Hi Herbert and others,
attached is a patch with support for VIA C7 crypto engine providing
SHA1/SHA256 digests. It compiles into a new module padlock-sha.ko.
Currently it allocates 1 page for its buffer and if there are more data
to be hashed it falls back to software SHA implementation. By default it
requests sha1-generic and sha256-generic modules for fallbacks. Patch
that adds these aliases to sha1.ko and sha256.ko is at
http://www.logix.cz/michal/devel/padlock/kernel-2.6.17-aliases.diff
I also use some accessors as discussed earlier on the linux-crypto list:
http://www.logix.cz/michal/devel/padlock/kernel-2.6.17-accessors.diff
The patch is based on cryptodev-2.6 GIT tree but you'll need to fetch
commit ID 224f611c1639cb6c134a934dae7f7b9f0ac3b540 from Linus' tree to
compile it (or #if 0/#endif the two checks for cpu_has_phe(_enabled) in
padlock_init() function).
Here are some benchmarks from tcrypt.ko (mode=303 for sha1 and mode=304
for sha256):
SHA1
Block size Software PadLock
16 bytes: 272 cycles/byte 43 cycles/byte
64 bytes: 126 cycles/byte 15 cycles/byte
256 bytes: 74 cycles/byte7 cycles/byte
1024 bytes: 61 cycles/byte5 cycles/byte
2048 bytes: 59 cycles/byte4 cycles/byte
4096 bytes: 58 cycles/byte4 cycles/byte
8192 bytes: 58 cycles/byte 58 cycles/byte
SHA256
Block size Software PadLock
16 bytes: 311 cycles/byte 48 cycles/byte
64 bytes: 144 cycles/byte 16 cycles/byte
256 bytes: 86 cycles/byte7 cycles/byte
1024 bytes: 72 cycles/byte5 cycles/byte
2048 bytes: 70 cycles/byte5 cycles/byte
4096 bytes: 68 cycles/byte4 cycles/byte
8192 bytes: 68 cycles/byte 70 cycles/byte
For 8k pages it falls back to software, so the significant slowdown. All
results are at
http://www.logix.cz/michal/devel/padlock/kernel-2.6.17-results.txt
Note - to compile this patch on vanilla 2.6.17 and 2.6.17 please apply
http://www.logix.cz/michal/devel/padlock/kernel-2.6.16-padlock-prereq.diff
first (it contains all the above mentioned diffs as well).
The attached patch is also available at
http://www.logix.cz/michal/devel/padlock/kernel-padlock-sha.diff
(just in case it gets wrapped in the email).
Please comment :-)
Michal Ludvig
---
Support for SHA1 / SHA256 algorithms in VIA C7 processors.
Signed-off-by: Michal Ludvig [EMAIL PROTECTED]
Index: linux-2.6.16.13-xenU/drivers/crypto/padlock-sha.c
===
--- /dev/null
+++ linux-2.6.16.13-xenU/drivers/crypto/padlock-sha.c
@@ -0,0 +1,366 @@
+/*
+ * Cryptographic API.
+ *
+ * Support for VIA PadLock hardware crypto engine.
+ *
+ * Copyright (c) 2006 Michal Ludvig [EMAIL PROTECTED]
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ */
+
+#include linux/module.h
+#include linux/init.h
+#include linux/types.h
+#include linux/errno.h
+#include linux/crypto.h
+#include linux/cryptohash.h
+#include linux/interrupt.h
+#include linux/kernel.h
+#include linux/scatterlist.h
+#include asm/byteorder.h
+#include padlock.h
+
+#define PADLOCK_CRA_PRIORITY 300
+
+#define SHA1_DEFAULT_FALLBACK sha1-generic
+#define SHA1_DIGEST_SIZE20
+#define SHA1_HMAC_BLOCK_SIZE64
+
+#define SHA256_DEFAULT_FALLBACK sha256-generic
+#define SHA256_DIGEST_SIZE 32
+#define SHA256_HMAC_BLOCK_SIZE 64
+
+static char *sha1_fallback = SHA1_DEFAULT_FALLBACK;
+static char *sha256_fallback = SHA256_DEFAULT_FALLBACK;
+
+module_param(sha1_fallback, charp, 0444);
+module_param(sha256_fallback, charp, 0444);
+
+MODULE_PARM_DESC(sha1_fallback, Fallback driver for SHA1. Default is
SHA1_DEFAULT_FALLBACK);
+MODULE_PARM_DESC(sha256_fallback, Fallback driver for SHA256. Default is
SHA256_DEFAULT_FALLBACK);
+
+struct padlock_sha_ctx {
+ char*data;
+ size_t used;
+ size_t data_len;
+ int bypass;
+ void (*f_sha_padlock)(const char *in, char *out, int count);
+ const char *fallback_driver_name;
+ struct crypto_tfm *fallback_tfm;
+};
+
+#define CTX(tfm) ((struct padlock_sha_ctx*)(crypto_tfm_ctx(tfm)))
+
+/* We'll need aligned address on the stack */
+#define NEAREST_ALIGNED(ptr) ((unsigned char *)(ptr) + \
+ ((0x10 - ((size_t)(ptr) 0x0F)) 0x0F))
+
+static struct crypto_tfm *tfm_sha1, *tfm_sha256;
+static struct crypto_alg sha1_alg, sha256_alg;
+
+static void padlock_sha_bypass(struct crypto_tfm *tfm)
+{
+ if (CTX(tfm)-bypass)
+ return;
+
+ /* We're attempting to use ALG from a module of the same name,
+* e.g. sha1 algo from sha1.ko. This could be more intelligent and
+* allow e.g. sha1-i586 module to be used instead. Hmm, maybe later.
+*
+* BTW We assume we get a