aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c
diff options
context:
space:
mode:
Diffstat (limited to 'target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c')
-rw-r--r--target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c354
1 files changed, 354 insertions, 0 deletions
diff --git a/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c b/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c
new file mode 100644
index 000000000..2d0c870eb
--- /dev/null
+++ b/target/linux/ubicom32/files/arch/ubicom32/crypto/sha1_ubicom32.c
@@ -0,0 +1,354 @@
+/*
+ * arch/ubicom32/crypto/sha1_ubicom32.c
+ * Ubicom32 implementation of the SHA1 Secure Hash Algorithm.
+ *
+ * (C) Copyright 2009, Ubicom, Inc.
+ *
+ * This file is part of the Ubicom32 Linux Kernel Port.
+ *
+ * The Ubicom32 Linux Kernel Port is free software: you can redistribute
+ * it and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * The Ubicom32 Linux Kernel Port is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the Ubicom32 Linux Kernel Port. If not,
+ * see <http://www.gnu.org/licenses/>.
+ *
+ * Ubicom32 implementation derived from (with many thanks):
+ * arch/m68knommu
+ * arch/blackfin
+ * arch/parisc
+ */
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/crypto.h>
+#include <crypto/sha.h>
+#include <asm/linkage.h>
+
+#include "crypto_ubicom32.h"
+#define HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION 2
+#define HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1 ((1 << 5) | HASH_SECURITY_BLOCK_CONTROL_INIT_NO_ENCYPTION)
+
+struct ubicom32_sha1_ctx {
+ u64 count; /* message length */
+ u32 state[5];
+ u8 buf[2 * SHA1_BLOCK_SIZE];
+};
+
+static inline void sha1_clear_2ws(u8 *buf, int wc)
+{
+ asm volatile (
+ "1: move.4 (%0)4++, #0 \n\t"
+ " move.4 (%0)4++, #0 \n\t"
+ " sub.4 %1, #2, %1 \n\t"
+ " jmple.f 1b \n\t"
+ :
+ : "a" (buf), "d" (wc)
+ : "cc"
+ );
+}
+
+/* only wipe out count, state, and 1st half of buf - 9 bytes at most */
+#define sha1_wipe_out(sctx) sha1_clear_2ws((u8 *)sctx, 2 + 5 + 16 - 2)
+
+static inline void sha1_init_digest(u32 *digest)
+{
+ hw_crypto_set_ctrl(HASH_SECURITY_BLOCK_CONTROL_INIT_SHA1);
+ asm volatile (
+ " ; move digests to hash_output regs \n\t"
+ " move.4 0x70(%0), 0x0(%1) \n\t"
+ " move.4 0x74(%0), 0x4(%1) \n\t"
+ " move.4 0x78(%0), 0x8(%1) \n\t"
+ " move.4 0x7c(%0), 0xc(%1) \n\t"
+ " move.4 0x80(%0), 0x10(%1) \n\t"
+ :
+ : "a" (SEC_BASE), "a" (digest)
+ );
+}
+
+static inline void sha1_transform_feed(const u8 *in)
+{
+ asm volatile (
+ " ; write the 1st 16 bytes \n\t"
+ " move.4 0x30(%0), 0x0(%1) \n\t"
+ " move.4 0x34(%0), 0x4(%1) \n\t"
+ " move.4 0x38(%0), 0x8(%1) \n\t"
+ " move.4 0x3c(%0), 0xc(%1) \n\t"
+ " move.4 0x40(%0), %1 \n\t"
+ " ; write the 2nd 16 bytes \n\t"
+ " move.4 0x30(%0), 0x10(%1) \n\t"
+ " move.4 0x34(%0), 0x14(%1) \n\t"
+ " move.4 0x38(%0), 0x18(%1) \n\t"
+ " move.4 0x3c(%0), 0x1c(%1) \n\t"
+ " move.4 0x40(%0), %1 \n\t"
+ " ; write the 3rd 16 bytes \n\t"
+ " move.4 0x30(%0), 0x20(%1) \n\t"
+ " move.4 0x34(%0), 0x24(%1) \n\t"
+ " move.4 0x38(%0), 0x28(%1) \n\t"
+ " move.4 0x3c(%0), 0x2c(%1) \n\t"
+ " move.4 0x40(%0), %1 \n\t"
+ " ; write the 4th 16 bytes \n\t"
+ " move.4 0x30(%0), 0x30(%1) \n\t"
+ " move.4 0x34(%0), 0x34(%1) \n\t"
+ " move.4 0x38(%0), 0x38(%1) \n\t"
+ " move.4 0x3c(%0), 0x3c(%1) \n\t"
+ " move.4 0x40(%0), %1 \n\t"
+ " pipe_flush 0 \n\t"
+ :
+ : "a"(SEC_BASE), "a"(in)
+ );
+}
+
+static inline void sha1_transform_wait(void)
+{
+ asm volatile (
+ " btst 0x04(%0), #0 \n\t"
+ " jmpne.f -4 \n\t"
+ :
+ : "a"(SEC_BASE)
+ : "cc"
+ );
+}
+
+static inline void sha1_output_digest(u32 *digest)
+{
+ asm volatile (
+ " move.4 0x0(%1), 0x70(%0) \n\t"
+ " move.4 0x4(%1), 0x74(%0) \n\t"
+ " move.4 0x8(%1), 0x78(%0) \n\t"
+ " move.4 0xc(%1), 0x7c(%0) \n\t"
+ " move.4 0x10(%1), 0x80(%0) \n\t"
+ :
+ : "a" (SEC_BASE), "a" (digest)
+ );
+}
+
+static __ocm_text void sha1_init(struct crypto_tfm *tfm)
+{
+ struct ubicom32_sha1_ctx *sctx = crypto_tfm_ctx(tfm);
+
+ sctx->state[0] = SHA1_H0;
+ sctx->state[1] = SHA1_H1;
+ sctx->state[2] = SHA1_H2;
+ sctx->state[3] = SHA1_H3;
+ sctx->state[4] = SHA1_H4;
+ sctx->count = 0;
+}
+
+static void __ocm_text sha1_update(struct crypto_tfm *tfm, const u8 *data,
+ unsigned int len)
+{
+ struct ubicom32_sha1_ctx *sctx = crypto_tfm_ctx(tfm);
+ int index, clen;
+
+ /* how much is already in the buffer? */
+ index = sctx->count & 0x3f;
+
+ sctx->count += len;
+
+ if (index + len < SHA1_BLOCK_SIZE) {
+ goto store_only;
+ }
+
+ hw_crypto_lock();
+ hw_crypto_check();
+
+ /* init digest set ctrl register too */
+ sha1_init_digest(sctx->state);
+
+ if (unlikely(index == 0 && SEC_ALIGNED(data))) {
+fast_process:
+#if CRYPTO_UBICOM32_LOOP_ASM
+ if (likely(len >= SHA1_BLOCK_SIZE)) {
+ register unsigned int cnt = len >> 6; // loop = len / 64;
+ sha1_transform_feed(data);
+ data += SHA1_BLOCK_SIZE;
+
+ /* cnt is pre-decremented in the loop */
+ asm volatile (
+ "; while (--loop): work on 2nd block \n\t"
+ "1: add.4 %2, #-1, %2 \n\t"
+ " jmpeq.f 5f \n\t"
+ " \n\t"
+ " ; write the 1st 16 bytes \n\t"
+ " move.4 0x30(%1), (%0)4++ \n\t"
+ " move.4 0x34(%1), (%0)4++ \n\t"
+ " move.4 0x38(%1), (%0)4++ \n\t"
+ " move.4 0x3c(%1), (%0)4++ \n\t"
+ " ; can not kick off hw before it \n\t"
+ " ; is done with the prev block \n\t"
+ " \n\t"
+ " btst 0x04(%1), #0 \n\t"
+ " jmpne.f -4 \n\t"
+ " \n\t"
+ " ; tell hw to load 1st 16 bytes \n\t"
+ " move.4 0x40(%1), %2 \n\t"
+ " \n\t"
+ " ; write the 2nd 16 bytes \n\t"
+ " move.4 0x30(%1), (%0)4++ \n\t"
+ " move.4 0x34(%1), (%0)4++ \n\t"
+ " move.4 0x38(%1), (%0)4++ \n\t"
+ " move.4 0x3c(%1), (%0)4++ \n\t"
+ " move.4 0x40(%1), %2 \n\t"
+ " \n\t"
+ " ; write the 3rd 16 bytes \n\t"
+ " move.4 0x30(%1), (%0)4++ \n\t"
+ " move.4 0x34(%1), (%0)4++ \n\t"
+ " move.4 0x38(%1), (%0)4++ \n\t"
+ " move.4 0x3c(%1), (%0)4++ \n\t"
+ " move.4 0x40(%1), %2 \n\t"
+ " \n\t"
+ " ; write the 4th 16 bytes \n\t"
+ " move.4 0x30(%1), (%0)4++ \n\t"
+ " move.4 0x34(%1), (%0)4++ \n\t"
+ " move.4 0x38(%1), (%0)4++ \n\t"
+ " move.4 0x3c(%1), (%0)4++ \n\t"
+ " move.4 0x40(%1), %2 \n\t"
+ " \n\t"
+ "; no need flush, enough insts \n\t"
+ "; before next hw wait \n\t"
+ " \n\t"
+ "; go back to loop \n\t"
+ " jmpt 1b \n\t"
+ " \n\t"
+ "; wait hw for last block \n\t"
+ "5: btst 0x04(%1), #0 \n\t"
+ " jmpne.f -4 \n\t"
+ " \n\t"
+ : "+a" (data)
+ : "a"( SEC_BASE), "d" (cnt)
+ : "cc"
+ );
+
+ len = len & (64 - 1);
+ }
+#else
+ while (likely(len >= SHA1_BLOCK_SIZE)) {
+ sha1_transform_feed(data);
+ data += SHA1_BLOCK_SIZE;
+ len -= SHA1_BLOCK_SIZE;
+ sha1_transform_wait();
+ }
+#endif
+ goto store;
+ }
+
+ /* process one stored block */
+ if (index) {
+ clen = SHA1_BLOCK_SIZE - index;
+ memcpy(sctx->buf + index, data, clen);
+ sha1_transform_feed(sctx->buf);
+ data += clen;
+ len -= clen;
+ index = 0;
+ sha1_transform_wait();
+ }
+
+ if (likely(SEC_ALIGNED(data))) {
+ goto fast_process;
+ }
+
+ /* process as many blocks as possible */
+ if (likely(len >= SHA1_BLOCK_SIZE)) {
+ memcpy(sctx->buf, data, SHA1_BLOCK_SIZE);
+ do {
+ sha1_transform_feed(sctx->buf);
+ data += SHA1_BLOCK_SIZE;
+ len -= SHA1_BLOCK_SIZE;
+ if (likely(len >= SHA1_BLOCK_SIZE)) {
+ memcpy(sctx->buf, data, SHA1_BLOCK_SIZE);
+ sha1_transform_wait();
+ continue;
+ }
+ /* it is the last block */
+ sha1_transform_wait();
+ break;
+ } while (1);
+ }
+
+store:
+ sha1_output_digest(sctx->state);
+ hw_crypto_unlock();
+
+store_only:
+ /* anything left? */
+ if (len)
+ memcpy(sctx->buf + index , data, len);
+}
+
+/* Add padding and return the message digest. */
+static void __ocm_text sha1_final(struct crypto_tfm *tfm, u8 *out)
+{
+ struct ubicom32_sha1_ctx *sctx = crypto_tfm_ctx(tfm);
+ u64 bits;
+ unsigned int index, end;
+
+ /* must perform manual padding */
+ index = sctx->count & 0x3f;
+ end = (index < 56) ? SHA1_BLOCK_SIZE : (2 * SHA1_BLOCK_SIZE);
+
+ /* start pad with 1 */
+ sctx->buf[index] = 0x80;
+
+ /* pad with zeros */
+ index++;
+ memset(sctx->buf + index, 0x00, end - index - 8);
+
+ /* append message length */
+ bits = sctx->count << 3 ;
+ SEC_COPY_2W(sctx->buf + end - 8, &bits);
+
+ /* force to use the sctx->buf and ignore the partial buf */
+ sctx->count = sctx->count & ~0x3f;
+ sha1_update(tfm, sctx->buf, end);
+
+ /* copy digest to out */
+ SEC_COPY_5W(out, sctx->state);
+
+ /* wipe context */
+ sha1_wipe_out(sctx);
+}
+
+static struct crypto_alg alg = {
+ .cra_name = "sha1",
+ .cra_driver_name= "sha1-ubicom32",
+ .cra_priority = CRYPTO_UBICOM32_PRIORITY,
+ .cra_flags = CRYPTO_ALG_TYPE_DIGEST,
+ .cra_blocksize = SHA1_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct ubicom32_sha1_ctx),
+ .cra_module = THIS_MODULE,
+ .cra_list = LIST_HEAD_INIT(alg.cra_list),
+ .cra_u = {
+ .digest = {
+ .dia_digestsize = SHA1_DIGEST_SIZE,
+ .dia_init = sha1_init,
+ .dia_update = sha1_update,
+ .dia_final = sha1_final,
+ }
+ }
+};
+
+static int __init init(void)
+{
+ hw_crypto_init();
+ return crypto_register_alg(&alg);
+}
+
+static void __exit fini(void)
+{
+ crypto_unregister_alg(&alg);
+}
+
+module_init(init);
+module_exit(fini);
+
+MODULE_ALIAS("sha1");
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-06 06:23:21 +0000