Linux SHA Driver for Zynq Ultrascale+ MPSoC

Table of Contents


This Linux SHA driver is written using asymmetric hash framework. The driver is upstreamed using the shash framework in release 2022.1. The old SHA driver will be deprecated in release 2022.2 and removed in release 2023.1


The SHA-3 IP core is a high-throughput, area-efficient hardware implementation of the SHA-3/Keccak cryptographic hashing functions, compliant to NISTS’s FIPS 180-4 and FIPS 202 standards.
It’s throughput can optionally be optimized by using input message buffering, which allows it to receive new input while still processing the previous message.
Also, the number of hashing rounds per clock is configurable at synthesis time, allowing users to constrain performance to save silicon resources when desired.

HW IP Features

  • SHA-3/Keccak cryptographic hashing functions.

Features supported in driver

  • SHA-3/Keccak cryptographic hashing functions.

Kernel Configuration


xlnx_keccak_384: sha384 {
        compatible = "xlnx,zynqmp-keccak-384";

Test Procedure

AF ALG hashing demo exampleCross compile the below example and Need to create the executable file to test the SHA3 functionality.
* Copyright (c) 2021 Xilinx, Inc. All rights reserved.
* SPDX-License-Identifier: MIT
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <linux/if_alg.h>
#include <linux/socket.h>
#define SHA384_DIGEST_SZ 48
int main(void)
        struct sockaddr_alg sa = {
        .salg_family = AF_ALG,
        .salg_type = "hash",
        .salg_name = "xilinx-keccak-384"
        unsigned char digest[SHA384_DIGEST_SZ];
        char *input = "Hellhash"; /* Input Data should be multiple of 4-bytes */
        int i, sockfd, fd;
        sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
		/* Bind with SHA driver */
        bind(sockfd, (struct sockaddr *)&sa, sizeof(sa));
        fd = accept(sockfd, NULL, 0);
		/* Send Sha3 hash request with input data to driver */
        write(fd, input, strlen(input));
		/* Read the Sha3 digest output */
        read(fd, digest, SHA384_DIGEST_SZ);
        for (i = 0; i < SHA384_DIGEST_SZ; i++)
        printf("%02x", digest[i]);
        return 0;
Please note as the data provided in user space will be located in virtual space, linux driver before handing off to ATF converts the data buffers to physical address.

Mainline status

  • This driver is currently not available in mainline kernel.

Change Log


  • crypto: zynqmp-sha: Adopted SHA3 support for ZynqMP Soc
  • 6aa92ef crypto: zynqmp-sha: Adopted SHA3 support for ZynqMP Soc

  • None.


  • Uses NIST SHA-3 Padding

Related Links