forked from Minki/linux
e67479b13e
1. fix ctx pointer Use req_ctx which is the ctx for the next job that have been completed in the lanes instead of the first completed job rctx, whose completion could have been called and released. Signed-off-by: Xiaodong Liu <xiaodong.liu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1047 lines
28 KiB
C
1047 lines
28 KiB
C
/*
|
|
* Multi buffer SHA512 algorithm Glue Code
|
|
*
|
|
* This file is provided under a dual BSD/GPLv2 license. When using or
|
|
* redistributing this file, you may do so under either license.
|
|
*
|
|
* GPL LICENSE SUMMARY
|
|
*
|
|
* Copyright(c) 2016 Intel Corporation.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of version 2 of the GNU General Public License as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* Contact Information:
|
|
* Megha Dey <megha.dey@linux.intel.com>
|
|
*
|
|
* BSD LICENSE
|
|
*
|
|
* Copyright(c) 2016 Intel Corporation.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
* * Neither the name of Intel Corporation nor the names of its
|
|
* contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
|
|
|
#include <crypto/internal/hash.h>
|
|
#include <linux/init.h>
|
|
#include <linux/module.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/cryptohash.h>
|
|
#include <linux/types.h>
|
|
#include <linux/list.h>
|
|
#include <crypto/scatterwalk.h>
|
|
#include <crypto/sha.h>
|
|
#include <crypto/mcryptd.h>
|
|
#include <crypto/crypto_wq.h>
|
|
#include <asm/byteorder.h>
|
|
#include <linux/hardirq.h>
|
|
#include <asm/fpu/api.h>
|
|
#include "sha512_mb_ctx.h"
|
|
|
|
#define FLUSH_INTERVAL 1000 /* in usec */
|
|
|
|
static struct mcryptd_alg_state sha512_mb_alg_state;
|
|
|
|
struct sha512_mb_ctx {
|
|
struct mcryptd_ahash *mcryptd_tfm;
|
|
};
|
|
|
|
static inline struct mcryptd_hash_request_ctx
|
|
*cast_hash_to_mcryptd_ctx(struct sha512_hash_ctx *hash_ctx)
|
|
{
|
|
struct ahash_request *areq;
|
|
|
|
areq = container_of((void *) hash_ctx, struct ahash_request, __ctx);
|
|
return container_of(areq, struct mcryptd_hash_request_ctx, areq);
|
|
}
|
|
|
|
static inline struct ahash_request
|
|
*cast_mcryptd_ctx_to_req(struct mcryptd_hash_request_ctx *ctx)
|
|
{
|
|
return container_of((void *) ctx, struct ahash_request, __ctx);
|
|
}
|
|
|
|
static void req_ctx_init(struct mcryptd_hash_request_ctx *rctx,
|
|
struct ahash_request *areq)
|
|
{
|
|
rctx->flag = HASH_UPDATE;
|
|
}
|
|
|
|
static asmlinkage void (*sha512_job_mgr_init)(struct sha512_mb_mgr *state);
|
|
static asmlinkage struct job_sha512* (*sha512_job_mgr_submit)
|
|
(struct sha512_mb_mgr *state,
|
|
struct job_sha512 *job);
|
|
static asmlinkage struct job_sha512* (*sha512_job_mgr_flush)
|
|
(struct sha512_mb_mgr *state);
|
|
static asmlinkage struct job_sha512* (*sha512_job_mgr_get_comp_job)
|
|
(struct sha512_mb_mgr *state);
|
|
|
|
inline void sha512_init_digest(uint64_t *digest)
|
|
{
|
|
static const uint64_t initial_digest[SHA512_DIGEST_LENGTH] = {
|
|
SHA512_H0, SHA512_H1, SHA512_H2,
|
|
SHA512_H3, SHA512_H4, SHA512_H5,
|
|
SHA512_H6, SHA512_H7 };
|
|
memcpy(digest, initial_digest, sizeof(initial_digest));
|
|
}
|
|
|
|
inline uint32_t sha512_pad(uint8_t padblock[SHA512_BLOCK_SIZE * 2],
|
|
uint32_t total_len)
|
|
{
|
|
uint32_t i = total_len & (SHA512_BLOCK_SIZE - 1);
|
|
|
|
memset(&padblock[i], 0, SHA512_BLOCK_SIZE);
|
|
padblock[i] = 0x80;
|
|
|
|
i += ((SHA512_BLOCK_SIZE - 1) &
|
|
(0 - (total_len + SHA512_PADLENGTHFIELD_SIZE + 1)))
|
|
+ 1 + SHA512_PADLENGTHFIELD_SIZE;
|
|
|
|
#if SHA512_PADLENGTHFIELD_SIZE == 16
|
|
*((uint64_t *) &padblock[i - 16]) = 0;
|
|
#endif
|
|
|
|
*((uint64_t *) &padblock[i - 8]) = cpu_to_be64(total_len << 3);
|
|
|
|
/* Number of extra blocks to hash */
|
|
return i >> SHA512_LOG2_BLOCK_SIZE;
|
|
}
|
|
|
|
static struct sha512_hash_ctx *sha512_ctx_mgr_resubmit
|
|
(struct sha512_ctx_mgr *mgr, struct sha512_hash_ctx *ctx)
|
|
{
|
|
while (ctx) {
|
|
if (ctx->status & HASH_CTX_STS_COMPLETE) {
|
|
/* Clear PROCESSING bit */
|
|
ctx->status = HASH_CTX_STS_COMPLETE;
|
|
return ctx;
|
|
}
|
|
|
|
/*
|
|
* If the extra blocks are empty, begin hashing what remains
|
|
* in the user's buffer.
|
|
*/
|
|
if (ctx->partial_block_buffer_length == 0 &&
|
|
ctx->incoming_buffer_length) {
|
|
|
|
const void *buffer = ctx->incoming_buffer;
|
|
uint32_t len = ctx->incoming_buffer_length;
|
|
uint32_t copy_len;
|
|
|
|
/*
|
|
* Only entire blocks can be hashed.
|
|
* Copy remainder to extra blocks buffer.
|
|
*/
|
|
copy_len = len & (SHA512_BLOCK_SIZE-1);
|
|
|
|
if (copy_len) {
|
|
len -= copy_len;
|
|
memcpy(ctx->partial_block_buffer,
|
|
((const char *) buffer + len),
|
|
copy_len);
|
|
ctx->partial_block_buffer_length = copy_len;
|
|
}
|
|
|
|
ctx->incoming_buffer_length = 0;
|
|
|
|
/* len should be a multiple of the block size now */
|
|
assert((len % SHA512_BLOCK_SIZE) == 0);
|
|
|
|
/* Set len to the number of blocks to be hashed */
|
|
len >>= SHA512_LOG2_BLOCK_SIZE;
|
|
|
|
if (len) {
|
|
|
|
ctx->job.buffer = (uint8_t *) buffer;
|
|
ctx->job.len = len;
|
|
ctx = (struct sha512_hash_ctx *)
|
|
sha512_job_mgr_submit(&mgr->mgr,
|
|
&ctx->job);
|
|
continue;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* If the extra blocks are not empty, then we are
|
|
* either on the last block(s) or we need more
|
|
* user input before continuing.
|
|
*/
|
|
if (ctx->status & HASH_CTX_STS_LAST) {
|
|
|
|
uint8_t *buf = ctx->partial_block_buffer;
|
|
uint32_t n_extra_blocks =
|
|
sha512_pad(buf, ctx->total_length);
|
|
|
|
ctx->status = (HASH_CTX_STS_PROCESSING |
|
|
HASH_CTX_STS_COMPLETE);
|
|
ctx->job.buffer = buf;
|
|
ctx->job.len = (uint32_t) n_extra_blocks;
|
|
ctx = (struct sha512_hash_ctx *)
|
|
sha512_job_mgr_submit(&mgr->mgr, &ctx->job);
|
|
continue;
|
|
}
|
|
|
|
if (ctx)
|
|
ctx->status = HASH_CTX_STS_IDLE;
|
|
return ctx;
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
static struct sha512_hash_ctx
|
|
*sha512_ctx_mgr_get_comp_ctx(struct sha512_ctx_mgr *mgr)
|
|
{
|
|
/*
|
|
* If get_comp_job returns NULL, there are no jobs complete.
|
|
* If get_comp_job returns a job, verify that it is safe to return to
|
|
* the user.
|
|
* If it is not ready, resubmit the job to finish processing.
|
|
* If sha512_ctx_mgr_resubmit returned a job, it is ready to be
|
|
* returned.
|
|
* Otherwise, all jobs currently being managed by the hash_ctx_mgr
|
|
* still need processing.
|
|
*/
|
|
struct sha512_hash_ctx *ctx;
|
|
|
|
ctx = (struct sha512_hash_ctx *)
|
|
sha512_job_mgr_get_comp_job(&mgr->mgr);
|
|
return sha512_ctx_mgr_resubmit(mgr, ctx);
|
|
}
|
|
|
|
static void sha512_ctx_mgr_init(struct sha512_ctx_mgr *mgr)
|
|
{
|
|
sha512_job_mgr_init(&mgr->mgr);
|
|
}
|
|
|
|
static struct sha512_hash_ctx
|
|
*sha512_ctx_mgr_submit(struct sha512_ctx_mgr *mgr,
|
|
struct sha512_hash_ctx *ctx,
|
|
const void *buffer,
|
|
uint32_t len,
|
|
int flags)
|
|
{
|
|
if (flags & (~HASH_ENTIRE)) {
|
|
/*
|
|
* User should not pass anything other than FIRST, UPDATE, or
|
|
* LAST
|
|
*/
|
|
ctx->error = HASH_CTX_ERROR_INVALID_FLAGS;
|
|
return ctx;
|
|
}
|
|
|
|
if (ctx->status & HASH_CTX_STS_PROCESSING) {
|
|
/* Cannot submit to a currently processing job. */
|
|
ctx->error = HASH_CTX_ERROR_ALREADY_PROCESSING;
|
|
return ctx;
|
|
}
|
|
|
|
if ((ctx->status & HASH_CTX_STS_COMPLETE) && !(flags & HASH_FIRST)) {
|
|
/* Cannot update a finished job. */
|
|
ctx->error = HASH_CTX_ERROR_ALREADY_COMPLETED;
|
|
return ctx;
|
|
}
|
|
|
|
|
|
if (flags & HASH_FIRST) {
|
|
/* Init digest */
|
|
sha512_init_digest(ctx->job.result_digest);
|
|
|
|
/* Reset byte counter */
|
|
ctx->total_length = 0;
|
|
|
|
/* Clear extra blocks */
|
|
ctx->partial_block_buffer_length = 0;
|
|
}
|
|
|
|
/*
|
|
* If we made it here, there were no errors during this call to
|
|
* submit
|
|
*/
|
|
ctx->error = HASH_CTX_ERROR_NONE;
|
|
|
|
/* Store buffer ptr info from user */
|
|
ctx->incoming_buffer = buffer;
|
|
ctx->incoming_buffer_length = len;
|
|
|
|
/*
|
|
* Store the user's request flags and mark this ctx as currently being
|
|
* processed.
|
|
*/
|
|
ctx->status = (flags & HASH_LAST) ?
|
|
(HASH_CTX_STS_PROCESSING | HASH_CTX_STS_LAST) :
|
|
HASH_CTX_STS_PROCESSING;
|
|
|
|
/* Advance byte counter */
|
|
ctx->total_length += len;
|
|
|
|
/*
|
|
* If there is anything currently buffered in the extra blocks,
|
|
* append to it until it contains a whole block.
|
|
* Or if the user's buffer contains less than a whole block,
|
|
* append as much as possible to the extra block.
|
|
*/
|
|
if (ctx->partial_block_buffer_length || len < SHA512_BLOCK_SIZE) {
|
|
/* Compute how many bytes to copy from user buffer into extra
|
|
* block
|
|
*/
|
|
uint32_t copy_len = SHA512_BLOCK_SIZE -
|
|
ctx->partial_block_buffer_length;
|
|
if (len < copy_len)
|
|
copy_len = len;
|
|
|
|
if (copy_len) {
|
|
/* Copy and update relevant pointers and counters */
|
|
memcpy
|
|
(&ctx->partial_block_buffer[ctx->partial_block_buffer_length],
|
|
buffer, copy_len);
|
|
|
|
ctx->partial_block_buffer_length += copy_len;
|
|
ctx->incoming_buffer = (const void *)
|
|
((const char *)buffer + copy_len);
|
|
ctx->incoming_buffer_length = len - copy_len;
|
|
}
|
|
|
|
/* The extra block should never contain more than 1 block
|
|
* here
|
|
*/
|
|
assert(ctx->partial_block_buffer_length <= SHA512_BLOCK_SIZE);
|
|
|
|
/* If the extra block buffer contains exactly 1 block, it can
|
|
* be hashed.
|
|
*/
|
|
if (ctx->partial_block_buffer_length >= SHA512_BLOCK_SIZE) {
|
|
ctx->partial_block_buffer_length = 0;
|
|
|
|
ctx->job.buffer = ctx->partial_block_buffer;
|
|
ctx->job.len = 1;
|
|
ctx = (struct sha512_hash_ctx *)
|
|
sha512_job_mgr_submit(&mgr->mgr, &ctx->job);
|
|
}
|
|
}
|
|
|
|
return sha512_ctx_mgr_resubmit(mgr, ctx);
|
|
}
|
|
|
|
static struct sha512_hash_ctx *sha512_ctx_mgr_flush(struct sha512_ctx_mgr *mgr)
|
|
{
|
|
struct sha512_hash_ctx *ctx;
|
|
|
|
while (1) {
|
|
ctx = (struct sha512_hash_ctx *)
|
|
sha512_job_mgr_flush(&mgr->mgr);
|
|
|
|
/* If flush returned 0, there are no more jobs in flight. */
|
|
if (!ctx)
|
|
return NULL;
|
|
|
|
/*
|
|
* If flush returned a job, resubmit the job to finish
|
|
* processing.
|
|
*/
|
|
ctx = sha512_ctx_mgr_resubmit(mgr, ctx);
|
|
|
|
/*
|
|
* If sha512_ctx_mgr_resubmit returned a job, it is ready to
|
|
* be returned. Otherwise, all jobs currently being managed by
|
|
* the sha512_ctx_mgr still need processing. Loop.
|
|
*/
|
|
if (ctx)
|
|
return ctx;
|
|
}
|
|
}
|
|
|
|
static int sha512_mb_init(struct ahash_request *areq)
|
|
{
|
|
struct sha512_hash_ctx *sctx = ahash_request_ctx(areq);
|
|
|
|
hash_ctx_init(sctx);
|
|
sctx->job.result_digest[0] = SHA512_H0;
|
|
sctx->job.result_digest[1] = SHA512_H1;
|
|
sctx->job.result_digest[2] = SHA512_H2;
|
|
sctx->job.result_digest[3] = SHA512_H3;
|
|
sctx->job.result_digest[4] = SHA512_H4;
|
|
sctx->job.result_digest[5] = SHA512_H5;
|
|
sctx->job.result_digest[6] = SHA512_H6;
|
|
sctx->job.result_digest[7] = SHA512_H7;
|
|
sctx->total_length = 0;
|
|
sctx->partial_block_buffer_length = 0;
|
|
sctx->status = HASH_CTX_STS_IDLE;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int sha512_mb_set_results(struct mcryptd_hash_request_ctx *rctx)
|
|
{
|
|
int i;
|
|
struct sha512_hash_ctx *sctx = ahash_request_ctx(&rctx->areq);
|
|
__be64 *dst = (__be64 *) rctx->out;
|
|
|
|
for (i = 0; i < 8; ++i)
|
|
dst[i] = cpu_to_be64(sctx->job.result_digest[i]);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int sha_finish_walk(struct mcryptd_hash_request_ctx **ret_rctx,
|
|
struct mcryptd_alg_cstate *cstate, bool flush)
|
|
{
|
|
int flag = HASH_UPDATE;
|
|
int nbytes, err = 0;
|
|
struct mcryptd_hash_request_ctx *rctx = *ret_rctx;
|
|
struct sha512_hash_ctx *sha_ctx;
|
|
|
|
/* more work ? */
|
|
while (!(rctx->flag & HASH_DONE)) {
|
|
nbytes = crypto_ahash_walk_done(&rctx->walk, 0);
|
|
if (nbytes < 0) {
|
|
err = nbytes;
|
|
goto out;
|
|
}
|
|
/* check if the walk is done */
|
|
if (crypto_ahash_walk_last(&rctx->walk)) {
|
|
rctx->flag |= HASH_DONE;
|
|
if (rctx->flag & HASH_FINAL)
|
|
flag |= HASH_LAST;
|
|
|
|
}
|
|
sha_ctx = (struct sha512_hash_ctx *)
|
|
ahash_request_ctx(&rctx->areq);
|
|
kernel_fpu_begin();
|
|
sha_ctx = sha512_ctx_mgr_submit(cstate->mgr, sha_ctx,
|
|
rctx->walk.data, nbytes, flag);
|
|
if (!sha_ctx) {
|
|
if (flush)
|
|
sha_ctx = sha512_ctx_mgr_flush(cstate->mgr);
|
|
}
|
|
kernel_fpu_end();
|
|
if (sha_ctx)
|
|
rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
|
|
else {
|
|
rctx = NULL;
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
/* copy the results */
|
|
if (rctx->flag & HASH_FINAL)
|
|
sha512_mb_set_results(rctx);
|
|
|
|
out:
|
|
*ret_rctx = rctx;
|
|
return err;
|
|
}
|
|
|
|
static int sha_complete_job(struct mcryptd_hash_request_ctx *rctx,
|
|
struct mcryptd_alg_cstate *cstate,
|
|
int err)
|
|
{
|
|
struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
|
|
struct sha512_hash_ctx *sha_ctx;
|
|
struct mcryptd_hash_request_ctx *req_ctx;
|
|
int ret;
|
|
|
|
/* remove from work list */
|
|
spin_lock(&cstate->work_lock);
|
|
list_del(&rctx->waiter);
|
|
spin_unlock(&cstate->work_lock);
|
|
|
|
if (irqs_disabled())
|
|
rctx->complete(&req->base, err);
|
|
else {
|
|
local_bh_disable();
|
|
rctx->complete(&req->base, err);
|
|
local_bh_enable();
|
|
}
|
|
|
|
/* check to see if there are other jobs that are done */
|
|
sha_ctx = sha512_ctx_mgr_get_comp_ctx(cstate->mgr);
|
|
while (sha_ctx) {
|
|
req_ctx = cast_hash_to_mcryptd_ctx(sha_ctx);
|
|
ret = sha_finish_walk(&req_ctx, cstate, false);
|
|
if (req_ctx) {
|
|
spin_lock(&cstate->work_lock);
|
|
list_del(&req_ctx->waiter);
|
|
spin_unlock(&cstate->work_lock);
|
|
|
|
req = cast_mcryptd_ctx_to_req(req_ctx);
|
|
if (irqs_disabled())
|
|
req_ctx->complete(&req->base, ret);
|
|
else {
|
|
local_bh_disable();
|
|
req_ctx->complete(&req->base, ret);
|
|
local_bh_enable();
|
|
}
|
|
}
|
|
sha_ctx = sha512_ctx_mgr_get_comp_ctx(cstate->mgr);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void sha512_mb_add_list(struct mcryptd_hash_request_ctx *rctx,
|
|
struct mcryptd_alg_cstate *cstate)
|
|
{
|
|
unsigned long next_flush;
|
|
unsigned long delay = usecs_to_jiffies(FLUSH_INTERVAL);
|
|
|
|
/* initialize tag */
|
|
rctx->tag.arrival = jiffies; /* tag the arrival time */
|
|
rctx->tag.seq_num = cstate->next_seq_num++;
|
|
next_flush = rctx->tag.arrival + delay;
|
|
rctx->tag.expire = next_flush;
|
|
|
|
spin_lock(&cstate->work_lock);
|
|
list_add_tail(&rctx->waiter, &cstate->work_list);
|
|
spin_unlock(&cstate->work_lock);
|
|
|
|
mcryptd_arm_flusher(cstate, delay);
|
|
}
|
|
|
|
static int sha512_mb_update(struct ahash_request *areq)
|
|
{
|
|
struct mcryptd_hash_request_ctx *rctx =
|
|
container_of(areq, struct mcryptd_hash_request_ctx,
|
|
areq);
|
|
struct mcryptd_alg_cstate *cstate =
|
|
this_cpu_ptr(sha512_mb_alg_state.alg_cstate);
|
|
|
|
struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
|
|
struct sha512_hash_ctx *sha_ctx;
|
|
int ret = 0, nbytes;
|
|
|
|
|
|
/* sanity check */
|
|
if (rctx->tag.cpu != smp_processor_id()) {
|
|
pr_err("mcryptd error: cpu clash\n");
|
|
goto done;
|
|
}
|
|
|
|
/* need to init context */
|
|
req_ctx_init(rctx, areq);
|
|
|
|
nbytes = crypto_ahash_walk_first(req, &rctx->walk);
|
|
|
|
if (nbytes < 0) {
|
|
ret = nbytes;
|
|
goto done;
|
|
}
|
|
|
|
if (crypto_ahash_walk_last(&rctx->walk))
|
|
rctx->flag |= HASH_DONE;
|
|
|
|
/* submit */
|
|
sha_ctx = (struct sha512_hash_ctx *) ahash_request_ctx(areq);
|
|
sha512_mb_add_list(rctx, cstate);
|
|
kernel_fpu_begin();
|
|
sha_ctx = sha512_ctx_mgr_submit(cstate->mgr, sha_ctx, rctx->walk.data,
|
|
nbytes, HASH_UPDATE);
|
|
kernel_fpu_end();
|
|
|
|
/* check if anything is returned */
|
|
if (!sha_ctx)
|
|
return -EINPROGRESS;
|
|
|
|
if (sha_ctx->error) {
|
|
ret = sha_ctx->error;
|
|
rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
|
|
goto done;
|
|
}
|
|
|
|
rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
|
|
ret = sha_finish_walk(&rctx, cstate, false);
|
|
|
|
if (!rctx)
|
|
return -EINPROGRESS;
|
|
done:
|
|
sha_complete_job(rctx, cstate, ret);
|
|
return ret;
|
|
}
|
|
|
|
static int sha512_mb_finup(struct ahash_request *areq)
|
|
{
|
|
struct mcryptd_hash_request_ctx *rctx =
|
|
container_of(areq, struct mcryptd_hash_request_ctx,
|
|
areq);
|
|
struct mcryptd_alg_cstate *cstate =
|
|
this_cpu_ptr(sha512_mb_alg_state.alg_cstate);
|
|
|
|
struct ahash_request *req = cast_mcryptd_ctx_to_req(rctx);
|
|
struct sha512_hash_ctx *sha_ctx;
|
|
int ret = 0, flag = HASH_UPDATE, nbytes;
|
|
|
|
/* sanity check */
|
|
if (rctx->tag.cpu != smp_processor_id()) {
|
|
pr_err("mcryptd error: cpu clash\n");
|
|
goto done;
|
|
}
|
|
|
|
/* need to init context */
|
|
req_ctx_init(rctx, areq);
|
|
|
|
nbytes = crypto_ahash_walk_first(req, &rctx->walk);
|
|
|
|
if (nbytes < 0) {
|
|
ret = nbytes;
|
|
goto done;
|
|
}
|
|
|
|
if (crypto_ahash_walk_last(&rctx->walk)) {
|
|
rctx->flag |= HASH_DONE;
|
|
flag = HASH_LAST;
|
|
}
|
|
|
|
/* submit */
|
|
rctx->flag |= HASH_FINAL;
|
|
sha_ctx = (struct sha512_hash_ctx *) ahash_request_ctx(areq);
|
|
sha512_mb_add_list(rctx, cstate);
|
|
|
|
kernel_fpu_begin();
|
|
sha_ctx = sha512_ctx_mgr_submit(cstate->mgr, sha_ctx, rctx->walk.data,
|
|
nbytes, flag);
|
|
kernel_fpu_end();
|
|
|
|
/* check if anything is returned */
|
|
if (!sha_ctx)
|
|
return -EINPROGRESS;
|
|
|
|
if (sha_ctx->error) {
|
|
ret = sha_ctx->error;
|
|
goto done;
|
|
}
|
|
|
|
rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
|
|
ret = sha_finish_walk(&rctx, cstate, false);
|
|
if (!rctx)
|
|
return -EINPROGRESS;
|
|
done:
|
|
sha_complete_job(rctx, cstate, ret);
|
|
return ret;
|
|
}
|
|
|
|
static int sha512_mb_final(struct ahash_request *areq)
|
|
{
|
|
struct mcryptd_hash_request_ctx *rctx =
|
|
container_of(areq, struct mcryptd_hash_request_ctx,
|
|
areq);
|
|
struct mcryptd_alg_cstate *cstate =
|
|
this_cpu_ptr(sha512_mb_alg_state.alg_cstate);
|
|
|
|
struct sha512_hash_ctx *sha_ctx;
|
|
int ret = 0;
|
|
u8 data;
|
|
|
|
/* sanity check */
|
|
if (rctx->tag.cpu != smp_processor_id()) {
|
|
pr_err("mcryptd error: cpu clash\n");
|
|
goto done;
|
|
}
|
|
|
|
/* need to init context */
|
|
req_ctx_init(rctx, areq);
|
|
|
|
rctx->flag |= HASH_DONE | HASH_FINAL;
|
|
|
|
sha_ctx = (struct sha512_hash_ctx *) ahash_request_ctx(areq);
|
|
/* flag HASH_FINAL and 0 data size */
|
|
sha512_mb_add_list(rctx, cstate);
|
|
kernel_fpu_begin();
|
|
sha_ctx = sha512_ctx_mgr_submit(cstate->mgr, sha_ctx, &data, 0,
|
|
HASH_LAST);
|
|
kernel_fpu_end();
|
|
|
|
/* check if anything is returned */
|
|
if (!sha_ctx)
|
|
return -EINPROGRESS;
|
|
|
|
if (sha_ctx->error) {
|
|
ret = sha_ctx->error;
|
|
rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
|
|
goto done;
|
|
}
|
|
|
|
rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
|
|
ret = sha_finish_walk(&rctx, cstate, false);
|
|
if (!rctx)
|
|
return -EINPROGRESS;
|
|
done:
|
|
sha_complete_job(rctx, cstate, ret);
|
|
return ret;
|
|
}
|
|
|
|
static int sha512_mb_export(struct ahash_request *areq, void *out)
|
|
{
|
|
struct sha512_hash_ctx *sctx = ahash_request_ctx(areq);
|
|
|
|
memcpy(out, sctx, sizeof(*sctx));
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int sha512_mb_import(struct ahash_request *areq, const void *in)
|
|
{
|
|
struct sha512_hash_ctx *sctx = ahash_request_ctx(areq);
|
|
|
|
memcpy(sctx, in, sizeof(*sctx));
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int sha512_mb_async_init_tfm(struct crypto_tfm *tfm)
|
|
{
|
|
struct mcryptd_ahash *mcryptd_tfm;
|
|
struct sha512_mb_ctx *ctx = crypto_tfm_ctx(tfm);
|
|
struct mcryptd_hash_ctx *mctx;
|
|
|
|
mcryptd_tfm = mcryptd_alloc_ahash("__intel_sha512-mb",
|
|
CRYPTO_ALG_INTERNAL,
|
|
CRYPTO_ALG_INTERNAL);
|
|
if (IS_ERR(mcryptd_tfm))
|
|
return PTR_ERR(mcryptd_tfm);
|
|
mctx = crypto_ahash_ctx(&mcryptd_tfm->base);
|
|
mctx->alg_state = &sha512_mb_alg_state;
|
|
ctx->mcryptd_tfm = mcryptd_tfm;
|
|
crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
|
|
sizeof(struct ahash_request) +
|
|
crypto_ahash_reqsize(&mcryptd_tfm->base));
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void sha512_mb_async_exit_tfm(struct crypto_tfm *tfm)
|
|
{
|
|
struct sha512_mb_ctx *ctx = crypto_tfm_ctx(tfm);
|
|
|
|
mcryptd_free_ahash(ctx->mcryptd_tfm);
|
|
}
|
|
|
|
static int sha512_mb_areq_init_tfm(struct crypto_tfm *tfm)
|
|
{
|
|
crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
|
|
sizeof(struct ahash_request) +
|
|
sizeof(struct sha512_hash_ctx));
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void sha512_mb_areq_exit_tfm(struct crypto_tfm *tfm)
|
|
{
|
|
struct sha512_mb_ctx *ctx = crypto_tfm_ctx(tfm);
|
|
|
|
mcryptd_free_ahash(ctx->mcryptd_tfm);
|
|
}
|
|
|
|
static struct ahash_alg sha512_mb_areq_alg = {
|
|
.init = sha512_mb_init,
|
|
.update = sha512_mb_update,
|
|
.final = sha512_mb_final,
|
|
.finup = sha512_mb_finup,
|
|
.export = sha512_mb_export,
|
|
.import = sha512_mb_import,
|
|
.halg = {
|
|
.digestsize = SHA512_DIGEST_SIZE,
|
|
.statesize = sizeof(struct sha512_hash_ctx),
|
|
.base = {
|
|
.cra_name = "__sha512-mb",
|
|
.cra_driver_name = "__intel_sha512-mb",
|
|
.cra_priority = 100,
|
|
/*
|
|
* use ASYNC flag as some buffers in multi-buffer
|
|
* algo may not have completed before hashing thread
|
|
* sleep
|
|
*/
|
|
.cra_flags = CRYPTO_ALG_TYPE_AHASH |
|
|
CRYPTO_ALG_ASYNC |
|
|
CRYPTO_ALG_INTERNAL,
|
|
.cra_blocksize = SHA512_BLOCK_SIZE,
|
|
.cra_module = THIS_MODULE,
|
|
.cra_list = LIST_HEAD_INIT
|
|
(sha512_mb_areq_alg.halg.base.cra_list),
|
|
.cra_init = sha512_mb_areq_init_tfm,
|
|
.cra_exit = sha512_mb_areq_exit_tfm,
|
|
.cra_ctxsize = sizeof(struct sha512_hash_ctx),
|
|
}
|
|
}
|
|
};
|
|
|
|
static int sha512_mb_async_init(struct ahash_request *req)
|
|
{
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
|
|
struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
struct ahash_request *mcryptd_req = ahash_request_ctx(req);
|
|
struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
|
|
|
|
memcpy(mcryptd_req, req, sizeof(*req));
|
|
ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
|
|
return crypto_ahash_init(mcryptd_req);
|
|
}
|
|
|
|
static int sha512_mb_async_update(struct ahash_request *req)
|
|
{
|
|
struct ahash_request *mcryptd_req = ahash_request_ctx(req);
|
|
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
|
|
struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
|
|
|
|
memcpy(mcryptd_req, req, sizeof(*req));
|
|
ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
|
|
return crypto_ahash_update(mcryptd_req);
|
|
}
|
|
|
|
static int sha512_mb_async_finup(struct ahash_request *req)
|
|
{
|
|
struct ahash_request *mcryptd_req = ahash_request_ctx(req);
|
|
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
|
|
struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
|
|
|
|
memcpy(mcryptd_req, req, sizeof(*req));
|
|
ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
|
|
return crypto_ahash_finup(mcryptd_req);
|
|
}
|
|
|
|
static int sha512_mb_async_final(struct ahash_request *req)
|
|
{
|
|
struct ahash_request *mcryptd_req = ahash_request_ctx(req);
|
|
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
|
|
struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
|
|
|
|
memcpy(mcryptd_req, req, sizeof(*req));
|
|
ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
|
|
return crypto_ahash_final(mcryptd_req);
|
|
}
|
|
|
|
static int sha512_mb_async_digest(struct ahash_request *req)
|
|
{
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
|
|
struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
struct ahash_request *mcryptd_req = ahash_request_ctx(req);
|
|
struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
|
|
|
|
memcpy(mcryptd_req, req, sizeof(*req));
|
|
ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
|
|
return crypto_ahash_digest(mcryptd_req);
|
|
}
|
|
|
|
static int sha512_mb_async_export(struct ahash_request *req, void *out)
|
|
{
|
|
struct ahash_request *mcryptd_req = ahash_request_ctx(req);
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
|
|
struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
|
|
|
|
memcpy(mcryptd_req, req, sizeof(*req));
|
|
ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
|
|
return crypto_ahash_export(mcryptd_req, out);
|
|
}
|
|
|
|
static int sha512_mb_async_import(struct ahash_request *req, const void *in)
|
|
{
|
|
struct ahash_request *mcryptd_req = ahash_request_ctx(req);
|
|
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
|
|
struct sha512_mb_ctx *ctx = crypto_ahash_ctx(tfm);
|
|
struct mcryptd_ahash *mcryptd_tfm = ctx->mcryptd_tfm;
|
|
struct crypto_ahash *child = mcryptd_ahash_child(mcryptd_tfm);
|
|
struct mcryptd_hash_request_ctx *rctx;
|
|
struct ahash_request *areq;
|
|
|
|
memcpy(mcryptd_req, req, sizeof(*req));
|
|
ahash_request_set_tfm(mcryptd_req, &mcryptd_tfm->base);
|
|
rctx = ahash_request_ctx(mcryptd_req);
|
|
|
|
areq = &rctx->areq;
|
|
|
|
ahash_request_set_tfm(areq, child);
|
|
ahash_request_set_callback(areq, CRYPTO_TFM_REQ_MAY_SLEEP,
|
|
rctx->complete, req);
|
|
|
|
return crypto_ahash_import(mcryptd_req, in);
|
|
}
|
|
|
|
static struct ahash_alg sha512_mb_async_alg = {
|
|
.init = sha512_mb_async_init,
|
|
.update = sha512_mb_async_update,
|
|
.final = sha512_mb_async_final,
|
|
.finup = sha512_mb_async_finup,
|
|
.digest = sha512_mb_async_digest,
|
|
.export = sha512_mb_async_export,
|
|
.import = sha512_mb_async_import,
|
|
.halg = {
|
|
.digestsize = SHA512_DIGEST_SIZE,
|
|
.statesize = sizeof(struct sha512_hash_ctx),
|
|
.base = {
|
|
.cra_name = "sha512",
|
|
.cra_driver_name = "sha512_mb",
|
|
.cra_priority = 200,
|
|
.cra_flags = CRYPTO_ALG_TYPE_AHASH |
|
|
CRYPTO_ALG_ASYNC,
|
|
.cra_blocksize = SHA512_BLOCK_SIZE,
|
|
.cra_type = &crypto_ahash_type,
|
|
.cra_module = THIS_MODULE,
|
|
.cra_list = LIST_HEAD_INIT
|
|
(sha512_mb_async_alg.halg.base.cra_list),
|
|
.cra_init = sha512_mb_async_init_tfm,
|
|
.cra_exit = sha512_mb_async_exit_tfm,
|
|
.cra_ctxsize = sizeof(struct sha512_mb_ctx),
|
|
.cra_alignmask = 0,
|
|
},
|
|
},
|
|
};
|
|
|
|
static unsigned long sha512_mb_flusher(struct mcryptd_alg_cstate *cstate)
|
|
{
|
|
struct mcryptd_hash_request_ctx *rctx;
|
|
unsigned long cur_time;
|
|
unsigned long next_flush = 0;
|
|
struct sha512_hash_ctx *sha_ctx;
|
|
|
|
|
|
cur_time = jiffies;
|
|
|
|
while (!list_empty(&cstate->work_list)) {
|
|
rctx = list_entry(cstate->work_list.next,
|
|
struct mcryptd_hash_request_ctx, waiter);
|
|
if time_before(cur_time, rctx->tag.expire)
|
|
break;
|
|
kernel_fpu_begin();
|
|
sha_ctx = (struct sha512_hash_ctx *)
|
|
sha512_ctx_mgr_flush(cstate->mgr);
|
|
kernel_fpu_end();
|
|
if (!sha_ctx) {
|
|
pr_err("sha512_mb error: nothing got flushed for"
|
|
" non-empty list\n");
|
|
break;
|
|
}
|
|
rctx = cast_hash_to_mcryptd_ctx(sha_ctx);
|
|
sha_finish_walk(&rctx, cstate, true);
|
|
sha_complete_job(rctx, cstate, 0);
|
|
}
|
|
|
|
if (!list_empty(&cstate->work_list)) {
|
|
rctx = list_entry(cstate->work_list.next,
|
|
struct mcryptd_hash_request_ctx, waiter);
|
|
/* get the hash context and then flush time */
|
|
next_flush = rctx->tag.expire;
|
|
mcryptd_arm_flusher(cstate, get_delay(next_flush));
|
|
}
|
|
return next_flush;
|
|
}
|
|
|
|
static int __init sha512_mb_mod_init(void)
|
|
{
|
|
|
|
int cpu;
|
|
int err;
|
|
struct mcryptd_alg_cstate *cpu_state;
|
|
|
|
/* check for dependent cpu features */
|
|
if (!boot_cpu_has(X86_FEATURE_AVX2) ||
|
|
!boot_cpu_has(X86_FEATURE_BMI2))
|
|
return -ENODEV;
|
|
|
|
/* initialize multibuffer structures */
|
|
sha512_mb_alg_state.alg_cstate =
|
|
alloc_percpu(struct mcryptd_alg_cstate);
|
|
|
|
sha512_job_mgr_init = sha512_mb_mgr_init_avx2;
|
|
sha512_job_mgr_submit = sha512_mb_mgr_submit_avx2;
|
|
sha512_job_mgr_flush = sha512_mb_mgr_flush_avx2;
|
|
sha512_job_mgr_get_comp_job = sha512_mb_mgr_get_comp_job_avx2;
|
|
|
|
if (!sha512_mb_alg_state.alg_cstate)
|
|
return -ENOMEM;
|
|
for_each_possible_cpu(cpu) {
|
|
cpu_state = per_cpu_ptr(sha512_mb_alg_state.alg_cstate, cpu);
|
|
cpu_state->next_flush = 0;
|
|
cpu_state->next_seq_num = 0;
|
|
cpu_state->flusher_engaged = false;
|
|
INIT_DELAYED_WORK(&cpu_state->flush, mcryptd_flusher);
|
|
cpu_state->cpu = cpu;
|
|
cpu_state->alg_state = &sha512_mb_alg_state;
|
|
cpu_state->mgr = kzalloc(sizeof(struct sha512_ctx_mgr),
|
|
GFP_KERNEL);
|
|
if (!cpu_state->mgr)
|
|
goto err2;
|
|
sha512_ctx_mgr_init(cpu_state->mgr);
|
|
INIT_LIST_HEAD(&cpu_state->work_list);
|
|
spin_lock_init(&cpu_state->work_lock);
|
|
}
|
|
sha512_mb_alg_state.flusher = &sha512_mb_flusher;
|
|
|
|
err = crypto_register_ahash(&sha512_mb_areq_alg);
|
|
if (err)
|
|
goto err2;
|
|
err = crypto_register_ahash(&sha512_mb_async_alg);
|
|
if (err)
|
|
goto err1;
|
|
|
|
|
|
return 0;
|
|
err1:
|
|
crypto_unregister_ahash(&sha512_mb_areq_alg);
|
|
err2:
|
|
for_each_possible_cpu(cpu) {
|
|
cpu_state = per_cpu_ptr(sha512_mb_alg_state.alg_cstate, cpu);
|
|
kfree(cpu_state->mgr);
|
|
}
|
|
free_percpu(sha512_mb_alg_state.alg_cstate);
|
|
return -ENODEV;
|
|
}
|
|
|
|
static void __exit sha512_mb_mod_fini(void)
|
|
{
|
|
int cpu;
|
|
struct mcryptd_alg_cstate *cpu_state;
|
|
|
|
crypto_unregister_ahash(&sha512_mb_async_alg);
|
|
crypto_unregister_ahash(&sha512_mb_areq_alg);
|
|
for_each_possible_cpu(cpu) {
|
|
cpu_state = per_cpu_ptr(sha512_mb_alg_state.alg_cstate, cpu);
|
|
kfree(cpu_state->mgr);
|
|
}
|
|
free_percpu(sha512_mb_alg_state.alg_cstate);
|
|
}
|
|
|
|
module_init(sha512_mb_mod_init);
|
|
module_exit(sha512_mb_mod_fini);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_DESCRIPTION("SHA512 Secure Hash Algorithm, multi buffer accelerated");
|
|
|
|
MODULE_ALIAS("sha512");
|