^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0 OR MIT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Based on public domain code from Daniel J. Bernstein and Peter Schwabe. This
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * began from SUPERCOP's curve25519/neon2/scalarmult.s, but has subsequently been
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * manually reworked for use in kernel space.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <asm/hwcap.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <asm/neon.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <asm/simd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <crypto/internal/kpp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <crypto/internal/simd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/jump_label.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/scatterlist.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <crypto/curve25519.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) asmlinkage void curve25519_neon(u8 mypublic[CURVE25519_KEY_SIZE],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) const u8 secret[CURVE25519_KEY_SIZE],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) const u8 basepoint[CURVE25519_KEY_SIZE]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) static __ro_after_init DEFINE_STATIC_KEY_FALSE(have_neon);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) void curve25519_arch(u8 out[CURVE25519_KEY_SIZE],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) const u8 scalar[CURVE25519_KEY_SIZE],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) const u8 point[CURVE25519_KEY_SIZE])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) if (static_branch_likely(&have_neon) && crypto_simd_usable()) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) kernel_neon_begin();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) curve25519_neon(out, scalar, point);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) kernel_neon_end();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) curve25519_generic(out, scalar, point);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) EXPORT_SYMBOL(curve25519_arch);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) void curve25519_base_arch(u8 pub[CURVE25519_KEY_SIZE],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) const u8 secret[CURVE25519_KEY_SIZE])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) return curve25519_arch(pub, secret, curve25519_base_point);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) EXPORT_SYMBOL(curve25519_base_arch);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) static int curve25519_set_secret(struct crypto_kpp *tfm, const void *buf,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) unsigned int len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) u8 *secret = kpp_tfm_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) if (!len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) curve25519_generate_secret(secret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) else if (len == CURVE25519_KEY_SIZE &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) crypto_memneq(buf, curve25519_null_point, CURVE25519_KEY_SIZE))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) memcpy(secret, buf, CURVE25519_KEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) static int curve25519_compute_value(struct kpp_request *req)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) struct crypto_kpp *tfm = crypto_kpp_reqtfm(req);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) const u8 *secret = kpp_tfm_ctx(tfm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) u8 public_key[CURVE25519_KEY_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) u8 buf[CURVE25519_KEY_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) int copied, nbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) u8 const *bp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) if (req->src) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) copied = sg_copy_to_buffer(req->src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) sg_nents_for_len(req->src,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) CURVE25519_KEY_SIZE),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) public_key, CURVE25519_KEY_SIZE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) if (copied != CURVE25519_KEY_SIZE)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) bp = public_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) bp = curve25519_base_point;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) curve25519_arch(buf, secret, bp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) /* might want less than we've got */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) nbytes = min_t(size_t, CURVE25519_KEY_SIZE, req->dst_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) copied = sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) nbytes),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) buf, nbytes);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) if (copied != nbytes)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) static unsigned int curve25519_max_size(struct crypto_kpp *tfm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) return CURVE25519_KEY_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) static struct kpp_alg curve25519_alg = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) .base.cra_name = "curve25519",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) .base.cra_driver_name = "curve25519-neon",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) .base.cra_priority = 200,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) .base.cra_module = THIS_MODULE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) .base.cra_ctxsize = CURVE25519_KEY_SIZE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) .set_secret = curve25519_set_secret,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) .generate_public_key = curve25519_compute_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) .compute_shared_secret = curve25519_compute_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) .max_size = curve25519_max_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) static int __init mod_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) if (elf_hwcap & HWCAP_NEON) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) static_branch_enable(&have_neon);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) return IS_REACHABLE(CONFIG_CRYPTO_KPP) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) crypto_register_kpp(&curve25519_alg) : 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) static void __exit mod_exit(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) if (IS_REACHABLE(CONFIG_CRYPTO_KPP) && elf_hwcap & HWCAP_NEON)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) crypto_unregister_kpp(&curve25519_alg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) module_init(mod_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) module_exit(mod_exit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) MODULE_ALIAS_CRYPTO("curve25519");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) MODULE_ALIAS_CRYPTO("curve25519-neon");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) MODULE_LICENSE("GPL v2");
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags
| Donate