diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-21 15:57:09 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-21 15:57:09 -0700 |
commit | 904e0ab54b7591b9cb01cfc0dbbedcc8bc0d949b (patch) | |
tree | 13a2fc98fc7b347fe0d18cc18d452f1f49bff582 /arch | |
parent | 98a1e95f9b5919b55c71a01546415074282d30d5 (diff) | |
parent | c49a7f182c44c31ea460093eb263110824f6c98e (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
[HWRNG] omap: Minor updates
[CRYPTO] kconfig: Ordering cleanup
[CRYPTO] all: Clean up init()/fini()
[CRYPTO] padlock-aes: Use generic setkey function
[CRYPTO] aes: Export generic setkey
[CRYPTO] api: Make the crypto subsystem fully modular
[CRYPTO] cts: Add CTS mode required for Kerberos AES support
[CRYPTO] lrw: Replace all adds to big endians variables with be*_add_cpu
[CRYPTO] tcrypt: Change the XTEA test vectors
[CRYPTO] tcrypt: Shrink the tcrypt module
[CRYPTO] tcrypt: Change the usage of the test vectors
[CRYPTO] api: Constify function pointer tables
[CRYPTO] aes-x86-32: Remove unused return code
[CRYPTO] tcrypt: Shrink speed templates
[CRYPTO] tcrypt: Group common speed templates
[CRYPTO] sha512: Rename sha512 to sha512_generic
[CRYPTO] sha384: Hardware acceleration for s390
[CRYPTO] sha512: Hardware acceleration for s390
[CRYPTO] s390: Generic sha_update and sha_final
[CRYPTO] api: Switch to proc_create()
Diffstat (limited to 'arch')
-rw-r--r-- | arch/s390/crypto/Makefile | 5 | ||||
-rw-r--r-- | arch/s390/crypto/crypt_s390.h | 2 | ||||
-rw-r--r-- | arch/s390/crypto/sha.h | 35 | ||||
-rw-r--r-- | arch/s390/crypto/sha1_s390.c | 91 | ||||
-rw-r--r-- | arch/s390/crypto/sha256_s390.c | 90 | ||||
-rw-r--r-- | arch/s390/crypto/sha512_s390.c | 114 | ||||
-rw-r--r-- | arch/s390/crypto/sha_common.c | 97 | ||||
-rw-r--r-- | arch/x86/crypto/aes-i586-asm_32.S | 3 |
8 files changed, 263 insertions, 174 deletions
diff --git a/arch/s390/crypto/Makefile b/arch/s390/crypto/Makefile index 14e552c5cc4..6a1157fa4f9 100644 --- a/arch/s390/crypto/Makefile +++ b/arch/s390/crypto/Makefile @@ -2,8 +2,9 @@ # Cryptographic API # -obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o -obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o +obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o sha_common.o +obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o sha_common.o +obj-$(CONFIG_CRYPTO_SHA512_S390) += sha512_s390.o sha_common.o obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o des_check_key.o obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o obj-$(CONFIG_S390_PRNG) += prng.o diff --git a/arch/s390/crypto/crypt_s390.h b/arch/s390/crypto/crypt_s390.h index 95f5160df27..9992f95ef99 100644 --- a/arch/s390/crypto/crypt_s390.h +++ b/arch/s390/crypto/crypt_s390.h @@ -82,6 +82,7 @@ enum crypt_s390_kimd_func { KIMD_QUERY = CRYPT_S390_KIMD | 0, KIMD_SHA_1 = CRYPT_S390_KIMD | 1, KIMD_SHA_256 = CRYPT_S390_KIMD | 2, + KIMD_SHA_512 = CRYPT_S390_KIMD | 3, }; /* @@ -92,6 +93,7 @@ enum crypt_s390_klmd_func { KLMD_QUERY = CRYPT_S390_KLMD | 0, KLMD_SHA_1 = CRYPT_S390_KLMD | 1, KLMD_SHA_256 = CRYPT_S390_KLMD | 2, + KLMD_SHA_512 = CRYPT_S390_KLMD | 3, }; /* diff --git a/arch/s390/crypto/sha.h b/arch/s390/crypto/sha.h new file mode 100644 index 00000000000..1ceafa571ea --- /dev/null +++ b/arch/s390/crypto/sha.h @@ -0,0 +1,35 @@ +/* + * Cryptographic API. + * + * s390 generic implementation of the SHA Secure Hash Algorithms. + * + * Copyright IBM Corp. 2007 + * Author(s): Jan Glauber (jang@de.ibm.com) + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ +#ifndef _CRYPTO_ARCH_S390_SHA_H +#define _CRYPTO_ARCH_S390_SHA_H + +#include <linux/crypto.h> +#include <crypto/sha.h> + +/* must be big enough for the largest SHA variant */ +#define SHA_MAX_STATE_SIZE 16 +#define SHA_MAX_BLOCK_SIZE SHA512_BLOCK_SIZE + +struct s390_sha_ctx { + u64 count; /* message length in bytes */ + u32 state[SHA_MAX_STATE_SIZE]; + u8 buf[2 * SHA_MAX_BLOCK_SIZE]; + int func; /* KIMD function to use */ +}; + +void s390_sha_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len); +void s390_sha_final(struct crypto_tfm *tfm, u8 *out); + +#endif diff --git a/arch/s390/crypto/sha1_s390.c b/arch/s390/crypto/sha1_s390.c index 9cf9eca2274..b3cb5a89b00 100644 --- a/arch/s390/crypto/sha1_s390.c +++ b/arch/s390/crypto/sha1_s390.c @@ -29,16 +29,11 @@ #include <crypto/sha.h> #include "crypt_s390.h" - -struct s390_sha1_ctx { - u64 count; /* message length */ - u32 state[5]; - u8 buf[2 * SHA1_BLOCK_SIZE]; -}; +#include "sha.h" static void sha1_init(struct crypto_tfm *tfm) { - struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm); + struct s390_sha_ctx *sctx = crypto_tfm_ctx(tfm); sctx->state[0] = SHA1_H0; sctx->state[1] = SHA1_H1; @@ -46,79 +41,7 @@ static void sha1_init(struct crypto_tfm *tfm) sctx->state[3] = SHA1_H3; sctx->state[4] = SHA1_H4; sctx->count = 0; -} - -static void sha1_update(struct crypto_tfm *tfm, const u8 *data, - unsigned int len) -{ - struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm); - unsigned int index; - int ret; - - /* how much is already in the buffer? */ - index = sctx->count & 0x3f; - - sctx->count += len; - - if (index + len < SHA1_BLOCK_SIZE) - goto store; - - /* process one stored block */ - if (index) { - memcpy(sctx->buf + index, data, SHA1_BLOCK_SIZE - index); - ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, sctx->buf, - SHA1_BLOCK_SIZE); - BUG_ON(ret != SHA1_BLOCK_SIZE); - data += SHA1_BLOCK_SIZE - index; - len -= SHA1_BLOCK_SIZE - index; - } - - /* process as many blocks as possible */ - if (len >= SHA1_BLOCK_SIZE) { - ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, data, - len & ~(SHA1_BLOCK_SIZE - 1)); - BUG_ON(ret != (len & ~(SHA1_BLOCK_SIZE - 1))); - data += ret; - len -= ret; - } - -store: - /* anything left? */ - if (len) - memcpy(sctx->buf + index , data, len); -} - -/* Add padding and return the message digest. */ -static void sha1_final(struct crypto_tfm *tfm, u8 *out) -{ - struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm); - u64 bits; - unsigned int index, end; - int ret; - - /* must perform manual padding */ - index = sctx->count & 0x3f; - end = (index < 56) ? SHA1_BLOCK_SIZE : (2 * SHA1_BLOCK_SIZE); - - /* start pad with 1 */ - sctx->buf[index] = 0x80; - - /* pad with zeros */ - index++; - memset(sctx->buf + index, 0x00, end - index - 8); - - /* append message length */ - bits = sctx->count * 8; - memcpy(sctx->buf + end - 8, &bits, sizeof(bits)); - - ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, sctx->buf, end); - BUG_ON(ret != end); - - /* copy digest to out */ - memcpy(out, sctx->state, SHA1_DIGEST_SIZE); - - /* wipe context */ - memset(sctx, 0, sizeof *sctx); + sctx->func = KIMD_SHA_1; } static struct crypto_alg alg = { @@ -127,21 +50,20 @@ static struct crypto_alg alg = { .cra_priority = CRYPT_S390_PRIORITY, .cra_flags = CRYPTO_ALG_TYPE_DIGEST, .cra_blocksize = SHA1_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct s390_sha1_ctx), + .cra_ctxsize = sizeof(struct s390_sha_ctx), .cra_module = THIS_MODULE, .cra_list = LIST_HEAD_INIT(alg.cra_list), .cra_u = { .digest = { .dia_digestsize = SHA1_DIGEST_SIZE, .dia_init = sha1_init, - .dia_update = sha1_update, - .dia_final = sha1_final } } + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } }; static int __init sha1_s390_init(void) { if (!crypt_s390_func_available(KIMD_SHA_1)) return -EOPNOTSUPP; - return crypto_register_alg(&alg); } @@ -154,6 +76,5 @@ module_init(sha1_s390_init); module_exit(sha1_s390_fini); MODULE_ALIAS("sha1"); - MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); diff --git a/arch/s390/crypto/sha256_s390.c b/arch/s390/crypto/sha256_s390.c index 2a3d756b35d..19c03fb6ba7 100644 --- a/arch/s390/crypto/sha256_s390.c +++ b/arch/s390/crypto/sha256_s390.c @@ -22,16 +22,11 @@ #include <crypto/sha.h> #include "crypt_s390.h" - -struct s390_sha256_ctx { - u64 count; /* message length */ - u32 state[8]; - u8 buf[2 * SHA256_BLOCK_SIZE]; -}; +#include "sha.h" static void sha256_init(struct crypto_tfm *tfm) { - struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm); + struct s390_sha_ctx *sctx = crypto_tfm_ctx(tfm); sctx->state[0] = SHA256_H0; sctx->state[1] = SHA256_H1; @@ -42,79 +37,7 @@ static void sha256_init(struct crypto_tfm *tfm) sctx->state[6] = SHA256_H6; sctx->state[7] = SHA256_H7; sctx->count = 0; -} - -static void sha256_update(struct crypto_tfm *tfm, const u8 *data, - unsigned int len) -{ - struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm); - unsigned int index; - int ret; - - /* how much is already in the buffer? */ - index = sctx->count & 0x3f; - - sctx->count += len; - - if ((index + len) < SHA256_BLOCK_SIZE) - goto store; - - /* process one stored block */ - if (index) { - memcpy(sctx->buf + index, data, SHA256_BLOCK_SIZE - index); - ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, sctx->buf, - SHA256_BLOCK_SIZE); - BUG_ON(ret != SHA256_BLOCK_SIZE); - data += SHA256_BLOCK_SIZE - index; - len -= SHA256_BLOCK_SIZE - index; - } - - /* process as many blocks as possible */ - if (len >= SHA256_BLOCK_SIZE) { - ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, data, - len & ~(SHA256_BLOCK_SIZE - 1)); - BUG_ON(ret != (len & ~(SHA256_BLOCK_SIZE - 1))); - data += ret; - len -= ret; - } - -store: - /* anything left? */ - if (len) - memcpy(sctx->buf + index , data, len); -} - -/* Add padding and return the message digest */ -static void sha256_final(struct crypto_tfm *tfm, u8 *out) -{ - struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm); - u64 bits; - unsigned int index, end; - int ret; - - /* must perform manual padding */ - index = sctx->count & 0x3f; - end = (index < 56) ? SHA256_BLOCK_SIZE : (2 * SHA256_BLOCK_SIZE); - - /* start pad with 1 */ - sctx->buf[index] = 0x80; - - /* pad with zeros */ - index++; - memset(sctx->buf + index, 0x00, end - index - 8); - - /* append message length */ - bits = sctx->count * 8; - memcpy(sctx->buf + end - 8, &bits, sizeof(bits)); - - ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, sctx->buf, end); - BUG_ON(ret != end); - - /* copy digest to out */ - memcpy(out, sctx->state, SHA256_DIGEST_SIZE); - - /* wipe context */ - memset(sctx, 0, sizeof *sctx); + sctx->func = KIMD_SHA_256; } static struct crypto_alg alg = { @@ -123,14 +46,14 @@ static struct crypto_alg alg = { .cra_priority = CRYPT_S390_PRIORITY, .cra_flags = CRYPTO_ALG_TYPE_DIGEST, .cra_blocksize = SHA256_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct s390_sha256_ctx), + .cra_ctxsize = sizeof(struct s390_sha_ctx), .cra_module = THIS_MODULE, .cra_list = LIST_HEAD_INIT(alg.cra_list), .cra_u = { .digest = { .dia_digestsize = SHA256_DIGEST_SIZE, .dia_init = sha256_init, - .dia_update = sha256_update, - .dia_final = sha256_final } } + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } }; static int sha256_s390_init(void) @@ -150,6 +73,5 @@ module_init(sha256_s390_init); module_exit(sha256_s390_fini); MODULE_ALIAS("sha256"); - MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm"); diff --git a/arch/s390/crypto/sha512_s390.c b/arch/s390/crypto/sha512_s390.c new file mode 100644 index 00000000000..23c7861f6ae --- /dev/null +++ b/arch/s390/crypto/sha512_s390.c @@ -0,0 +1,114 @@ +/* + * Cryptographic API. + * + * s390 implementation of the SHA512 and SHA38 Secure Hash Algorithm. + * + * Copyright IBM Corp. 2007 + * Author(s): Jan Glauber (jang@de.ibm.com) + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ +#include <linux/init.h> +#include <linux/module.h> +#include <linux/crypto.h> + +#include "sha.h" +#include "crypt_s390.h" + +static void sha512_init(struct crypto_tfm *tfm) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + + *(__u64 *)&ctx->state[0] = 0x6a09e667f3bcc908ULL; + *(__u64 *)&ctx->state[2] = 0xbb67ae8584caa73bULL; + *(__u64 *)&ctx->state[4] = 0x3c6ef372fe94f82bULL; + *(__u64 *)&ctx->state[6] = 0xa54ff53a5f1d36f1ULL; + *(__u64 *)&ctx->state[8] = 0x510e527fade682d1ULL; + *(__u64 *)&ctx->state[10] = 0x9b05688c2b3e6c1fULL; + *(__u64 *)&ctx->state[12] = 0x1f83d9abfb41bd6bULL; + *(__u64 *)&ctx->state[14] = 0x5be0cd19137e2179ULL; + ctx->count = 0; + ctx->func = KIMD_SHA_512; +} + +static struct crypto_alg sha512_alg = { + .cra_name = "sha512", + .cra_driver_name = "sha512-s390", + .cra_priority = CRYPT_S390_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_DIGEST, + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct s390_sha_ctx), + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(sha512_alg.cra_list), + .cra_u = { .digest = { + .dia_digestsize = SHA512_DIGEST_SIZE, + .dia_init = sha512_init, + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } +}; + +MODULE_ALIAS("sha512"); + +static void sha384_init(struct crypto_tfm *tfm) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + + *(__u64 *)&ctx->state[0] = 0xcbbb9d5dc1059ed8ULL; + *(__u64 *)&ctx->state[2] = 0x629a292a367cd507ULL; + *(__u64 *)&ctx->state[4] = 0x9159015a3070dd17ULL; + *(__u64 *)&ctx->state[6] = 0x152fecd8f70e5939ULL; + *(__u64 *)&ctx->state[8] = 0x67332667ffc00b31ULL; + *(__u64 *)&ctx->state[10] = 0x8eb44a8768581511ULL; + *(__u64 *)&ctx->state[12] = 0xdb0c2e0d64f98fa7ULL; + *(__u64 *)&ctx->state[14] = 0x47b5481dbefa4fa4ULL; + ctx->count = 0; + ctx->func = KIMD_SHA_512; +} + +static struct crypto_alg sha384_alg = { + .cra_name = "sha384", + .cra_driver_name = "sha384-s390", + .cra_priority = CRYPT_S390_PRIORITY, + .cra_flags = CRYPTO_ALG_TYPE_DIGEST, + .cra_blocksize = SHA384_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct s390_sha_ctx), + .cra_module = THIS_MODULE, + .cra_list = LIST_HEAD_INIT(sha384_alg.cra_list), + .cra_u = { .digest = { + .dia_digestsize = SHA384_DIGEST_SIZE, + .dia_init = sha384_init, + .dia_update = s390_sha_update, + .dia_final = s390_sha_final } } +}; + +MODULE_ALIAS("sha384"); + +static int __init init(void) +{ + int ret; + + if (!crypt_s390_func_available(KIMD_SHA_512)) + return -EOPNOTSUPP; + if ((ret = crypto_register_alg(&sha512_alg)) < 0) + goto out; + if ((ret = crypto_register_alg(&sha384_alg)) < 0) + crypto_unregister_alg(&sha512_alg); +out: + return ret; +} + +static void __exit fini(void) +{ + crypto_unregister_alg(&sha512_alg); + crypto_unregister_alg(&sha384_alg); +} + +module_init(init); +module_exit(fini); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("SHA512 and SHA-384 Secure Hash Algorithm"); diff --git a/arch/s390/crypto/sha_common.c b/arch/s390/crypto/sha_common.c new file mode 100644 index 00000000000..9d6eb8c3d37 --- /dev/null +++ b/arch/s390/crypto/sha_common.c @@ -0,0 +1,97 @@ +/* + * Cryptographic API. + * + * s390 generic implementation of the SHA Secure Hash Algorithms. + * + * Copyright IBM Corp. 2007 + * Author(s): Jan Glauber (jang@de.ibm.com) + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + */ + +#include <linux/crypto.h> +#include "sha.h" +#include "crypt_s390.h" + +void s390_sha_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + unsigned int bsize = crypto_tfm_alg_blocksize(tfm); + unsigned int index; + int ret; + + /* how much is already in the buffer? */ + index = ctx->count & (bsize - 1); + ctx->count += len; + + if ((index + len) < bsize) + goto store; + + /* process one stored block */ + if (index) { + memcpy(ctx->buf + index, data, bsize - index); + ret = crypt_s390_kimd(ctx->func, ctx->state, ctx->buf, bsize); + BUG_ON(ret != bsize); + data += bsize - index; + len -= bsize - index; + } + + /* process as many blocks as possible */ + if (len >= bsize) { + ret = crypt_s390_kimd(ctx->func, ctx->state, data, + len & ~(bsize - 1)); + BUG_ON(ret != (len & ~(bsize - 1))); + data += ret; + len -= ret; + } +store: + if (len) + memcpy(ctx->buf + index , data, len); +} +EXPORT_SYMBOL_GPL(s390_sha_update); + +void s390_sha_final(struct crypto_tfm *tfm, u8 *out) +{ + struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm); + unsigned int bsize = crypto_tfm_alg_blocksize(tfm); + u64 bits; + unsigned int index, end, plen; + int ret; + + /* SHA-512 uses 128 bit padding length */ + plen = (bsize > SHA256_BLOCK_SIZE) ? 16 : 8; + + /* must perform manual padding */ + index = ctx->count & (bsize - 1); + end = (index < bsize - plen) ? bsize : (2 * bsize); + + /* start pad with 1 */ + ctx->buf[index] = 0x80; + index++; + + /* pad with zeros */ + memset(ctx->buf + index, 0x00, end - index - 8); + + /* + * Append message length. Well, SHA-512 wants a 128 bit lenght value, + * nevertheless we use u64, should be enough for now... + */ + bits = ctx->count * 8; + memcpy(ctx->buf + end - 8, &bits, sizeof(bits)); + + ret = crypt_s390_kimd(ctx->func, ctx->state, ctx->buf, end); + BUG_ON(ret != end); + + /* copy digest to out */ + memcpy(out, ctx->state, crypto_hash_digestsize(crypto_hash_cast(tfm))); + /* wipe context */ + memset(ctx, 0, sizeof *ctx); +} +EXPORT_SYMBOL_GPL(s390_sha_final); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("s390 SHA cipher common functions"); diff --git a/arch/x86/crypto/aes-i586-asm_32.S b/arch/x86/crypto/aes-i586-asm_32.S index 1093bede3e0..e41b147f450 100644 --- a/arch/x86/crypto/aes-i586-asm_32.S +++ b/arch/x86/crypto/aes-i586-asm_32.S @@ -289,7 +289,6 @@ aes_enc_blk: pop %ebx mov %r0,(%ebp) pop %ebp - mov $1,%eax ret // AES (Rijndael) Decryption Subroutine @@ -365,6 +364,4 @@ aes_dec_blk: pop %ebx mov %r0,(%ebp) pop %ebp - mov $1,%eax ret - |