRYPTO_UBICOM32_COMPOSITE_PRIORITY 400 + +#define HW_CRYPTO_PS_MAX_IDLE_MS 100 /* idle time (ms) before shuting down sm */ + +extern spinlock_t crypto_ubicom32_lock; +extern bool crypto_ubicom32_inited; +extern volatile bool crypto_ubicom32_on; +extern volatile unsigned long crypto_ubicom32_last_use; +extern struct timer_list crypto_ubicom32_ps_timer; +extern void crypto_ubicom32_ps_check(unsigned long data); + +#define SEC_COPY_2W(t, s) \ + asm volatile ( \ + " move.4 0(%0), 0(%1) \n\t" \ + " move.4 4(%0), 4(%1) \n\t" \ + \ + : \ + : "a" (t), "a" (s) \ + ) + +#define SEC_COPY_4W(t, s) \ + asm volatile ( \ + " move.4 0(%0), 0(%1) \n\t" \ + " move.4 4(%0), 4(%1) \n\t" \ + " move.4 8(%0), 8(%1) \n\t" \ + " move.4 12(%0), 12(%1) \n\t" \ + : \ + : "a" (t), "a" (s) \ + ) + +#define SEC_COPY_5W(t, s) \ + asm volatile ( \ + " move.4 0(%0), 0(%1) \n\t" \ + " move.4 4(%0), 4(%1) \n\t" \ + " move.4 8(%0), 8(%1) \n\t" \ + " move.4 12(%0), 12(%1) \n\t" \ + " move.4 16(%0), 16(%1) \n\t" \ + : \ + : "a" (t), "a" (s) \ + ) + +#define SEC_SET_KEY_2W(x) \ + asm volatile ( \ + " ; write key to Security Keyblock \n\t" \ + " move.4 0x10(%0), 0(%1) \n\t" \ + " move.4 0x14(%0), 4(%1) \n\t" \ + : \ + : "a" (SECURITY_BASE), "a" (x) \ + ) + +#define SEC_SET_KEY_4W(x) \ + asm volatile ( \ + " ; write key to Security Keyblock \n\t" \ + " move.4 0x10(%0), 0(%1) \n\t" \ + " move.4 0x14(%0), 4(%1) \n\t" \ + " move.4 0x18(%0), 8(%1) \n\t" \ + " move.4 0x1c(%0), 12(%1) \n\t" \ + : \ + : "a"(SECURITY_BASE), "a"(x) \ + ) + +#define SEC_SET_KEY_6W(x) \ + asm volatile ( \ + " ; write key to Security Keyblock \n\t" \ + " move.4 0x10(%0), 0(%1) \n\t" \ + " move.4 0x14(%0), 4(%1) \n\t" \ + " move.4 0x18(%0), 8(%1) \n\t" \ + " move.4 0x1c(%0), 12(%1) \n\t" \ + " move.4 0x20(%0), 16(%1) \n\t" \ + " move.4 0x24(%0), 20(%1) \n\t" \ + : \ + : "a" (SECURITY_BASE), "a" (x) \ + ) + +#define SEC_SET_KEY_8W(x) \ + asm volatile ( \ + " ; write key to Security Keyblock \n\t" \ + " move.4 0x10(%0), 0(%1) \n\t" \ + " move.4 0x14(%0), 4(%1) \n\t" \ + " move.4 0x18(%0), 8(%1) \n\t" \ + " move.4 0x1c(%0), 12(%1) \n\t" \ + " move.4 0x20(%0), 16(%1) \n\t" \ + " move.4 0x24(%0), 20(%1) \n\t" \ + " move.4 0x28(%0), 24(%1) \n\t" \ + " move.4 0x2c(%0), 28(%1) \n\t" \ + : \ + : "a" (SECURITY_BASE), "a" (x) \ + ) + +#define SEC_SET_KEY_64(k) SEC_SET_KEY_2W(k) +#define SEC_SET_KEY_128(k) SEC_SET_KEY_4W(k) +#define SEC_SET_KEY_192(k) SEC_SET_KEY_6W(k) +#define SEC_SET_KEY_256(k) SEC_SET_KEY_8W(k) + +#define DES_SET_KEY(x) SEC_SET_KEY_64(x) +#define DES3_SET_KEY(x) SEC_SET_KEY_192(x) + +#define SEC_SET_INPUT_2W(x) \ + asm volatile ( \ + " ; write key to Security Keyblock \n\t" \ + " move.4 0x30(%0), 0(%1) \n\t" \ + " move.4 0x34(%0), 4(%1) \n\t" \ + : \ + : "a" (SECURITY_BASE), "a" (x) \ + ) + +#define SEC_GET_OUTPUT_2W(x) \ + asm volatile ( \ + " ; write key to Security Keyblock \n\t" \ + " move.4 0(%1), 0x50(%0) \n\t" \ + " move.4 4(%1), 0x54(%0) \n\t" \ + : \ + : "a" (SECURITY_BASE), "a" (x) \ + ) + +#define SEC_SET_INPUT_4W(x) \ + asm volatile ( \ + " ; write key to Security Keyblock \n\t" \ + " move.4 0x30(%0), 0(%1) \n\t" \ + " move.4 0x34(%0), 4(%1) \n\t" \ + " move.4 0x38(%0), 8(%1) \n\t" \ + " move.4 0x3c(%0), 12(%1) \n\t" \ + : \ + : "a" (SECURITY_BASE), "a" (x) \ + ) + +#define SEC_GET_OUTPUT_4W(x) \ + asm volatile ( \ + " ; read output from Security Keyblock \n\t" \ + " move.4 0(%1), 0x50(%0) \n\t" \ + " move.4 4(%1), 0x54(%0) \n\t" \ + " move.4 8(%1), 0x58(%0) \n\t" \ + " move.4 12(%1), 0x5c(%0) \n\t" \ + : \ + : "a" (SECURITY_BASE), "a" (x) \ + ) + +#define SEC_SET_IV_4W(x) \ + asm volatile ( \ + " ; write IV to Security Keyblock \n\t" \ + " move.4 0x50(%0), 0(%1) \n\t" \ + " move.4 0x54(%0), 4(%1) \n\t" \ + " move.4 0x58(%0), 8(%1) \n\t" \ + " move.4 0x5c(%0), 12(%1) \n\t" \ + : \ + : "a" (SECURITY_BASE), "a" (x) \ + ) + +#define SEC_PIPE_FLUSH() asm volatile ( " pipe_flush 0 \n\t" ) + +static inline void hw_crypto_set_ctrl(uint32_t c) +{ + asm volatile ( + " move.4 0(%0), %1 \n\t" + : + : "a" (SECURITY_BASE + SECURITY_CTRL), "d" (c) + ); +} + +static inline void hw_crypto_ps_start(void) +{ + crypto_ubicom32_ps_timer.expires = jiffies + msecs_to_jiffies(HW_CRYPTO_PS_MAX_IDLE_MS >> 1); + add_timer(&crypto_ubicom32_ps_timer); +} + +static inline void hw_crypto_turn_on(void) +{ + asm volatile ( + " moveai A4, %0 \n\t" + " bset 0x0(A4), 0x0(A4), %1 \n\t" + " cycles 11 \n\t" + : + : "i" (OCP_BASE >> 7), "i" (GEN_CLK_PLL_SECURITY_BIT_NO) + : "a4", "cc" + ); + crypto_ubicom32_on = true; +} + +static inline void hw_crypto_turn_off(void) +{ + asm volatile ( + " moveai A4, %0 \n\t" + " bclr 0x0(A4), 0x0(A4), %1 \n\t" + : + : "i" (OCP_BASE >> 7), "i" (GEN_CLK_PLL_SECURITY_BIT_NO) + : "a4", "cc" + ); + crypto_ubicom32_on = false; +} + +/* + * hw_crypto_check + * Most probably hw crypto is called in clusters and it makes no sense to turn it off + * and on and waster 13 cycles every time. + */ +static inline void hw_crypto_check(void) +{ + if (likely(crypto_ubicom32_on)) { + return; + } + crypto_ubicom32_last_use = jiffies; + hw_crypto_turn_on(); + hw_crypto_ps_start(); +} + +/* + * hw_crypto_ps_init + * Init power save timer + */ +static inline void hw_crypto_ps_init(void) +{ + init_timer_deferrable(&crypto_ubicom32_ps_timer); + crypto_ubicom32_ps_timer.function = crypto_ubicom32_ps_check; + crypto_ubicom32_ps_timer.data = 0; +} + +/* + * hw_crypto_init() + * Initialize OCP security module lock and disables its clock. + */ +static inline void hw_crypto_init(void) +{ + if (!crypto_ubicom32_inited) { + crypto_ubicom32_inited = true; + spin_lock_init(&crypto_ubicom32_lock); + hw_crypto_ps_init(); + hw_crypto_turn_off(); + } +} + +/* + * hw_crypto_lock() + * Locks the OCP security module and enables its clock. + */ +static inline void hw_crypto_lock(void) +{ + spin_lock_bh(&crypto_ubicom32_lock); +} + +/* + * hw_crypto_unlock() + * Unlocks the OCP security module and disables its clock. + */ +static inline void hw_crypto_unlock(void) +{ + crypto_ubicom32_last_use = jiffies; + spin_unlock_bh(&crypto_ubicom32_lock); +} + +#define CONFIG_CRYPTO_UBICOM32_DEBUG 1 + +#ifdef CONFIG_CRYPTO_UBICOM32_DEBUG +static inline void hex_dump(void *buf, int b_size, const char *msg) +{ + u8 *b = (u8 *)buf; + int i; + if (msg) { + printk("%s:\t", msg); + } + + for (i=0; i < b_size; i++) { + printk("%02x ", b[i]); + if ((i & 3) == 3) { + printk(" "); + } + if ((i & 31) == 31) { + printk("\n"); + } + } + printk("\n"); +} +#define UBICOM32_SEC_DUMP(a, b, c) hex_dump(a, b, c) +#else +#define UBICOM32_SEC_DUMP(a, b, c) +#endif + +#endif /* _CRYPTO_ARCH_UBICOM32_CRYPT_H */ diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/des_check_key.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/des_check_key.c new file mode 100644 index 000000000..162e52477 --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/des_check_key.c @@ -0,0 +1,148 @@ +/* + * arch/ubicom32/crypto/des_check_key.c + * Ubicom32 architecture function for checking keys for the DES and + * Tripple DES Encryption algorithms. + * + * (C) Copyright 2009, Ubicom, Inc. + * + * Originally released as descore by Dana L. How <how@isl.stanford.edu>. + * Modified by Raimar Falke <rf13@inf.tu-dresden.de> for the Linux-Kernel. + * Derived from Cryptoapi and Nettle implementations, adapted for in-place + * scatterlist interface. Changed LGPL to GPL per section 3 of the LGPL. + * + * s390 Version: + * Copyright IBM Corp. 2003 + * Author(s): Thomas Spatzier + * Jan Glauber (jan.glauber@de.ibm.com) + * + * Derived from "crypto/des.c" + * Copyright (c) 1992 Dana L. How. + * Copyright (c) Raimar Falke <rf13@inf.tu-dresden.de> + * Copyright (c) Gisle Sflensminde <gisle@ii.uib.no> + * Copyright (C) 2001 Niels Mvller. + * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> + * + * This file is part of the Ubicom32 Linux Kernel Port. + * + * The Ubicom32 Linux Kernel Port is free software: you can redistribute + * it and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, either version 2 of the + * License, or (at your option) any later version. + * + * The Ubicom32 Linux Kernel Port is distributed in the hope that it + * will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the Ubicom32 Linux Kernel Port. If not, + * see <http://www.gnu.org/licenses/>. + * + * Ubicom32 implementation derived from (with many thanks): + * arch/m68knommu + * arch/blackfin + * arch/parisc + */ +#include <linux/init.h> +#include <linux/module.h> +#include <linux/errno.h> +#include <linux/crypto.h> +#include "crypto_des.h" + +#define ROR(d,c,o) ((d) = (d) >> (c) | (d) << (o)) + +static const u8 parity[] = { + 8,1,0,8,0,8,8,0,0,8,8,0,8,0,2,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,3, + 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, + 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, + 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, + 0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8, + 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, + 8,0,0,8,0,8,8,0,0,8,8,0,8,0,0,8,0,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0, + 4,8,8,0,8,0,0,8,8,0,0,8,0,8,8,0,8,5,0,8,0,8,8,0,0,8,8,0,8,0,6,8, +}; + +/* + * RFC2451: Weak key checks SHOULD be performed. + */ +int +crypto_des_check_key(const u8 *key, unsigned int keylen, u32 *flags) +{ + u32 n, w; + + n = parity[key[0]]; n <<= 4; + n |= parity[key[1]]; n <<= 4; + n |= parity[key[2]]; n <<= 4; + n |= parity[key[3]]; n <<= 4; + n |= parity[key[4]]; n <<= 4; + n |= parity[key[5]]; n <<= 4; + n |= parity[key[6]]; n <<= 4; + n |= parity[key[7]]; + w = 0x88888888L; + + if ((*flags & CRYPTO_TFM_REQ_WEAK_KEY) + && !((n - (w >> 3)) & w)) { /* 1 in 10^10 keys passes this test */ + if (n < 0x41415151) { + if (n < 0x31312121) { + if (n < 0x14141515) { + /* 01 01 01 01 01 01 01 01 */ + if (n == 0x11111111) goto weak; + /* 01 1F 01 1F 01 0E 01 0E */ + if (n == 0x13131212) goto weak; + } else { + /* 01 E0 01 E0 01 F1 01 F1 */ + if (n == 0x14141515) goto weak; + /* 01 FE 01 FE 01 FE 01 FE */ + if (n == 0x16161616) goto weak; + } + } else { + if (n < 0x34342525) { + /* 1F 01 1F 01 0E 01 0E 01 */ + if (n == 0x31312121) goto weak; + /* 1F 1F 1F 1F 0E 0E 0E 0E (?) */ + if (n == 0x33332222) goto weak; + } else { + /* 1F E0 1F E0 0E F1 0E F1 */ + if (n == 0x34342525) goto weak; + /* 1F FE 1F FE 0E FE 0E FE */ + if (n == 0x36362626) goto weak; + } + } + } else { + if (n < 0x61616161) { + if (n < 0x44445555) { + /* E0 01 E0 01 F1 01 F1 01 */ + if (n == 0x41415151) goto weak; + /* E0 1F E0 1F F1 0E F1 0E */ + if (n == 0x43435252) goto weak; + } else { + /* E0 E0 E0 E0 F1 F1 F1 F1 (?) */ + if (n == 0x44445555) goto weak; + /* E0 FE E0 FE F1 FE F1 FE */ + if (n == 0x46465656) goto weak; + } + } else { + if (n < 0x64646565) { + /* FE 01 FE 01 FE 01 FE 01 */ + if (n == 0x61616161) goto weak; + /* FE 1F FE 1F FE 0E FE 0E */ + if (n == 0x63636262) goto weak; + } else { + /* FE E0 FE E0 FE F1 FE F1 */ + if (n == 0x64646565) goto weak; + /* FE FE FE FE FE FE FE FE */ + if (n == 0x66666666) goto weak; + } + } + } + } + return 0; +weak: + *flags |= CRYPTO_TFM_RES_WEAK_KEY; + return -EINVAL; +} + +EXPORT_SYMBOL(crypto_des_check_key); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("Key Check function for DES & DES3 Cipher Algorithms"); diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/des_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/des_ubicom32.c new file mode 100644 index 000000000..14e5fb24e --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/des_ubicom32.c @@ -0,0 +1,761 @@ +/* + * arch/ubicom32/crypto/des_ubicom32.c + * Ubicom32 implementation of the DES Cipher Algorithm. + * + * (C) Copyright 2009, Ubicom, Inc. + * + * This file is part of the Ubicom32 Linux Kernel Port. + * + * The Ubicom32 Linux Kernel Port is free software: you can redistribute + * it and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, either version 2 of the + * License, or (at your option) any later version. + * + * The Ubicom32 Linux Kernel Port is distributed in the hope that it + * will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the Ubicom32 Linux Kernel Port. If not, + * see <http://www.gnu.org/licenses/>. + * + * Ubicom32 implementation derived from (with many thanks): + * arch/m68knommu + * arch/blackfin + * arch/parisc + */ +#include <crypto/algapi.h> +#include <linux/init.h> +#include <linux/module.h> + +#include "crypto_ubicom32.h" +extern int crypto_des_check_key(const u8 *key, unsigned int keylen, u32 *flags); + +#define DES_BLOCK_SIZE 8 +#define DES_KEY_SIZE 8 + +#define DES3_192_KEY_SIZE (3 * DES_KEY_SIZE) +#define DES3_192_BLOCK_SIZE DES_BLOCK_SIZE + +#define DES3_SUB_KEY(key, i) (((u8 *)key) + (i * DES_KEY_SIZE)) + +enum des_ops { + DES_ENCRYPT, + DES_DECRYPT, + + DES3_EDE_ENCRYPT, + DES3_EDE_DECRYPT, + +#ifdef DES3_EEE + DES3_EEE_ENCRYPT, + DES3_EEE_DECRYPT, +#endif +}; + +struct ubicom32_des_ctx { + u8 key[3 * DES_KEY_SIZE]; + u32 ctrl; + int key_len; +}; + +static inline void des_hw_set_key(const u8 *key, u8 key_len) +{ + /* + * HW 3DES is not tested yet, use DES just as ipOS + */ + DES_SET_KEY(key); +} + +static inline void des_hw_cipher(u8 *out, const u8 *in) +{ + SEC_SET_INPUT_2W(in); + + asm volatile ( + " ; start DES by writing 0x38(SECURITY_BASE) \n\t" + " move.4 0x38(%0), #0x01 \n\t" + " pipe_flush 0 \n\t" + " \n\t" + " ; wait for the module to calculate the output \n\t" + " btst 0x04(%0), #0 \n\t" + " jmpne.f .-4 \n\t" + : + : "a" (SEC_BASE) + : "cc" + ); + + SEC_GET_OUTPUT_2W(out); +} + + +static void inline des3_hw_ede_encrypt(u8 *keys, u8 *out, const u8 *in) +{ + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 0), DES_KEY_SIZE); + des_hw_cipher(out, in); + + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 1), DES_KEY_SIZE); + des_hw_cipher(out, out); + + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 2), DES_KEY_SIZE); + des_hw_cipher(out, out); +} + +static void inline des3_hw_ede_decrypt(u8 *keys, u8 *out, const u8 *in) +{ + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 2), DES_KEY_SIZE); + des_hw_cipher(out, in); + + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 1), DES_KEY_SIZE); + des_hw_cipher(out, out); + + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 0), DES_KEY_SIZE); + des_hw_cipher(out, out); +} + +#ifdef DES3_EEE +static void inline des3_hw_eee_encrypt(u8 *keys, u8 *out, const u8 *in) +{ + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 0), 2); + des_hw_cipher(out, in); + + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 1), 2); + des_hw_cipher(out, out); + + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 2), 2); + des_hw_cipher(out, out); +} + +static void inline des3_hw_eee_decrypt(u8 *keys, u8 *out, const u8 *in) +{ + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 2), 2); + des_hw_cipher(out, in); + + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 1), 2); + des_hw_cipher(out, out); + + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT); + des_hw_set_key(DES3_SUB_KEY(keys, 0), 2); + des_hw_cipher(out, out); +} +#endif + +static int des_setkey(struct crypto_tfm *tfm, const u8 *key, + unsigned int keylen) +{ + struct ubicom32_des_ctx *dctx = crypto_tfm_ctx(tfm); + u32 *flags = &tfm->crt_flags; + int ret; + + /* test if key is valid (not a weak key) */ + ret = crypto_des_check_key(key, keylen, flags); + if (ret == 0) { + memcpy(dctx->key, key, keylen); + dctx->key_len = keylen; + //dctx->ctrl = (keylen == DES_KEY_SIZE) ? SEC_ALG_DES : SEC_ALG_3DES + /* 2DES and 3DES are both implemented with DES hw function */ + dctx->ctrl = SEC_ALG_DES; + } + return ret; +} + +static inline void des_cipher_1b(struct crypto_tfm *tfm, u8 *out, const u8 *in, u32 extra_flags) +{ + const struct ubicom32_des_ctx *uctx = crypto_tfm_ctx(tfm); + + hw_crypto_lock(); + hw_crypto_check(); + hw_crypto_set_ctrl(uctx->ctrl | extra_flags); + + des_hw_set_key(uctx->key, uctx->key_len); + des_hw_cipher(out, in); + + hw_crypto_unlock(); +} + +static void des_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) +{ + des_cipher_1b(tfm, out, in, SEC_DIR_ENCRYPT); +} + +static void des_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) +{ + des_cipher_1b(tfm, out, in, SEC_DIR_DECRYPT); +} + +static struct crypto_alg des_alg = { + .cra_name = "des", + .cra_driver_name = "des-ubicom32", + .cra_priority = CRYPTO_UBICOM32_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_CIPHER, + .cra_blocksize = DES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_des_ctx), + .cra_alignmask = CRYPTO_UBICOM32_ALIGNMENT - 1, + .cra_alignmask = CRYPTO_UBICOM32_ALIGNMENT - 1, + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(des_alg.cra_list), + .cra_u = { + .cipher = { + .cia_min_keysize = DES_KEY_SIZE, + .cia_max_keysize = DES_KEY_SIZE, + .cia_setkey = des_setkey, + .cia_encrypt = des_encrypt, + .cia_decrypt = des_decrypt, + } + } +}; + +static void ecb_des_ciper_loop(u8 *out, u8 *in, unsigned int n) +{ + while (likely(n)) { + des_hw_cipher(out, in); + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} + +static void ecb_des3_ede_encrypt_loop(u8 *keys, u8 *out, u8 *in, unsigned int n) +{ + while (likely(n)) { + des3_hw_ede_encrypt(keys, out, in); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} + +static void ecb_des3_ede_decrypt_loop(u8 *keys, u8 *out, u8 *in, unsigned int n) +{ + while (likely(n)) { + des3_hw_ede_decrypt(keys, out, in); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} + +#ifdef DES3_EEE +static void ecb_des3_eee_encrypt_loop(u8 *keys, u8 *out, u8 *in, unsigned int n) +{ + while (likely(n)) { + des3_hw_eee_encrypt(keys, out, in); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} + +static void ecb_des3_eee_decrypt_loop(u8 *keys, u8 *out, u8 *in, unsigned int n) +{ + while (likely(n)) { + des3_hw_eee_decrypt(keys, out, in); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} +#endif + +static inline void ecb_des_cipher_n(struct ubicom32_des_ctx *uctx, enum des_ops op, u8 *out, u8 *in, unsigned int n) +{ + switch (op) { + case DES_ENCRYPT: + case DES_DECRYPT: + /* set the right algo, direction and key once */ + hw_crypto_set_ctrl(SEC_ALG_DES | (op == DES_ENCRYPT ? SEC_DIR_ENCRYPT : 0)); + des_hw_set_key(uctx->key, uctx->key_len); + ecb_des_ciper_loop(out, in, n); + break; + + case DES3_EDE_ENCRYPT: + ecb_des3_ede_encrypt_loop(uctx->key, out, in, n); + break; + + case DES3_EDE_DECRYPT: + ecb_des3_ede_decrypt_loop(uctx->key, out, in, n); + break; + +#ifdef DES3_EEE + case DES3_EEE_ENCRYPT: + ecb_des3_eee_encrypt_loop(uctx->key, out, in, n); + break; + + case DES3_EEE_DECRYPT: + ecb_des3_eee_decrypt_loop(uctx->key, out, in, n); + break; +#endif + } +} + +static inline void des_xor_2w(u32 *data, u32 *iv) +{ + data[0] ^= iv[0]; + data[1] ^= iv[1]; +} + +static void cbc_des_encrypt_loop(u8 *out, u8 *in, u8 *iv, unsigned int n) +{ + while (likely(n)) { + des_xor_2w((u32 *)in, (u32 *)iv); + des_hw_cipher(out, in); + SEC_COPY_2W(iv, out); + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} + +static void cbc_des_decrypt_loop(u8 *out, u8 *in, u8 *iv, unsigned int n) +{ + u8 next_iv[DES_BLOCK_SIZE]; + while (likely(n)) { + SEC_COPY_2W(next_iv, in); + des_hw_cipher(out, in); + des_xor_2w((u32 *)out, (u32 *)iv); + SEC_COPY_2W(iv, next_iv); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} + +static void cbc_des3_ede_encrypt_loop(u8 *keys, u8 *out, u8 *in, u8 *iv, unsigned int n) +{ + while (likely(n)) { + des_xor_2w((u32 *)in, (u32 *)iv); + des3_hw_ede_encrypt(keys, out, in); + SEC_COPY_2W(iv, out); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} + +static void cbc_des3_ede_decrypt_loop(u8 *keys, u8 *out, u8 *in, u8 *iv, unsigned int n) +{ + u8 next_iv[DES_BLOCK_SIZE]; + while (likely(n)) { + SEC_COPY_2W(next_iv, in); + des3_hw_ede_decrypt(keys, out, in); + des_xor_2w((u32 *)out, (u32 *)iv); + SEC_COPY_2W(iv, next_iv); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} + +#ifdef DES3_EEE +static void cbc_des3_eee_encrypt_loop(u8 *keys, u8 *out, u8 *in, u8 *iv, unsigned int n) +{ + while (likely(n)) { + des_xor_2w((u32 *)in, (u32 *)iv); + des3_hw_eee_encrypt(keys, out, in); + SEC_COPY_2W(iv, out); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} + +static void cbc_des3_eee_decrypt_loop(u8 *keys, u8 *out, u8 *in, u8 *iv, unsigned int n) +{ + u8 next_iv[DES_BLOCK_SIZE]; + while (likely(n)) { + SEC_COPY_2W(next_iv, in); + des3_hw_eee_decrypt(keys, out, in); + des_xor_2w((u32 *)out, (u32 *)iv); + SEC_COPY_2W(iv, next_iv); + + out += DES_BLOCK_SIZE; + in += DES_BLOCK_SIZE; + n -= DES_BLOCK_SIZE; + } +} +#endif + +static inline void cbc_des_cipher_n(struct ubicom32_des_ctx *uctx, enum des_ops op, u8 *out, u8 *in, u8 *iv, unsigned int n) +{ + switch (op) { + case DES_ENCRYPT: + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_ENCRYPT); + des_hw_set_key(uctx->key, uctx->key_len); + cbc_des_encrypt_loop(out, in, iv, n); + break; + + case DES_DECRYPT: + /* set the right algo, direction and key once */ + hw_crypto_set_ctrl(SEC_ALG_DES | SEC_DIR_DECRYPT); + des_hw_set_key(uctx->key, uctx->key_len); + cbc_des_decrypt_loop(out, in, iv, n); + break; + + case DES3_EDE_ENCRYPT: + cbc_des3_ede_encrypt_loop(uctx->key, out, in, iv, n); + break; + + case DES3_EDE_DECRYPT: + cbc_des3_ede_decrypt_loop(uctx->key, out, in, iv, n); + break; + +#ifdef DES3_EEE + case DES3_EEE_ENCRYPT: + cbc_des3_eee_encrypt_loop(uctx->key, out, in, iv, n); + break; + + case DES3_EEE_DECRYPT: + cbc_des3_eee_decrypt_loop(uctx->key, out, in, iv, n); + break; +#endif + } +} + +static int des_cipher(struct blkcipher_desc *desc, struct scatterlist *dst, + struct scatterlist *src, unsigned int nbytes, u32 extra_flags, enum des_ops op) +{ + struct ubicom32_des_ctx *uctx = crypto_blkcipher_ctx(desc->tfm); + int ret; + + struct blkcipher_walk walk; + blkcipher_walk_init(&walk, dst, src, nbytes); + ret = blkcipher_walk_virt(desc, &walk); + if (ret) { + return ret; + } + + hw_crypto_lock(); + hw_crypto_check(); + + while ((nbytes = walk.nbytes)) { + /* only use complete blocks */ + unsigned int n = nbytes & ~(DES_BLOCK_SIZE - 1); + u8 *out = walk.dst.virt.addr; + u8 *in = walk.src.virt.addr; + + /* finish n/16 blocks */ + if (extra_flags & SEC_CBC_SET) { + cbc_des_cipher_n(uctx, op, out, in, walk.iv, n); + } else { + ecb_des_cipher_n(uctx, op, out, in, n); + } + + nbytes &= DES_BLOCK_SIZE - 1; + ret = blkcipher_walk_done(desc, &walk, nbytes); + } + + hw_crypto_unlock(); + return ret; +} + +static int ecb_des_encrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, struct scatterlist *src, + unsigned int nbytes) +{ + return des_cipher(desc, dst, src, nbytes, SEC_CBC_NONE, DES_ENCRYPT); +} + +static int ecb_des_decrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, struct scatterlist *src, + unsigned int nbytes) +{ + return des_cipher(desc, dst, src, nbytes, SEC_CBC_NONE, DES_DECRYPT); +} + +static struct crypto_alg ecb_des_alg = { + .cra_name = "ecb(des)", + .cra_driver_name = "ecb-des-ubicom32", + .cra_priority = CRYPTO_UBICOM32_COMPOSITE_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, + .cra_blocksize = DES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_des_ctx), + .cra_alignmask = CRYPTO_UBICOM32_ALIGNMENT - 1, + .cra_type = &crypto_blkcipher_type, + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(ecb_des_alg.cra_list), + .cra_u = { + .blkcipher = { + .min_keysize = DES_KEY_SIZE, + .max_keysize = DES_KEY_SIZE, + .setkey = des_setkey, + .encrypt = ecb_des_encrypt, + .decrypt = ecb_des_decrypt, + } + } +}; + +static int cbc_des_encrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, struct scatterlist *src, + unsigned int nbytes) +{ + return des_cipher(desc, dst, src, nbytes, SEC_CBC_SET, DES_ENCRYPT); +} + +static int cbc_des_decrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, struct scatterlist *src, + unsigned int nbytes) +{ + return des_cipher(desc, dst, src, nbytes, SEC_CBC_SET, DES_DECRYPT); +} + +static struct crypto_alg cbc_des_alg = { + .cra_name = "cbc(des)", + .cra_driver_name = "cbc-des-ubicom32", + .cra_priority = CRYPTO_UBICOM32_COMPOSITE_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, + .cra_blocksize = DES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_des_ctx), + .cra_alignmask = CRYPTO_UBICOM32_ALIGNMENT - 1, + .cra_type = &crypto_blkcipher_type, + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(cbc_des_alg.cra_list), + .cra_u = { + .blkcipher = { + .min_keysize = DES_KEY_SIZE, + .max_keysize = DES_KEY_SIZE, + .ivsize = DES_BLOCK_SIZE, + .setkey = des_setkey, + .encrypt = cbc_des_encrypt, + .decrypt = cbc_des_decrypt, + } + } +}; + +/* + * RFC2451: + * + * For DES-EDE3, there is no known need to reject weak or + * complementation keys. Any weakness is obviated by the use of + * multiple keys. + * + * However, if the first two or last two independent 64-bit keys are + * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the + * same as DES. Implementers MUST reject keys that exhibit this + * property. + * + */ +static int des3_192_setkey(struct crypto_tfm *tfm, const u8 *key, + unsigned int keylen) +{ + int i, ret; + struct ubicom32_des_ctx *dctx = crypto_tfm_ctx(tfm); + const u8 *temp_key = key; + u32 *flags = &tfm->crt_flags; + + if (!(memcmp(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) && + memcmp(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2], + DES_KEY_SIZE))) { + + *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED; + return -EINVAL; + } + for (i = 0; i < 3; i++, temp_key += DES_KEY_SIZE) { + ret = crypto_des_check_key(temp_key, DES_KEY_SIZE, flags); + if (ret < 0) + return ret; + } + memcpy(dctx->key, key, keylen); + dctx->ctrl = SEC_ALG_DES; //hw 3DES not working yet + dctx->key_len = keylen; + return 0; +} + +static void des3_192_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) +{ + struct ubicom32_des_ctx *uctx = crypto_tfm_ctx(tfm); + + hw_crypto_lock(); + hw_crypto_check(); + + des3_hw_ede_encrypt(uctx->key, dst, src); + + hw_crypto_unlock(); +} + +static void des3_192_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) +{ + struct ubicom32_des_ctx *uctx = crypto_tfm_ctx(tfm); + + hw_crypto_lock(); + hw_crypto_check(); + + des3_hw_ede_decrypt(uctx->key, dst, src); + + hw_crypto_unlock(); +} + +static struct crypto_alg des3_192_alg = { + .cra_name = "des3_ede", + .cra_driver_name = "des3_ede-ubicom32", + .cra_priority = CRYPTO_UBICOM32_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_CIPHER, + .cra_blocksize = DES3_192_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_des_ctx), + .cra_alignmask = CRYPTO_UBICOM32_ALIGNMENT - 1, + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(des3_192_alg.cra_list), + .cra_u = { + .cipher = { + .cia_min_keysize = DES3_192_KEY_SIZE, + .cia_max_keysize = DES3_192_KEY_SIZE, + .cia_setkey = des3_192_setkey, + .cia_encrypt = des3_192_encrypt, + .cia_decrypt = des3_192_decrypt, + } + } +}; + +static int ecb_des3_192_encrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, + struct scatterlist *src, unsigned int nbytes) +{ + return des_cipher(desc, dst, src, nbytes, SEC_CBC_NONE, DES3_EDE_ENCRYPT); +} + +static int ecb_des3_192_decrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, + struct scatterlist *src, unsigned int nbytes) +{ + return des_cipher(desc, dst, src, nbytes, SEC_CBC_NONE, DES3_EDE_DECRYPT); +} + +static struct crypto_alg ecb_des3_192_alg = { + .cra_name = "ecb(des3_ede)", + .cra_driver_name = "ecb-des3_ede-ubicom32", + .cra_priority = CRYPTO_UBICOM32_COMPOSITE_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, + .cra_blocksize = DES3_192_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_des_ctx), + .cra_alignmask = CRYPTO_UBICOM32_ALIGNMENT - 1, + .cra_type = &crypto_blkcipher_type, + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT( + ecb_des3_192_alg.cra_list), + .cra_u = { + .blkcipher = { + .min_keysize = DES3_192_KEY_SIZE, + .max_keysize = DES3_192_KEY_SIZE, + .setkey = des3_192_setkey, + .encrypt = ecb_des3_192_encrypt, + .decrypt = ecb_des3_192_decrypt, + } + } +}; + +static int cbc_des3_192_encrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, + struct scatterlist *src, unsigned int nbytes) +{ + return des_cipher(desc, dst, src, nbytes, SEC_CBC_SET, DES3_EDE_ENCRYPT); +} + +static int cbc_des3_192_decrypt(struct blkcipher_desc *desc, + struct scatterlist *dst, + struct scatterlist *src, unsigned int nbytes) +{ + return des_cipher(desc, dst, src, nbytes, SEC_CBC_SET, DES3_EDE_DECRYPT); +} + +static struct crypto_alg cbc_des3_192_alg = { + .cra_name = "cbc(des3_ede)", + .cra_driver_name = "cbc-des3_ede-ubicom32", + .cra_priority = CRYPTO_UBICOM32_COMPOSITE_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, + .cra_blocksize = DES3_192_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_des_ctx), + .cra_alignmask = CRYPTO_UBICOM32_ALIGNMENT - 1, + .cra_type = &crypto_blkcipher_type, + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT( + cbc_des3_192_alg.cra_list), + .cra_u = { + .blkcipher = { + .min_keysize = DES3_192_KEY_SIZE, + .max_keysize = DES3_192_KEY_SIZE, + .ivsize = DES3_192_BLOCK_SIZE, + .setkey = des3_192_setkey, + .encrypt = cbc_des3_192_encrypt, + .decrypt = cbc_des3_192_decrypt, + } + } +}; + +static int init(void) +{ + int ret = 0; + + hw_crypto_init(); + + ret = crypto_register_alg(&des_alg); + if (ret) + goto des_err; + ret = crypto_register_alg(&ecb_des_alg); + if (ret) + goto ecb_des_err; + ret = crypto_register_alg(&cbc_des_alg); + if (ret) + goto cbc_des_err; + + ret = crypto_register_alg(&des3_192_alg); + if (ret) + goto des3_192_err; + ret = crypto_register_alg(&ecb_des3_192_alg); + if (ret) + goto ecb_des3_192_err; + ret = crypto_register_alg(&cbc_des3_192_alg); + if (ret) + goto cbc_des3_192_err; + +out: + return ret; + +cbc_des3_192_err: + crypto_unregister_alg(&ecb_des3_192_alg); +ecb_des3_192_err: + crypto_unregister_alg(&des3_192_alg); +des3_192_err: + crypto_unregister_alg(&cbc_des_alg); +cbc_des_err: + crypto_unregister_alg(&ecb_des_alg); +ecb_des_err: + crypto_unregister_alg(&des_alg); +des_err: + goto out; +} + +static void __exit fini(void) +{ + crypto_unregister_alg(&cbc_des3_192_alg); + crypto_unregister_alg(&ecb_des3_192_alg); + crypto_unregister_alg(&des3_192_alg); + crypto_unregister_alg(&cbc_des_alg); + crypto_unregister_alg(&ecb_des_alg); + crypto_unregister_alg(&des_alg); +} + +module_init(init); +module_exit(fini); + +MODULE_ALIAS("des"); +MODULE_ALIAS("des3_ede"); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms"); diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32.c new file mode 100644 index 000000000..1f2b978ea --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32.c @@ -0,0 +1,200 @@ +/* + * arch/ubicom32/crypto/md5_ubicom32.c + * Ubicom32 implementation of the MD5 Secure Hash Algorithm + * + * (C) Copyright 2009, Ubicom, Inc. + * + * This file is part of the Ubicom32 Linux Kernel Port. + * + * The Ubicom32 Linux Kernel Port is free software: you can redistribute + * it and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, either version 2 of the + * License, or (at your option) any later version. + * + * The Ubicom32 Linux Kernel Port is distributed in the hope that it + * will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the Ubicom32 Linux Kernel Port. If not, + * see <http://www.gnu.org/licenses/>. + * + * Ubicom32 implementation derived from (with many thanks): + * arch/m68knommu + * arch/blackfin + * arch/parisc + */ +#include <linux/init.h> +#include <linux/module.h> +#include <linux/crypto.h> + +#include "crypto_ubicom32.h" + +#define MD5_DIGEST_SIZE 16 +#define MD5_BLOCK_SIZE 64 +#define MD5_HASH_WORDS 4 + +extern void _md5_ip5k_init_digest(u32_t *digest); +extern void _md5_ip5k_transform(u32_t *data_input); +extern void _md5_ip5k_get_digest(u32_t *digest); + +struct ubicom32_md5_ctx { + u64 count; /* message length */ + u32 state[MD5_HASH_WORDS]; + u8 buf[2 * MD5_BLOCK_SIZE]; +}; + +static void md5_init(struct crypto_tfm *tfm) +{ + struct ubicom32_md5_ctx *mctx = crypto_tfm_ctx(tfm); + mctx->state[0] = 0x01234567; + mctx->state[1] = 0x89abcdef; + mctx->state[2] = 0xfedcba98; + mctx->state[3] = 0x76543210; + + mctx->count = 0; +} + +static inline void _md5_process(u32 *digest, const u8 *data) +{ + _md5_ip5k_transform((u32 *)data); +} + +static void md5_update(struct crypto_tfm *tfm, const u8 *data, + unsigned int len) +{ + struct ubicom32_md5_ctx *mctx = crypto_tfm_ctx(tfm); + int index, clen; + + /* how much is already in the buffer? */ + index = mctx->count & 0x3f; + + mctx->count += len; + + if (index + len < MD5_BLOCK_SIZE) { + goto store_only; + } + + hw_crypto_lock(); + hw_crypto_check(); + + /* init digest set ctrl register too */ + _md5_ip5k_init_digest(mctx->state); + + if (unlikely(index == 0 && SEC_ALIGNED(data))) { +fast_process: + while (len >= MD5_BLOCK_SIZE) { + _md5_process(mctx->state, data); + data += MD5_BLOCK_SIZE; + len -= MD5_BLOCK_SIZE; + } + goto store; + } + + /* process one stored block */ + if (index) { + clen = MD5_BLOCK_SIZE - index; + memcpy(mctx->buf + index, data, clen); + _md5_process(mctx->state, mctx->buf); + data += clen; + len -= clen; + index = 0; + } + + if (likely(SEC_ALIGNED(data))) { + goto fast_process; + } + + /* process as many blocks as possible */ + while (len >= MD5_BLOCK_SIZE) { + memcpy(mctx->buf, data, MD5_BLOCK_SIZE); + _md5_process(mctx->state, mctx->buf); + data += MD5_BLOCK_SIZE; + len -= MD5_BLOCK_SIZE; + } + +store: + _md5_ip5k_get_digest(mctx->state); + hw_crypto_unlock(); + +store_only: + /* anything left? */ + if (len) + memcpy(mctx->buf + index , data, len); +} + +/* Add padding and return the message digest. */ +static void md5_final(struct crypto_tfm *tfm, u8 *out) +{ + struct ubicom32_md5_ctx *mctx = crypto_tfm_ctx(tfm); + u32 bits[2]; + unsigned int index, end; + + /* must perform manual padding */ + index = mctx->count & 0x3f; + end = (index < 56) ? MD5_BLOCK_SIZE : (2 * MD5_BLOCK_SIZE); + + /* start pad with 1 */ + mctx->buf[index] = 0x80; + + /* pad with zeros */ + index++; + memset(mctx->buf + index, 0x00, end - index - 8); + + /* append message length */ + bits[0] = mctx->count << 3; + bits[1] = mctx->count >> 29; + __cpu_to_le32s(bits); + __cpu_to_le32s(bits + 1); + + memcpy(mctx->buf + end - 8, &bits, sizeof(bits)); + + /* force to use the mctx->buf and ignore the partial buf */ + mctx->count = mctx->count & ~0x3f; + md5_update(tfm, mctx->buf, end); + + /* copy digest to out */ + memcpy(out, mctx->state, MD5_DIGEST_SIZE); + + /* wipe context */ + memset(mctx, 0, sizeof *mctx); +} + +static struct crypto_alg alg = { + .cra_name = "md5", + .cra_driver_name= "md5-ubicom32", + .cra_priority = CRYPTO_UBICOM32_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_DIGEST, + .cra_blocksize = MD5_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_md5_ctx), + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(alg.cra_list), + .cra_u = { + .digest = { + .dia_digestsize = MD5_DIGEST_SIZE, + .dia_init = md5_init, + .dia_update = md5_update, + .dia_final = md5_final, + } + } +}; + +static int __init init(void) +{ + hw_crypto_init(); + return crypto_register_alg(&alg); +} + +static void __exit fini(void) +{ + crypto_unregister_alg(&alg); +} + +module_init(init); +module_exit(fini); + +MODULE_ALIAS("md5"); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("MD5 Secure Hash Algorithm"); diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32_asm.S b/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32_asm.S new file mode 100644 index 000000000..963a3579a --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/md5_ubicom32_asm.S @@ -0,0 +1,234 @@ +/* + * arch/ubicom32/crypto/md5_ubicom32_asm.S + * MD5 (Message Digest 5) support for Ubicom32 v3 architecture + * + * (C) Copyright 2009, Ubicom, Inc. + * + * This file is part of the Ubicom32 Linux Kernel Port. + * + * The Ubicom32 Linux Kernel Port is free software: you can redistribute + * it and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, either version 2 of the + * License, or (at your option) any later version. + * + * The Ubicom32 Linux Kernel Port is distributed in the hope that it + * will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the Ubicom32 Linux Kernel Port. If not, + * see <http://www.gnu.org/licenses/>. + * + * Ubicom32 implementation derived from (with many thanks): + * arch/m68knommu + * arch/blackfin + * arch/parisc + */ + +#define __ASM__ +#include <asm/ip5000.h> + +#ifndef RP +#define RP A5 +#endif + +;***************************************************************************************** +; The function prototypes +;***************************************************************************************** +; void md5_ip5k_init(void) +; void md5_ip5k_transform(u32_t *data_input) +; void md5_get_digest(u32_t *digest) + +;***************************************************************************************** +; Inputs +;*****************************************************************************************; +; data_input is the pointer to the block of data over which the digest will be calculated. +; It should be word aligned. +; +; digest is the pointer to the block of data into which the digest (the output) will be written. +; It should be word aligned. +; + +;***************************************************************************************** +; Outputs +;***************************************************************************************** +; None + +;***************************************************************************************** +; An: Address Registers +;***************************************************************************************** +#define an_digest A3 +#define an_data_input A3 +#define an_security_block A4 + +;***************************************************************************************** +; Hash Constants +;***************************************************************************************** +#define HASH_MD5_IN0 0x01234567 +#define HASH_MD5_IN1 0x89abcdef +#define HASH_MD5_IN2 0xfedcba98 +#define HASH_MD5_IN3 0x76543210 + +#define HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION 2 +#define HASH_SECURITY_BLOCK_CONTROL_INIT_MD5 ((1 << 4) | HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION) + +;***************************************************************************************** +; Hash related defines +;***************************************************************************************** +#define hash_control 0x00(an_security_block) +#define hash_control_low 0x02(an_security_block) +#define hash_status 0x04(an_security_block) + +#define hash_input_0 0x30(an_security_block) +#define hash_input_1 0x34(an_security_block) +#define hash_input_2 0x38(an_security_block) +#define hash_input_3 0x3c(an_security_block) +#define hash_input_4 0x40(an_security_block) + +#define hash_output_0 0x70(an_security_block) +#define hash_output_0_low 0x72(an_security_block) +#define hash_output_1 0x74(an_security_block) +#define hash_output_1_low 0x76(an_security_block) +#define hash_output_2 0x78(an_security_block) +#define hash_output_2_low 0x7a(an_security_block) +#define hash_output_3 0x7c(an_security_block) +#define hash_output_3_low 0x7e(an_security_block) + +;***************************************************************************************** +; Assembly macros +;***************************************************************************************** + ; C compiler reserves RP (A5) for return address during subroutine call. + ; Use RP to return to caller +.macro call_return_macro + calli RP, 0(RP) +.endm + +#if 0 +;***************************************************************************************** +; void md5_ip5k_init(void) +; initialize the output registers of the hash module +; + ;.section .text.md5_ip5k_init,"ax",@progbits + .section .text + .global _md5_ip5k_init + .func md5_ip5k_init, _md5_ip5k_init + +_md5_ip5k_init: + moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS + + movei hash_control, #%hi(HASH_SECURITY_BLOCK_CONTROL_INIT_MD5) + movei hash_control_low, #%lo(HASH_SECURITY_BLOCK_CONTROL_INIT_MD5) + + movei hash_output_0, #%hi(HASH_MD5_IN0) + movei hash_output_0_low, #%lo(HASH_MD5_IN0) + + movei hash_output_1, #%hi(HASH_MD5_IN1) + movei hash_output_1_low, #%lo(HASH_MD5_IN1) + + movei hash_output_2, #%hi(HASH_MD5_IN2) + movei hash_output_2_low, #%lo(HASH_MD5_IN2) + + movei hash_output_3, #%hi(HASH_MD5_IN3) + movei hash_output_3_low, #%lo(HASH_MD5_IN3) + + call_return_macro + .endfunc +#endif + +;***************************************************************************************** +; void md5_ip5k_init_digest(u32_t *hash_input) +; initialize the output registers of the hash module + + ;.section .text.md5_ip5k_init_digest,"ax",@progbits + .section .text + .global _md5_ip5k_init_digest + .func md5_ip5k_init_digest, _md5_ip5k_init_digest + +_md5_ip5k_init_digest: + movea an_data_input, D0 + + moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS + + movei hash_control, #%hi(HASH_SECURITY_BLOCK_CONTROL_INIT_MD5) + movei hash_control_low, #%lo(HASH_SECURITY_BLOCK_CONTROL_INIT_MD5) + + move.4 hash_output_0, (an_data_input)4++ + move.4 hash_output_1, (an_data_input)4++ + move.4 hash_output_2, (an_data_input)4++ + move.4 hash_output_3, (an_data_input)4++ + + call_return_macro + .endfunc + +;***************************************************************************************** +; void md5_ip5k_transform(u32_t *data_input) +; performs intermediate transformation step for the hash calculation +; + ;.sect .text.md5_ip5k_transform,"ax",@progbits + .section .text + .global _md5_ip5k_transform + .func md5_ip5k_transform, _md5_ip5k_transform + +_md5_ip5k_transform: + movea an_data_input, D0 + + moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS + + ; Write the first 128bits (16 bytes) + move.4 hash_input_0, (an_data_input)4++ + move.4 hash_input_1, (an_data_input)4++ + move.4 hash_input_2, (an_data_input)4++ + move.4 hash_input_3, (an_data_input)4++ + move.4 hash_input_4, D0 + + move.4 hash_input_0, (an_data_input)4++ + move.4 hash_input_1, (an_data_input)4++ + move.4 hash_input_2, (an_data_input)4++ + move.4 hash_input_3, (an_data_input)4++ + move.4 hash_input_4, D0 + + move.4 hash_input_0, (an_data_input)4++ + move.4 hash_input_1, (an_data_input)4++ + move.4 hash_input_2, (an_data_input)4++ + move.4 hash_input_3, (an_data_input)4++ + move.4 hash_input_4, D0 + + move.4 hash_input_0, (an_data_input)4++ + move.4 hash_input_1, (an_data_input)4++ + move.4 hash_input_2, (an_data_input)4++ + move.4 hash_input_3, (an_data_input)4++ + move.4 hash_input_4, D0 + + pipe_flush 0 + +md5_ip5k_transform_wait: + ; wait for the module to calculate the output hash + btst hash_status, #0 + jmpne.f md5_ip5k_transform_wait + + call_return_macro + .endfunc + +;***************************************************************************************** +; void md5_ip5k_get_digest(u32_t *digest) +; Return the hash of the input data +; + ;.sect .text.md5_get_digest,"ax",@progbits + .section .text + .global _md5_ip5k_get_digest + .func md5_ip5k_get_digest, _md5_ip5k_get_digest + +_md5_ip5k_get_digest: + movea an_digest, D0 + + moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS + + ; we have finished + move.4 0(an_digest), hash_output_0 + move.4 4(an_digest), hash_output_1 + move.4 8(an_digest), hash_output_2 + move.4 12(an_digest), hash_output_3 + + call_return_macro + .endfunc diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c new file mode 100644 index 000000000..2d0c870eb --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c @@ -0,0 +1,354 @@ +/* + * arch/ubicom32/crypto/sha1_ubicom32.c + * Ubicom32 implementation of the SHA1 Secure Hash Algorithm. + * + * (C) Copyright 2009, Ubicom, Inc. + * + * This file is part of the Ubicom32 Linux Kernel Port. + * + * The Ubicom32 Linux Kernel Port is free software: you can redistribute + * it and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, either version 2 of the + * License, or (at your option) any later version. + * + * The Ubicom32 Linux Kernel Port is distributed in the hope that it + * will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the Ubicom32 Linux Kernel Port. If not, + * see <http://www.gnu.org/licenses/>. + * + * Ubicom32 implementation derived from (with many thanks): + * arch/m68knommu + * arch/blackfin + * arch/parisc + */ +#include <linux/init.h> +#include <linux/module.h> +#include <linux/crypto.h> +#include <crypto/sha.h> +#include <asm/linkage.h> + +#include "crypto_ubicom32.h" +#define HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION 2 +#define HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1 ((1 << 5) | HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION) + +struct ubicom32_sha1_ctx { + u64 count; /* message length */ + u32 state[5]; + u8 buf[2 * SHA1_BLOCK_SIZE]; +}; + +static inline void sha1_clear_2ws(u8 *buf, int wc) +{ + asm volatile ( + "1: move.4 (%0)4++, #0 \n\t" + " move.4 (%0)4++, #0 \n\t" + " sub.4 %1, #2, %1 \n\t" + " jmple.f 1b \n\t" + : + : "a" (buf), "d" (wc) + : "cc" + ); +} + +/* only wipe out count, state, and 1st half of buf - 9 bytes at most */ +#define sha1_wipe_out(sctx) sha1_clear_2ws((u8 *)sctx, 2 + 5 + 16 - 2) + +static inline void sha1_init_digest(u32 *digest) +{ + hw_crypto_set_ctrl(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1); + asm volatile ( + " ; move digests to hash_output regs \n\t" + " move.4 0x70(%0), 0x0(%1) \n\t" + " move.4 0x74(%0), 0x4(%1) \n\t" + " move.4 0x78(%0), 0x8(%1) \n\t" + " move.4 0x7c(%0), 0xc(%1) \n\t" + " move.4 0x80(%0), 0x10(%1) \n\t" + : + : "a" (SEC_BASE), "a" (digest) + ); +} + +static inline void sha1_transform_feed(const u8 *in) +{ + asm volatile ( + " ; write the 1st 16 bytes \n\t" + " move.4 0x30(%0), 0x0(%1) \n\t" + " move.4 0x34(%0), 0x4(%1) \n\t" + " move.4 0x38(%0), 0x8(%1) \n\t" + " move.4 0x3c(%0), 0xc(%1) \n\t" + " move.4 0x40(%0), %1 \n\t" + " ; write the 2nd 16 bytes \n\t" + " move.4 0x30(%0), 0x10(%1) \n\t" + " move.4 0x34(%0), 0x14(%1) \n\t" + " move.4 0x38(%0), 0x18(%1) \n\t" + " move.4 0x3c(%0), 0x1c(%1) \n\t" + " move.4 0x40(%0), %1 \n\t" + " ; write the 3rd 16 bytes \n\t" + " move.4 0x30(%0), 0x20(%1) \n\t" + " move.4 0x34(%0), 0x24(%1) \n\t" + " move.4 0x38(%0), 0x28(%1) \n\t" + " move.4 0x3c(%0), 0x2c(%1) \n\t" + " move.4 0x40(%0), %1 \n\t" + " ; write the 4th 16 bytes \n\t" + " move.4 0x30(%0), 0x30(%1) \n\t" + " move.4 0x34(%0), 0x34(%1) \n\t" + " move.4 0x38(%0), 0x38(%1) \n\t" + " move.4 0x3c(%0), 0x3c(%1) \n\t" + " move.4 0x40(%0), %1 \n\t" + " pipe_flush 0 \n\t" + : + : "a"(SEC_BASE), "a"(in) + ); +} + +static inline void sha1_transform_wait(void) +{ + asm volatile ( + " btst 0x04(%0), #0 \n\t" + " jmpne.f -4 \n\t" + : + : "a"(SEC_BASE) + : "cc" + ); +} + +static inline void sha1_output_digest(u32 *digest) +{ + asm volatile ( + " move.4 0x0(%1), 0x70(%0) \n\t" + " move.4 0x4(%1), 0x74(%0) \n\t" + " move.4 0x8(%1), 0x78(%0) \n\t" + " move.4 0xc(%1), 0x7c(%0) \n\t" + " move.4 0x10(%1), 0x80(%0) \n\t" + : + : "a" (SEC_BASE), "a" (digest) + ); +} + +static __ocm_text void sha1_init(struct crypto_tfm *tfm) +{ + struct ubicom32_sha1_ctx *sctx = crypto_tfm_ctx(tfm); + + sctx->state[0] = SHA1_H0; + sctx->state[1] = SHA1_H1; + sctx->state[2] = SHA1_H2; + sctx->state[3] = SHA1_H3; + sctx->state[4] = SHA1_H4; + sctx->count = 0; +} + +static void __ocm_text sha1_update(struct crypto_tfm *tfm, const u8 *data, + unsigned int len) +{ + struct ubicom32_sha1_ctx *sctx = crypto_tfm_ctx(tfm); + int index, clen; + + /* how much is already in the buffer? */ + index = sctx->count & 0x3f; + + sctx->count += len; + + if (index + len < SHA1_BLOCK_SIZE) { + goto store_only; + } + + hw_crypto_lock(); + hw_crypto_check(); + + /* init digest set ctrl register too */ + sha1_init_digest(sctx->state); + + if (unlikely(index == 0 && SEC_ALIGNED(data))) { +fast_process: +#if CRYPTO_UBICOM32_LOOP_ASM + if (likely(len >= SHA1_BLOCK_SIZE)) { + register unsigned int cnt = len >> 6; // loop = len / 64; + sha1_transform_feed(data); + data += SHA1_BLOCK_SIZE; + + /* cnt is pre-decremented in the loop */ + asm volatile ( + "; while (--loop): work on 2nd block \n\t" + "1: add.4 %2, #-1, %2 \n\t" + " jmpeq.f 5f \n\t" + " \n\t" + " ; write the 1st 16 bytes \n\t" + " move.4 0x30(%1), (%0)4++ \n\t" + " move.4 0x34(%1), (%0)4++ \n\t" + " move.4 0x38(%1), (%0)4++ \n\t" + " move.4 0x3c(%1), (%0)4++ \n\t" + " ; can not kick off hw before it \n\t" + " ; is done with the prev block \n\t" + " \n\t" + " btst 0x04(%1), #0 \n\t" + " jmpne.f -4 \n\t" + " \n\t" + " ; tell hw to load 1st 16 bytes \n\t" + " move.4 0x40(%1), %2 \n\t" + " \n\t" + " ; write the 2nd 16 bytes \n\t" + " move.4 0x30(%1), (%0)4++ \n\t" + " move.4 0x34(%1), (%0)4++ \n\t" + " move.4 0x38(%1), (%0)4++ \n\t" + " move.4 0x3c(%1), (%0)4++ \n\t" + " move.4 0x40(%1), %2 \n\t" + " \n\t" + " ; write the 3rd 16 bytes \n\t" + " move.4 0x30(%1), (%0)4++ \n\t" + " move.4 0x34(%1), (%0)4++ \n\t" + " move.4 0x38(%1), (%0)4++ \n\t" + " move.4 0x3c(%1), (%0)4++ \n\t" + " move.4 0x40(%1), %2 \n\t" + " \n\t" + " ; write the 4th 16 bytes \n\t" + " move.4 0x30(%1), (%0)4++ \n\t" + " move.4 0x34(%1), (%0)4++ \n\t" + " move.4 0x38(%1), (%0)4++ \n\t" + " move.4 0x3c(%1), (%0)4++ \n\t" + " move.4 0x40(%1), %2 \n\t" + " \n\t" + "; no need flush, enough insts \n\t" + "; before next hw wait \n\t" + " \n\t" + "; go back to loop \n\t" + " jmpt 1b \n\t" + " \n\t" + "; wait hw for last block \n\t" + "5: btst 0x04(%1), #0 \n\t" + " jmpne.f -4 \n\t" + " \n\t" + : "+a" (data) + : "a"( SEC_BASE), "d" (cnt) + : "cc" + ); + + len = len & (64 - 1); + } +#else + while (likely(len >= SHA1_BLOCK_SIZE)) { + sha1_transform_feed(data); + data += SHA1_BLOCK_SIZE; + len -= SHA1_BLOCK_SIZE; + sha1_transform_wait(); + } +#endif + goto store; + } + + /* process one stored block */ + if (index) { + clen = SHA1_BLOCK_SIZE - index; + memcpy(sctx->buf + index, data, clen); + sha1_transform_feed(sctx->buf); + data += clen; + len -= clen; + index = 0; + sha1_transform_wait(); + } + + if (likely(SEC_ALIGNED(data))) { + goto fast_process; + } + + /* process as many blocks as possible */ + if (likely(len >= SHA1_BLOCK_SIZE)) { + memcpy(sctx->buf, data, SHA1_BLOCK_SIZE); + do { + sha1_transform_feed(sctx->buf); + data += SHA1_BLOCK_SIZE; + len -= SHA1_BLOCK_SIZE; + if (likely(len >= SHA1_BLOCK_SIZE)) { + memcpy(sctx->buf, data, SHA1_BLOCK_SIZE); + sha1_transform_wait(); + continue; + } + /* it is the last block */ + sha1_transform_wait(); + break; + } while (1); + } + +store: + sha1_output_digest(sctx->state); + hw_crypto_unlock(); + +store_only: + /* anything left? */ + if (len) + memcpy(sctx->buf + index , data, len); +} + +/* Add padding and return the message digest. */ +static void __ocm_text sha1_final(struct crypto_tfm *tfm, u8 *out) +{ + struct ubicom32_sha1_ctx *sctx = crypto_tfm_ctx(tfm); + u64 bits; + unsigned int index, end; + + /* must perform manual padding */ + index = sctx->count & 0x3f; + end = (index < 56) ? SHA1_BLOCK_SIZE : (2 * SHA1_BLOCK_SIZE); + + /* start pad with 1 */ + sctx->buf[index] = 0x80; + + /* pad with zeros */ + index++; + memset(sctx->buf + index, 0x00, end - index - 8); + + /* append message length */ + bits = sctx->count << 3 ; + SEC_COPY_2W(sctx->buf + end - 8, &bits); + + /* force to use the sctx->buf and ignore the partial buf */ + sctx->count = sctx->count & ~0x3f; + sha1_update(tfm, sctx->buf, end); + + /* copy digest to out */ + SEC_COPY_5W(out, sctx->state); + + /* wipe context */ + sha1_wipe_out(sctx); +} + +static struct crypto_alg alg = { + .cra_name = "sha1", + .cra_driver_name= "sha1-ubicom32", + .cra_priority = CRYPTO_UBICOM32_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_DIGEST, + .cra_blocksize = SHA1_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct ubicom32_sha1_ctx), + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(alg.cra_list), + .cra_u = { + .digest = { + .dia_digestsize = SHA1_DIGEST_SIZE, + .dia_init = sha1_init, + .dia_update = sha1_update, + .dia_final = sha1_final, + } + } +}; + +static int __init init(void) +{ + hw_crypto_init(); + return crypto_register_alg(&alg); +} + +static void __exit fini(void) +{ + crypto_unregister_alg(&alg); +} + +module_init(init); +module_exit(fini); + +MODULE_ALIAS("sha1"); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32_asm.S b/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32_asm.S new file mode 100644 index 000000000..f610b7e9f --- /dev/null +++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32_asm.S @@ -0,0 +1,244 @@ +/* + * arch/ubicom32/crypto/sha1_ubicom32_asm.S + * SHA1 hash support for Ubicom32 architecture V3. + * + * (C) Copyright 2009, Ubicom, Inc. + * + * This file is part of the Ubicom32 Linux Kernel Port. + * + * The Ubicom32 Linux Kernel Port is free software: you can redistribute + * it and/or modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation, either version 2 of the + * License, or (at your option) any later version. + * + * The Ubicom32 Linux Kernel Port is distributed in the hope that it + * will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See + * the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with the Ubicom32 Linux Kernel Port. If not, + * see <http://www.gnu.org/licenses/>. + * + * Ubicom32 implementation derived from (with many thanks): + * arch/m68knommu + * arch/blackfin + * arch/parisc + */ + +#define __ASM__ +#include <asm/ip5000.h> + +#ifndef RP +#define RP A5 +#endif + +;***************************************************************************************** +; The function prototype +;***************************************************************************************** +; void sha1_ip5k_init(void) +; void sha1_ip5k_transform(u32_t *data_input) +; void sha1_ip5k_output(u32_t *digest) + +;***************************************************************************************** +; Inputs +;***************************************************************************************** +; data_input is the pointer to the block of data over which the digest will be calculated. +; It should be word aligned. +; +; digest is the pointer to the block of data into which the digest (the output) will be written. +; It should be word aligned. +; + +;***************************************************************************************** +; Outputs +;***************************************************************************************** +; None + +;***************************************************************************************** +; Hash Constants +;***************************************************************************************** +#define HASH_SHA1_IN0 0x67452301 +#define HASH_SHA1_IN1 0xefcdab89 +#define HASH_SHA1_IN2 0x98badcfe +#define HASH_SHA1_IN3 0x10325476 +#define HASH_SHA1_IN4 0xc3d2e1f0 + +#define HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION 2 +#define HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1 ((1 << 5) | HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION) + +;***************************************************************************************** +; An: Address Registers +;***************************************************************************************** +#define an_digest a4 +#define an_data_input a4 +#define an_security_block a3 + +;***************************************************************************************** +; Hash related defines +;***************************************************************************************** +#define hash_control 0x00(an_security_block) +#define hash_control_low 0x02(an_security_block) +#define hash_status 0x04(an_security_block) + +#define hash_input_0 0x30(an_security_block) +#define hash_input_1 0x34(an_security_block) +#define hash_input_2 0x38(an_security_block) +#define hash_input_3 0x3c(an_security_block) +#define hash_input_4 0x40(an_security_block) + +#define hash_output_0 0x70(an_security_block) +#define hash_output_0_low 0x72(an_security_block) +#define hash_output_1 0x74(an_security_block) +#define hash_output_1_low 0x76(an_security_block) +#define hash_output_2 0x78(an_security_block) +#define hash_output_2_low 0x7a(an_security_block) +#define hash_output_3 0x7c(an_security_block) +#define hash_output_3_low 0x7e(an_security_block) +#define hash_output_4 0x80(an_security_block) +#define hash_output_4_low 0x82(an_security_block) + +;***************************************************************************************** +; Assembly macros +;***************************************************************************************** + ; C compiler reserves RP (A5) for return address during subroutine call. + ; Use RP to return to caller +.macro call_return_macro + calli RP, 0(RP) +.endm + +;***************************************************************************************** +; void sha1_ip5k_init(void) +; initialize the output registers of the hash module + + ;.section .text.sha1_ip5k_init,"ax",@progbits + .section .ocm_text,"ax",@progbits + .global _sha1_ip5k_init + .func sha1_ip5k_init, _sha1_ip5k_init + +_sha1_ip5k_init: + moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS + + movei hash_control, #%hi(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1) + movei hash_control_low, #%lo(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1) + + movei hash_output_0, #%hi(HASH_SHA1_IN0) + movei hash_output_0_low, #%lo(HASH_SHA1_IN0) + + movei hash_output_1, #%hi(HASH_SHA1_IN1) + movei hash_output_1_low, #%lo(HASH_SHA1_IN1) + + movei hash_output_2, #%hi(HASH_SHA1_IN2) + movei hash_output_2_low, #%lo(HASH_SHA1_IN2) + + movei hash_output_3, #%hi(HASH_SHA1_IN3) + movei hash_output_3_low, #%lo(HASH_SHA1_IN3) + + movei hash_output_4, #%hi(HASH_SHA1_IN4) + movei hash_output_4_low, #%lo(HASH_SHA1_IN4) + + call_return_macro + .endfunc + +;***************************************************************************************** +; void sha1_ip5k_init_digest(u32_t *hash_input) +; initialize the output registers of the hash module + + ;.section .text.sha1_ip5k_init_digest,"ax",@progbits + .section .ocm_text,"ax",@progbits + .global _sha1_ip5k_init_digest + .func sha1_ip5k_init_digest, _sha1_ip5k_init_digest + +_sha1_ip5k_init_digest: + movea an_data_input, D0 + + moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS + + movei hash_control, #%hi(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1) + movei hash_control_low, #%lo(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1) + + move.4 hash_output_0, (an_data_input)4++ + move.4 hash_output_1, (an_data_input)4++ + move.4 hash_output_2, (an_data_input)4++ + move.4 hash_output_3, (an_data_input)4++ + move.4 hash_output_4, (an_data_input)4++ + + call_return_macro + .endfunc + +;***************************************************************************************** +; void sha1_ip5k_transform(u32_t *data_input) +; performs intermediate transformation step for the hash calculation + + ;.section .text.sha1_ip5k_transform,"ax",@progbits + .section .ocm_text,"ax",@progbits + .global _sha1_ip5k_transform + .func sha1_ip5k_transform, _sha1_ip5k_transform + +_sha1_ip5k_transform: + movea an_data_input, D0 + + moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS + + ; Write the first 128bits (16 bytes) + move.4 hash_input_0, (an_data_input)4++ + move.4 hash_input_1, (an_data_input)4++ + move.4 hash_input_2, (an_data_input)4++ + move.4 hash_input_3, (an_data_input)4++ + move.4 hash_input_4, D0 + + move.4 hash_input_0, (an_data_input)4++ + move.4 hash_input_1, (an_data_input)4++ + move.4 hash_input_2, (an_data_input)4++ + move.4 hash_input_3, (an_data_input)4++ + move.4 hash_input_4, D0 + + move.4 hash_input_0, (an_data_input)4++ + move.4 hash_input_1, (an_data_input)4++ + move.4 hash_input_2, (an_data_input)4++ + move.4 hash_input_3, (an_data_input)4++ + move.4 hash_input_4, D0 + + move.4 hash_input_0, (an_data_input)4++ + move.4 hash_input_1, (an_data_input)4++ + move.4 hash_input_2, (an_data_input)4++ + move.4 hash_input_3, (an_data_input)4++ + move.4 hash_input_4, D0 + + pipe_flush 0 + +sha1_ip5k_transform_wait: + ; wait for the module to calculate the output hash + btst hash_status, #0 + jmpne.f sha1_ip5k_transform_wait + + call_return_macro + .endfunc + +;***************************************************************************************** +; void sha1_ip5k_output(u32_t *digest) +; Return the hash of the input data + + ;.section .text.sha1_ip5k_output,"ax",@progbits + .section .ocm_text,"ax",@progbits + .global _sha1_ip5k_output + .func sha1_ip5k_output, _sha1_ip5k_output + +_sha1_ip5k_output: + movea an_digest, D0 + + moveai an_security_block, #SECURITY_BASE_EFFECTIVE_ADDRESS + + ; we have finished + move.4 0(an_digest), hash_output_0 + move.4 4(an_digest), hash_output_1 + move.4 8(an_digest), hash_output_2 + move.4 12(an_digest), hash_output_3 + move.4 16(an_digest), hash_output_4 + + call_return_macro + .endfunc + +;***************************************************************************************** +;END ;End of program code +;***************************************************************************************** |