NVVSE SM3 Implementation

Implements SM3 in NVVSE crypto driver linux
ESSS-1346

Change-Id: I9f8b9bc18d7c30d8dac04e8f19941ef061aa8478
Signed-off-by: Khushi <khushi@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3131643
Reviewed-by: Leo Chiu <lchiu@nvidia.com>
Reviewed-by: Sandeep Trasi <strasi@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>

drivers/crypto/tegra-hv-vse-safety.c

@@ -31,6 +31,7 @@
 #include <crypto/sha1.h>
 #include <crypto/sha2.h>
 #include <crypto/sha3.h>
+#include <crypto/sm3.h>
 #include <linux/delay.h>
 #include <soc/tegra/virt/hv-ivc.h>
 #include <linux/iommu.h>
@@ -528,12 +529,10 @@ struct sha_zero_length_vector {
 
 /* Tegra Virtual Security Engine operation modes */
 enum tegra_virtual_se_op_mode {
-	/* Secure Hash Algorithm-1 (SHA1) mode */
-	VIRTUAL_SE_OP_MODE_SHA1,
-	/* Secure Hash Algorithm-224  (SHA224) mode */
-	VIRTUAL_SE_OP_MODE_SHA224 = 4,
+	/* (SM3-256) mode */
+	VIRTUAL_SE_OP_MODE_SM3 = 0,
 	/* Secure Hash Algorithm-256  (SHA256) mode */
-	VIRTUAL_SE_OP_MODE_SHA256,
+	VIRTUAL_SE_OP_MODE_SHA256 = 5,
 	/* Secure Hash Algorithm-384  (SHA384) mode */
 	VIRTUAL_SE_OP_MODE_SHA384,
 	/* Secure Hash Algorithm-512  (SHA512) mode */
@@ -1385,16 +1384,11 @@ static int tegra_hv_vse_safety_sha_op(struct ahash_request *req, bool is_last,
 	int ret;
 	struct sha_zero_length_vector zero_vec[] = {
 		{
-			.size = SHA1_DIGEST_SIZE,
-			.digest = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d"
-				  "\x32\x55\xbf\xef\x95\x60\x18\x90"
-				  "\xaf\xd8\x07\x09",
-		}, {
-			.size = SHA224_DIGEST_SIZE,
-			.digest = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
-				  "\x47\x61\x02\xbb\x28\x82\x34\xc4"
-				  "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
-				  "\xc5\xb3\xe4\x2f",
+			.size = SM3_DIGEST_SIZE,
+			.digest = "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f"
+					"\x8e\x61\x19\x48\x31\xe8\x1a\x8f"
+					"\x22\xbe\xc8\xc7\x28\xfe\xfb\x74"
+					"\x7e\xd0\x35\xeb\x50\x82\xaa\x2b",
 		}, {
 			.size = SHA256_DIGEST_SIZE,
 			.digest = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
@@ -1513,12 +1507,12 @@ static int tegra_hv_vse_safety_sha_op(struct ahash_request *req, bool is_last,
 		/* If the request length is zero, SW WAR for zero length SHA
 		 * operation since SE HW can't accept zero length SHA operation
 		 */
-		if (req_ctx->mode == VIRTUAL_SE_OP_MODE_SHA1)
-			mode = VIRTUAL_SE_OP_MODE_SHA1;
+		if (req_ctx->mode == VIRTUAL_SE_OP_MODE_SM3)
+			mode = VIRTUAL_SE_OP_MODE_SM3;
 		else if (req_ctx->mode < VIRTUAL_SE_OP_MODE_SHA3_256)
-			mode = req_ctx->mode - VIRTUAL_SE_OP_MODE_SHA224 + 1;
+			mode = req_ctx->mode - VIRTUAL_SE_OP_MODE_SHA256 + 1;
 		else
-			mode = req_ctx->mode - VIRTUAL_SE_OP_MODE_SHA224 - 1;
+			mode = req_ctx->mode - VIRTUAL_SE_OP_MODE_SHA256 - 1;
 
 		if (is_last) {
 			if (req->result) {
@@ -1622,6 +1616,11 @@ static int tegra_hv_vse_safety_sha_init(struct ahash_request *req)
 			TEGRA_VIRTUAL_SE_SHA_HASH_BLOCK_SIZE_1088BIT;
 		req_ctx->intermediate_digest_size = SHA3_STATE_SIZE;
 		req_ctx->digest_size = sha_ctx->digest_size;
+	} else if ((strcmp(crypto_ahash_alg_name(tfm), "sm3-vse") == 0) &&
+		(se_dev->chipdata->sm_supported)) {
+		req_ctx->mode = VIRTUAL_SE_OP_MODE_SM3;
+		req_ctx->blk_size = SM3_BLOCK_SIZE;
+		req_ctx->intermediate_digest_size = SM3_DIGEST_SIZE;
 	} else {
 		dev_err(se_dev->dev, "Invalid SHA Mode\n");
 		return -EINVAL;
@@ -4213,52 +4212,6 @@ static struct ahash_alg gmac_alg = {
 
 static struct ahash_alg sha_algs[] = {
 	{
-		.init = tegra_hv_vse_safety_sha_init,
-		.update = tegra_hv_vse_safety_sha_update,
-		.final = tegra_hv_vse_safety_sha_final,
-		.finup = tegra_hv_vse_safety_sha_finup,
-		.digest = tegra_hv_vse_safety_sha_digest,
-		.export = tegra_hv_vse_safety_sha_export,
-		.import = tegra_hv_vse_safety_sha_import,
-		.halg.digestsize = SHA1_DIGEST_SIZE,
-		.halg.statesize = sizeof(struct tegra_virtual_se_req_context),
-		.halg.base = {
-			.cra_name = "sha1-vse",
-			.cra_driver_name = "tegra-hv-vse-sha1",
-			.cra_priority = 300,
-			.cra_flags = CRYPTO_ALG_TYPE_AHASH,
-			.cra_blocksize = SHA1_BLOCK_SIZE,
-			.cra_ctxsize =
-				sizeof(struct tegra_virtual_se_sha_context),
-			.cra_alignmask = 0,
-			.cra_module = THIS_MODULE,
-			.cra_init = tegra_hv_vse_safety_sha_cra_init,
-			.cra_exit = tegra_hv_vse_safety_sha_cra_exit,
-		}
-	}, {
-		.init = tegra_hv_vse_safety_sha_init,
-		.update = tegra_hv_vse_safety_sha_update,
-		.final = tegra_hv_vse_safety_sha_final,
-		.finup = tegra_hv_vse_safety_sha_finup,
-		.digest = tegra_hv_vse_safety_sha_digest,
-		.export = tegra_hv_vse_safety_sha_export,
-		.import = tegra_hv_vse_safety_sha_import,
-		.halg.digestsize = SHA224_DIGEST_SIZE,
-		.halg.statesize = sizeof(struct tegra_virtual_se_req_context),
-		.halg.base = {
-			.cra_name = "sha224-vse",
-			.cra_driver_name = "tegra-hv-vse-sha224",
-			.cra_priority = 300,
-			.cra_flags = CRYPTO_ALG_TYPE_AHASH,
-			.cra_blocksize = SHA224_BLOCK_SIZE,
-			.cra_ctxsize =
-				sizeof(struct tegra_virtual_se_sha_context),
-			.cra_alignmask = 0,
-			.cra_module = THIS_MODULE,
-			.cra_init = tegra_hv_vse_safety_sha_cra_init,
-			.cra_exit = tegra_hv_vse_safety_sha_cra_exit,
-		}
-	}, {
 		.init = tegra_hv_vse_safety_sha_init,
 		.update = tegra_hv_vse_safety_sha_update,
 		.final = tegra_hv_vse_safety_sha_final,
@@ -4442,22 +4395,49 @@ static struct ahash_alg sha_algs[] = {
 			.cra_init = tegra_hv_vse_safety_sha_cra_init,
 			.cra_exit = tegra_hv_vse_safety_sha_cra_exit,
 		}
+	}, {
+		.init = tegra_hv_vse_safety_sha_init,
+		.update = tegra_hv_vse_safety_sha_update,
+		.final = tegra_hv_vse_safety_sha_final,
+		.finup = tegra_hv_vse_safety_sha_finup,
+		.digest = tegra_hv_vse_safety_sha_digest,
+		.export = tegra_hv_vse_safety_sha_export,
+		.import = tegra_hv_vse_safety_sha_import,
+		.halg.digestsize = SM3_DIGEST_SIZE,
+		.halg.statesize = sizeof(struct tegra_virtual_se_req_context),
+		.halg.base = {
+			.cra_name = "sm3-vse",
+			.cra_driver_name = "tegra-hv-vse-safety-sm3",
+			.cra_priority = 300,
+			.cra_flags = CRYPTO_ALG_TYPE_AHASH,
+			.cra_blocksize = SM3_BLOCK_SIZE,
+			.cra_ctxsize =
+				sizeof(struct tegra_virtual_se_sha_context),
+			.cra_alignmask = 0,
+			.cra_module = THIS_MODULE,
+			.cra_init = tegra_hv_vse_safety_sha_cra_init,
+			.cra_exit = tegra_hv_vse_safety_sha_cra_exit,
+		}
 	},
 };
 
 static const struct tegra_vse_soc_info t194_vse_sinfo = {
 	.gcm_decrypt_supported = false,
 	.cmac_hw_verify_supported = false,
+	.sm_supported = false,
+
 };
 
 static const struct tegra_vse_soc_info t234_vse_sinfo = {
 	.gcm_decrypt_supported = true,
 	.cmac_hw_verify_supported = false,
+	.sm_supported = false,
 };
 
 static const struct tegra_vse_soc_info se_51_vse_sinfo = {
 	.gcm_decrypt_supported = true,
 	.cmac_hw_verify_supported = true,
+	.sm_supported = true,
 };
 
 static const struct of_device_id tegra_hv_vse_safety_of_match[] = {

drivers/crypto/tegra-hv-vse.h

@@ -13,6 +13,7 @@
 struct tegra_vse_soc_info {
 	bool gcm_decrypt_supported;
 	bool cmac_hw_verify_supported;
+	bool sm_supported;
 };
 
 /* GCM Operation Supported Flag */

drivers/crypto/tegra-nvvse-cryptodev.c

@@ -6,6 +6,7 @@
  * Tegra NVVSE crypto device for crypto operation to NVVSE linux library.
  *
  */
+
 #include <linux/module.h>
 #include <linux/init.h>
 #include <linux/errno.h>
@@ -33,6 +34,7 @@
 #include <crypto/sha1.h>
 #include <crypto/sha2.h>
 #include <crypto/sha3.h>
+#include <crypto/sm3.h>
 #include <uapi/misc/tegra-nvvse-cryptodev.h>
 #include <asm/barrier.h>
 
@@ -79,6 +81,7 @@ static const char *sha_alg_names[] = {
 	"sha3-512-vse",
 	"shake128-vse",
 	"shake256-vse",
+	"sm3-vse",
 };
 
 struct tnvvse_crypto_completion {
@@ -295,9 +298,7 @@ static int tnvvse_crypto_sha_init(struct tnvvse_crypto_ctx *ctx,
 	sha_state->remaining_bytes = init_ctl->total_msg_size;
 	sha_state->sha_done_success = SHA_OP_INIT;
 	nvvse_devnode[ctx->node_id].sha_init_done = true;
-
 	memset(sha_state->result_buff , 0, 64);
-
 	ret = 0;
 	goto out;
 
@@ -326,7 +327,6 @@ static int tnvvse_crypto_sha_update(struct tnvvse_crypto_ctx *ctx,
 		ret = -EINVAL;
 		goto stop_sha;
 	}
-
 	if (update_ctl->input_buffer_size > ivc_database.max_buffer_size[ctx->node_id]) {
 		pr_err("%s: Msg size is greater than supported size of %d Bytes\n", __func__,
 						ivc_database.max_buffer_size[ctx->node_id]);
@@ -346,6 +346,7 @@ static int tnvvse_crypto_sha_update(struct tnvvse_crypto_ctx *ctx,
 		buffer_size = update_ctl->input_buffer_size;
 
 	sha_state->in_buf = krealloc(sha_state->in_buf, buffer_size, GFP_KERNEL);
+
 	if (sha_state->in_buf == NULL) {
 		ret = -ENOMEM;
 		goto stop_sha;

include/uapi/misc/tegra-nvvse-cryptodev.h

@@ -1,7 +1,9 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /*
- * Copyright (c) 2021-2023, NVIDIA CORPORATION & AFFILIATES. All Rights Reserved.
+ * SPDX-FileCopyrightText: Copyright (c) 2021-2024 NVIDIA CORPORATION & AFFILIATES.
+ * All rights reserved.
  *
+ * Cryptographic API.
  */
 
 #ifndef __UAPI_TEGRA_NVVSE_CRYPTODEV_H
@@ -61,6 +63,8 @@ enum tegra_nvvse_sha_type {
 	TEGRA_NVVSE_SHA_TYPE_SHAKE128,
 	/** Defines SHAKE256 Type */
 	TEGRA_NVVSE_SHA_TYPE_SHAKE256,
+	/** Defines SM3 Type */
+	TEGRA_NVVSE_SHA_TYPE_SM3,
 	/** Defines maximum SHA Type, must be last entry */
 	TEGRA_NVVSE_SHA_TYPE_MAX,
 };