Re: [PATCH] crypto: talitos - add support for sha224

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Kim Phillips wrote:
SEC h/w versions 2.1 and above support sha224 via explicit instruction.

Performing sha224 ahashes on earlier versions is still possible because
they support sha256 (sha224 is sha256 with different initial constants
and a different truncation length).  We do this by overriding hardware
context self-initialization, and perform it manually in s/w instead.

Signed-off-by: Kim Phillips <kim.phillips@xxxxxxxxxxxxx>

tested on my 8349E, and discovered it needed
a couple of small changes.  I've noted them below.

@@ -1722,7 +1725,7 @@ static int ahash_init(struct ahash_request *areq)
/* Initialize the context */
 	req_ctx->count = 0;
-	req_ctx->first = 1; /* first indicates h/w must init it's context */
+	req_ctx->first = 1; /* first indicates h/w must init its context */

need this here:

+	req_ctx->swinit = 0;/* assume h/w init of context */

 	req_ctx->hw_context_size =
 		(crypto_ahash_digestsize(tfm) <= SHA256_DIGEST_SIZE)
 			? TALITOS_MDEU_CONTEXT_SIZE_MD5_SHA1_SHA256
@@ -1731,6 +1734,29 @@ static int ahash_init(struct ahash_request *areq)
 	return 0;
 }
+/*
+ * on h/w without explicit sha224 support, we initialize h/w context
+ * manually with sha224 constants, and tell it to run sha256.
+ */
+static int ahash_init_sha224_swinit(struct ahash_request *areq)
+{
+	struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
+
+	ahash_init(areq);
+	req_ctx->swinit = 1;/* prevent h/w initting context with sha256 values*/
+
+	req_ctx->hw_context[0] = cpu_to_be32(SHA224_H0);
+	req_ctx->hw_context[1] = cpu_to_be32(SHA224_H1);
+	req_ctx->hw_context[2] = cpu_to_be32(SHA224_H2);
+	req_ctx->hw_context[3] = cpu_to_be32(SHA224_H3);
+	req_ctx->hw_context[4] = cpu_to_be32(SHA224_H4);
+	req_ctx->hw_context[5] = cpu_to_be32(SHA224_H5);
+	req_ctx->hw_context[6] = cpu_to_be32(SHA224_H6);
+	req_ctx->hw_context[7] = cpu_to_be32(SHA224_H7);

need to add this here:

+       req_ctx->hw_context[8] = 0; /* Initialize 64-bit count */
+       req_ctx->hw_context[9] = 0;

+
+	return 0;
+}
+
 static int ahash_process_req(struct ahash_request *areq, unsigned int nbytes)
 {
 	struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);

With the extra initialization, it's all good.

Nice way to overcome the 8349E 1.x errata and
add support for all driver compatible devices. I like it.

Signed-off by: Lee Nipper <lee.nipper@xxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

Add to Google