Linux SHA Driver


Table of Contents


Introduction

The SHA-3 IP core is a high-throughput, area-efficient hardware implementation of the SHA-3/Keccak cryptographic hashing functions, compliant to NISTS’s FIPS 180-4 and FIPS 202 standards.

It’s throughput can optionally be optimized by using input message buffering, which allows it to receive new input while still processing the previous message.
Also, the number of hashing rounds per clock is configurable at synthesis time, allowing users to constrain performance to save silicon resources when desired.
The driver is supported for ZynqMP and Versal

HW IP Features

  • SHA-3/Keccak cryptographic hashing functions.

Features supported in driver

  • SHA-3/Keccak cryptographic hashing functions.

PLM Configuration

For Versal, in order to use this driver, the BSP of PLM must be configured to enable XSECURE_NONSECURE_IPI_ACCESS macro in XilSecure library.

This configuration in PLM shall be deprecated and removed in 2023.2 release. 

Kernel Configuration

For ZynqMP, the ZynqMP SHA driver and the userspace interface for hash algorithms are enabled by default. So there is no need for kernel configuration.

For Versal, the driver and the userspace interface is not enabled by default.

To enable the driver, follow this path in menuconfig:

Cryptographic API -> Hardware crypto devices → <*> Support for Xilinx ZynqMP SHA3 hardware accelerator

To enable the userspace interface for hash algorithms, follow this path in menuconfig : 

Cryptographic API -> User interface → <*>Hash algorithms


Test Procedure

AF ALG hashing demo exampleCross compile the below example and Need to create the executable file to test the SHA3 functionality.
/******************************************************************************
* Copyright (c) 2021 Xilinx, Inc. All rights reserved.
* SPDX-License-Identifier: MIT
******************************************************************************/
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <linux/if_alg.h>
#include <linux/socket.h>
 
#define SHA384_DIGEST_SZ 48
 
int main(void)
{
        struct sockaddr_alg sa = {
        .salg_family = AF_ALG,
        .salg_type = "hash",
        .salg_name = "sha3-384"
        };
        unsigned char digest[SHA384_DIGEST_SZ];
        char *input = "Hellhash"; /* Input Data should be multiple of 4-bytes */
        int i, sockfd, fd;
 
        sockfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
		/* Bind with SHA driver */
        bind(sockfd, (struct sockaddr *)&sa, sizeof(sa));
        fd = accept(sockfd, NULL, 0);
		/* Send Sha3 hash request with input data to driver */
        write(fd, input, strlen(input));
		/* Read the Sha3 digest output */
        read(fd, digest, SHA384_DIGEST_SZ);
        close(fd);
        close(sockfd);
        for (i = 0; i < SHA384_DIGEST_SZ; i++)
        printf("%02x", digest[i]);
        printf("\n");
        return 0;
}
Please note as the data provided in user space will be located in virtual space, linux driver before handing off to ATF converts the data buffers to physical address.

Expected Output

# ./af-alg-sha3
9e941e1921f9a188e85e389bc2a566c4fea3be6e9b1345bb1a49f9aea03f21dc0be2395e8381e7f097eb6c667fc113ab


Mainline status

Change Log

2017.3
Summary

  • crypto: zynqmp-sha: Adopted SHA3 support for ZynqMP Soc

2017.4
  • None.

2018.1
  • Uses NIST SHA-3 Padding

2023.1

  • Userspace interface for hash algorithms(CONFIG_CRYPTO_USER_API_HASH) and the driver(CONFIG_CRYPTO_DEV_ZYNQMP_SHA3) are enabled by default in the xilinx_defconfig and xilinx_zynqmp_defconfig
  • Existing driver is replaced with new driver written using shash framework
  • Added support for Versal

Related Links

Driver code : https://github.com/Xilinx/linux-xlnx/blob/master/drivers/crypto/xilinx/zynqmp-sha.c

© Copyright 2019 - 2022 Xilinx Inc. Privacy Policy