diff options
author | Sebastian Siewior <sebastian@breakpoint.cc> | 2007-10-07 23:45:10 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:55:50 -0400 |
commit | ad5d27899fdbe7a66e57fdf1af883dbd7ff88dac (patch) | |
tree | 666a5809fd9a01e0798411b94962903c3431400c /crypto/sha256_generic.c | |
parent | f8246af005d56b73f4f04304fc5b6fd9878af4ef (diff) |
[CRYPTO] sha: Load the SHA[1|256] module by an alias
Loading the crypto algorithm by the alias instead of by module directly
has the advantage that all possible implementations of this algorithm
are loaded automatically and the crypto API can choose the best one
depending on its priority.
Additionally it ensures that the generic implementation as well as the
HW driver (if available) is loaded in case the HW driver needs the
generic version as fallback in corner cases.
Also remove the probe for sha1 in padlock's init code.
Quote from Herbert:
The probe is actually pointless since we can always probe when
the algorithm is actually used which does not lead to dead-locks
like this.
Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/sha256_generic.c')
-rw-r--r-- | crypto/sha256_generic.c | 342 |
1 files changed, 342 insertions, 0 deletions
diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c new file mode 100644 index 00000000000..74bf2f95f4e --- /dev/null +++ b/crypto/sha256_generic.c | |||
@@ -0,0 +1,342 @@ | |||
1 | /* | ||
2 | * Cryptographic API. | ||
3 | * | ||
4 | * SHA-256, as specified in | ||
5 | * http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf | ||
6 | * | ||
7 | * SHA-256 code by Jean-Luc Cooke <jlcooke@certainkey.com>. | ||
8 | * | ||
9 | * Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com> | ||
10 | * Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk> | ||
11 | * Copyright (c) 2002 James Morris <jmorris@intercode.com.au> | ||
12 | * | ||
13 | * This program is free software; you can redistribute it and/or modify it | ||
14 | * under the terms of the GNU General Public License as published by the Free | ||
15 | * Software Foundation; either version 2 of the License, or (at your option) | ||
16 | * any later version. | ||
17 | * | ||
18 | */ | ||
19 | #include <linux/init.h> | ||
20 | #include <linux/module.h> | ||
21 | #include <linux/mm.h> | ||
22 | #include <linux/crypto.h> | ||
23 | #include <linux/types.h> | ||
24 | #include <asm/scatterlist.h> | ||
25 | #include <asm/byteorder.h> | ||
26 | |||
27 | #define SHA256_DIGEST_SIZE 32 | ||
28 | #define SHA256_HMAC_BLOCK_SIZE 64 | ||
29 | |||
30 | struct sha256_ctx { | ||
31 | u32 count[2]; | ||
32 | u32 state[8]; | ||
33 | u8 buf[128]; | ||
34 | }; | ||
35 | |||
36 | static inline u32 Ch(u32 x, u32 y, u32 z) | ||
37 | { | ||
38 | return z ^ (x & (y ^ z)); | ||
39 | } | ||
40 | |||
41 | static inline u32 Maj(u32 x, u32 y, u32 z) | ||
42 | { | ||
43 | return (x & y) | (z & (x | y)); | ||
44 | } | ||
45 | |||
46 | #define e0(x) (ror32(x, 2) ^ ror32(x,13) ^ ror32(x,22)) | ||
47 | #define e1(x) (ror32(x, 6) ^ ror32(x,11) ^ ror32(x,25)) | ||
48 | #define s0(x) (ror32(x, 7) ^ ror32(x,18) ^ (x >> 3)) | ||
49 | #define s1(x) (ror32(x,17) ^ ror32(x,19) ^ (x >> 10)) | ||
50 | |||
51 | #define H0 0x6a09e667 | ||
52 | #define H1 0xbb67ae85 | ||
53 | #define H2 0x3c6ef372 | ||
54 | #define H3 0xa54ff53a | ||
55 | #define H4 0x510e527f | ||
56 | #define H5 0x9b05688c | ||
57 | #define H6 0x1f83d9ab | ||
58 | #define H7 0x5be0cd19 | ||
59 | |||
60 | static inline void LOAD_OP(int I, u32 *W, const u8 *input) | ||
61 | { | ||
62 | W[I] = __be32_to_cpu( ((__be32*)(input))[I] ); | ||
63 | } | ||
64 | |||
65 | static inline void BLEND_OP(int I, u32 *W) | ||
66 | { | ||
67 | W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16]; | ||
68 | } | ||
69 | |||
70 | static void sha256_transform(u32 *state, const u8 *input) | ||
71 | { | ||
72 | u32 a, b, c, d, e, f, g, h, t1, t2; | ||
73 | u32 W[64]; | ||
74 | int i; | ||
75 | |||
76 | /* load the input */ | ||
77 | for (i = 0; i < 16; i++) | ||
78 | LOAD_OP(i, W, input); | ||
79 | |||
80 | /* now blend */ | ||
81 | for (i = 16; i < 64; i++) | ||
82 | BLEND_OP(i, W); | ||
83 | |||
84 | /* load the state into our registers */ | ||
85 | a=state[0]; b=state[1]; c=state[2]; d=state[3]; | ||
86 | e=state[4]; f=state[5]; g=state[6]; h=state[7]; | ||
87 | |||
88 | /* now iterate */ | ||
89 | t1 = h + e1(e) + Ch(e,f,g) + 0x428a2f98 + W[ 0]; | ||
90 | t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; | ||
91 | t1 = g + e1(d) + Ch(d,e,f) + 0x71374491 + W[ 1]; | ||
92 | t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; | ||
93 | t1 = f + e1(c) + Ch(c,d,e) + 0xb5c0fbcf + W[ 2]; | ||
94 | t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; | ||
95 | t1 = e + e1(b) + Ch(b,c,d) + 0xe9b5dba5 + W[ 3]; | ||
96 | t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; | ||
97 | t1 = d + e1(a) + Ch(a,b,c) + 0x3956c25b + W[ 4]; | ||
98 | t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; | ||
99 | t1 = c + e1(h) + Ch(h,a,b) + 0x59f111f1 + W[ 5]; | ||
100 | t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; | ||
101 | t1 = b + e1(g) + Ch(g,h,a) + 0x923f82a4 + W[ 6]; | ||
102 | t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; | ||
103 | t1 = a + e1(f) + Ch(f,g,h) + 0xab1c5ed5 + W[ 7]; | ||
104 | t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; | ||
105 | |||
106 | t1 = h + e1(e) + Ch(e,f,g) + 0xd807aa98 + W[ 8]; | ||
107 | t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; | ||
108 | t1 = g + e1(d) + Ch(d,e,f) + 0x12835b01 + W[ 9]; | ||
109 | t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; | ||
110 | t1 = f + e1(c) + Ch(c,d,e) + 0x243185be + W[10]; | ||
111 | t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; | ||
112 | t1 = e + e1(b) + Ch(b,c,d) + 0x550c7dc3 + W[11]; | ||
113 | t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; | ||
114 | t1 = d + e1(a) + Ch(a,b,c) + 0x72be5d74 + W[12]; | ||
115 | t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; | ||
116 | t1 = c + e1(h) + Ch(h,a,b) + 0x80deb1fe + W[13]; | ||
117 | t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; | ||
118 | t1 = b + e1(g) + Ch(g,h,a) + 0x9bdc06a7 + W[14]; | ||
119 | t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; | ||
120 | t1 = a + e1(f) + Ch(f,g,h) + 0xc19bf174 + W[15]; | ||
121 | t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; | ||
122 | |||
123 | t1 = h + e1(e) + Ch(e,f,g) + 0xe49b69c1 + W[16]; | ||
124 | t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; | ||
125 | t1 = g + e1(d) + Ch(d,e,f) + 0xefbe4786 + W[17]; | ||
126 | t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; | ||
127 | t1 = f + e1(c) + Ch(c,d,e) + 0x0fc19dc6 + W[18]; | ||
128 | t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; | ||
129 | t1 = e + e1(b) + Ch(b,c,d) + 0x240ca1cc + W[19]; | ||
130 | t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; | ||
131 | t1 = d + e1(a) + Ch(a,b,c) + 0x2de92c6f + W[20]; | ||
132 | t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; | ||
133 | t1 = c + e1(h) + Ch(h,a,b) + 0x4a7484aa + W[21]; | ||
134 | t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; | ||
135 | t1 = b + e1(g) + Ch(g,h,a) + 0x5cb0a9dc + W[22]; | ||
136 | t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; | ||
137 | t1 = a + e1(f) + Ch(f,g,h) + 0x76f988da + W[23]; | ||
138 | t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; | ||
139 | |||
140 | t1 = h + e1(e) + Ch(e,f,g) + 0x983e5152 + W[24]; | ||
141 | t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; | ||
142 | t1 = g + e1(d) + Ch(d,e,f) + 0xa831c66d + W[25]; | ||
143 | t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; | ||
144 | t1 = f + e1(c) + Ch(c,d,e) + 0xb00327c8 + W[26]; | ||
145 | t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; | ||
146 | t1 = e + e1(b) + Ch(b,c,d) + 0xbf597fc7 + W[27]; | ||
147 | t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; | ||
148 | t1 = d + e1(a) + Ch(a,b,c) + 0xc6e00bf3 + W[28]; | ||
149 | t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; | ||
150 | t1 = c + e1(h) + Ch(h,a,b) + 0xd5a79147 + W[29]; | ||
151 | t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; | ||
152 | t1 = b + e1(g) + Ch(g,h,a) + 0x06ca6351 + W[30]; | ||
153 | t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; | ||
154 | t1 = a + e1(f) + Ch(f,g,h) + 0x14292967 + W[31]; | ||
155 | t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; | ||
156 | |||
157 | t1 = h + e1(e) + Ch(e,f,g) + 0x27b70a85 + W[32]; | ||
158 | t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; | ||
159 | t1 = g + e1(d) + Ch(d,e,f) + 0x2e1b2138 + W[33]; | ||
160 | t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; | ||
161 | t1 = f + e1(c) + Ch(c,d,e) + 0x4d2c6dfc + W[34]; | ||
162 | t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; | ||
163 | t1 = e + e1(b) + Ch(b,c,d) + 0x53380d13 + W[35]; | ||
164 | t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; | ||
165 | t1 = d + e1(a) + Ch(a,b,c) + 0x650a7354 + W[36]; | ||
166 | t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; | ||
167 | t1 = c + e1(h) + Ch(h,a,b) + 0x766a0abb + W[37]; | ||
168 | t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; | ||
169 | t1 = b + e1(g) + Ch(g,h,a) + 0x81c2c92e + W[38]; | ||
170 | t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; | ||
171 | t1 = a + e1(f) + Ch(f,g,h) + 0x92722c85 + W[39]; | ||
172 | t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; | ||
173 | |||
174 | t1 = h + e1(e) + Ch(e,f,g) + 0xa2bfe8a1 + W[40]; | ||
175 | t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; | ||
176 | t1 = g + e1(d) + Ch(d,e,f) + 0xa81a664b + W[41]; | ||
177 | t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; | ||
178 | t1 = f + e1(c) + Ch(c,d,e) + 0xc24b8b70 + W[42]; | ||
179 | t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; | ||
180 | t1 = e + e1(b) + Ch(b,c,d) + 0xc76c51a3 + W[43]; | ||
181 | t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; | ||
182 | t1 = d + e1(a) + Ch(a,b,c) + 0xd192e819 + W[44]; | ||
183 | t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; | ||
184 | t1 = c + e1(h) + Ch(h,a,b) + 0xd6990624 + W[45]; | ||
185 | t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; | ||
186 | t1 = b + e1(g) + Ch(g,h,a) + 0xf40e3585 + W[46]; | ||
187 | t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; | ||
188 | t1 = a + e1(f) + Ch(f,g,h) + 0x106aa070 + W[47]; | ||
189 | t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; | ||
190 | |||
191 | t1 = h + e1(e) + Ch(e,f,g) + 0x19a4c116 + W[48]; | ||
192 | t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; | ||
193 | t1 = g + e1(d) + Ch(d,e,f) + 0x1e376c08 + W[49]; | ||
194 | t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; | ||
195 | t1 = f + e1(c) + Ch(c,d,e) + 0x2748774c + W[50]; | ||
196 | t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; | ||
197 | t1 = e + e1(b) + Ch(b,c,d) + 0x34b0bcb5 + W[51]; | ||
198 | t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; | ||
199 | t1 = d + e1(a) + Ch(a,b,c) + 0x391c0cb3 + W[52]; | ||
200 | t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; | ||
201 | t1 = c + e1(h) + Ch(h,a,b) + 0x4ed8aa4a + W[53]; | ||
202 | t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; | ||
203 | t1 = b + e1(g) + Ch(g,h,a) + 0x5b9cca4f + W[54]; | ||
204 | t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; | ||
205 | t1 = a + e1(f) + Ch(f,g,h) + 0x682e6ff3 + W[55]; | ||
206 | t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; | ||
207 | |||
208 | t1 = h + e1(e) + Ch(e,f,g) + 0x748f82ee + W[56]; | ||
209 | t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; | ||
210 | t1 = g + e1(d) + Ch(d,e,f) + 0x78a5636f + W[57]; | ||
211 | t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; | ||
212 | t1 = f + e1(c) + Ch(c,d,e) + 0x84c87814 + W[58]; | ||
213 | t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; | ||
214 | t1 = e + e1(b) + Ch(b,c,d) + 0x8cc70208 + W[59]; | ||
215 | t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; | ||
216 | t1 = d + e1(a) + Ch(a,b,c) + 0x90befffa + W[60]; | ||
217 | t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; | ||
218 | t1 = c + e1(h) + Ch(h,a,b) + 0xa4506ceb + W[61]; | ||
219 | t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; | ||
220 | t1 = b + e1(g) + Ch(g,h,a) + 0xbef9a3f7 + W[62]; | ||
221 | t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; | ||
222 | t1 = a + e1(f) + Ch(f,g,h) + 0xc67178f2 + W[63]; | ||
223 | t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; | ||
224 | |||
225 | state[0] += a; state[1] += b; state[2] += c; state[3] += d; | ||
226 | state[4] += e; state[5] += f; state[6] += g; state[7] += h; | ||
227 | |||
228 | /* clear any sensitive info... */ | ||
229 | a = b = c = d = e = f = g = h = t1 = t2 = 0; | ||
230 | memset(W, 0, 64 * sizeof(u32)); | ||
231 | } | ||
232 | |||
233 | static void sha256_init(struct crypto_tfm *tfm) | ||
234 | { | ||
235 | struct sha256_ctx *sctx = crypto_tfm_ctx(tfm); | ||
236 | sctx->state[0] = H0; | ||
237 | sctx->state[1] = H1; | ||
238 | sctx->state[2] = H2; | ||
239 | sctx->state[3] = H3; | ||
240 | sctx->state[4] = H4; | ||
241 | sctx->state[5] = H5; | ||
242 | sctx->state[6] = H6; | ||
243 | sctx->state[7] = H7; | ||
244 | sctx->count[0] = sctx->count[1] = 0; | ||
245 | } | ||
246 | |||
247 | static void sha256_update(struct crypto_tfm *tfm, const u8 *data, | ||
248 | unsigned int len) | ||
249 | { | ||
250 | struct sha256_ctx *sctx = crypto_tfm_ctx(tfm); | ||
251 | unsigned int i, index, part_len; | ||
252 | |||
253 | /* Compute number of bytes mod 128 */ | ||
254 | index = (unsigned int)((sctx->count[0] >> 3) & 0x3f); | ||
255 | |||
256 | /* Update number of bits */ | ||
257 | if ((sctx->count[0] += (len << 3)) < (len << 3)) { | ||
258 | sctx->count[1]++; | ||
259 | sctx->count[1] += (len >> 29); | ||
260 | } | ||
261 | |||
262 | part_len = 64 - index; | ||
263 | |||
264 | /* Transform as many times as possible. */ | ||
265 | if (len >= part_len) { | ||
266 | memcpy(&sctx->buf[index], data, part_len); | ||
267 | sha256_transform(sctx->state, sctx->buf); | ||
268 | |||
269 | for (i = part_len; i + 63 < len; i += 64) | ||
270 | sha256_transform(sctx->state, &data[i]); | ||
271 | index = 0; | ||
272 | } else { | ||
273 | i = 0; | ||
274 | } | ||
275 | |||
276 | /* Buffer remaining input */ | ||
277 | memcpy(&sctx->buf[index], &data[i], len-i); | ||
278 | } | ||
279 | |||
280 | static void sha256_final(struct crypto_tfm *tfm, u8 *out) | ||
281 | { | ||
282 | struct sha256_ctx *sctx = crypto_tfm_ctx(tfm); | ||
283 | __be32 *dst = (__be32 *)out; | ||
284 | __be32 bits[2]; | ||
285 | unsigned int index, pad_len; | ||
286 | int i; | ||
287 | static const u8 padding[64] = { 0x80, }; | ||
288 | |||
289 | /* Save number of bits */ | ||
290 | bits[1] = cpu_to_be32(sctx->count[0]); | ||
291 | bits[0] = cpu_to_be32(sctx->count[1]); | ||
292 | |||
293 | /* Pad out to 56 mod 64. */ | ||
294 | index = (sctx->count[0] >> 3) & 0x3f; | ||
295 | pad_len = (index < 56) ? (56 - index) : ((64+56) - index); | ||
296 | sha256_update(tfm, padding, pad_len); | ||
297 | |||
298 | /* Append length (before padding) */ | ||
299 | sha256_update(tfm, (const u8 *)bits, sizeof(bits)); | ||
300 | |||
301 | /* Store state in digest */ | ||
302 | for (i = 0; i < 8; i++) | ||
303 | dst[i] = cpu_to_be32(sctx->state[i]); | ||
304 | |||
305 | /* Zeroize sensitive information. */ | ||
306 | memset(sctx, 0, sizeof(*sctx)); | ||
307 | } | ||
308 | |||
309 | |||
310 | static struct crypto_alg alg = { | ||
311 | .cra_name = "sha256", | ||
312 | .cra_driver_name= "sha256-generic", | ||
313 | .cra_flags = CRYPTO_ALG_TYPE_DIGEST, | ||
314 | .cra_blocksize = SHA256_HMAC_BLOCK_SIZE, | ||
315 | .cra_ctxsize = sizeof(struct sha256_ctx), | ||
316 | .cra_module = THIS_MODULE, | ||
317 | .cra_alignmask = 3, | ||
318 | .cra_list = LIST_HEAD_INIT(alg.cra_list), | ||
319 | .cra_u = { .digest = { | ||
320 | .dia_digestsize = SHA256_DIGEST_SIZE, | ||
321 | .dia_init = sha256_init, | ||
322 | .dia_update = sha256_update, | ||
323 | .dia_final = sha256_final } } | ||
324 | }; | ||
325 | |||
326 | static int __init init(void) | ||
327 | { | ||
328 | return crypto_register_alg(&alg); | ||
329 | } | ||
330 | |||
331 | static void __exit fini(void) | ||
332 | { | ||
333 | crypto_unregister_alg(&alg); | ||
334 | } | ||
335 | |||
336 | module_init(init); | ||
337 | module_exit(fini); | ||
338 | |||
339 | MODULE_LICENSE("GPL"); | ||
340 | MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm"); | ||
341 | |||
342 | MODULE_ALIAS("sha256"); | ||