crypto: arm64/sm4-ccm - Rewrite skcipher walker loop

Message ID	20230201123207.99858-1-tianjia.zhang@linux.alibaba.com
State	Accepted
Commit	3b9d902153f31998a30b0cf4a0aeb090a05005d3
Headers	show Return-Path: <linux-crypto-owner@vger.kernel.org> From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> To: Herbert Xu <herbert@gondor.apana.org.au>, "David S. Miller" <davem@davemloft.net>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Cc: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Subject: [PATCH] crypto: arm64/sm4-ccm - Rewrite skcipher walker loop Date: Wed, 1 Feb 2023 20:32:07 +0800 Message-Id: <20230201123207.99858-1-tianjia.zhang@linux.alibaba.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	crypto: arm64/sm4-ccm - Rewrite skcipher walker loop \| expand crypto: arm64/sm4-ccm - Rewrite skcipher walker loop

Message ID

20230201123207.99858-1-tianjia.zhang@linux.alibaba.com

State

Accepted

Commit

3b9d902153f31998a30b0cf4a0aeb090a05005d3

Headers

From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>, linux-crypto@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org
Cc: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Subject: [PATCH] crypto: arm64/sm4-ccm - Rewrite skcipher walker loop
Date: Wed,  1 Feb 2023 20:32:07 +0800
Message-Id: <20230201123207.99858-1-tianjia.zhang@linux.alibaba.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

crypto: arm64/sm4-ccm - Rewrite skcipher walker loop | expand

Commit Message

tianjia.zhang Feb. 1, 2023, 12:32 p.m. UTC

The fact that an error in the skcipher walker API are indicated
not only by a non-zero return value, but also by the fact that
walk->nbytes is zero, causes the layout of the skcipher walker
loop to be sufficiently different from the usual layout, which
is not a problem in itself, but it is likely to cause reading
confusion and difficulty in code maintenance.

This patch rewrites skcipher walker loop, and separates the
last chunk cryption from the loop to avoid wrong calls to the
skcipher walker API. In addition to following the usual convention
of checking walk->nbytes, it also makes the loop execute logic
clearer and easier to understand.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
---
 arch/arm64/crypto/sm4-ce-ccm-glue.c | 44 ++++++++++++++++-------------
 1 file changed, 24 insertions(+), 20 deletions(-)

Comments

Herbert Xu Feb. 10, 2023, 9:46 a.m. UTC | #1

On Wed, Feb 01, 2023 at 08:32:07PM +0800, Tianjia Zhang wrote:
> The fact that an error in the skcipher walker API are indicated
> not only by a non-zero return value, but also by the fact that
> walk->nbytes is zero, causes the layout of the skcipher walker
> loop to be sufficiently different from the usual layout, which
> is not a problem in itself, but it is likely to cause reading
> confusion and difficulty in code maintenance.
> 
> This patch rewrites skcipher walker loop, and separates the
> last chunk cryption from the loop to avoid wrong calls to the
> skcipher walker API. In addition to following the usual convention
> of checking walk->nbytes, it also makes the loop execute logic
> clearer and easier to understand.
> 
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> ---
>  arch/arm64/crypto/sm4-ce-ccm-glue.c | 44 ++++++++++++++++-------------
>  1 file changed, 24 insertions(+), 20 deletions(-)

Patch applied.  Thanks.

diff --git a/arch/arm64/crypto/sm4-ce-ccm-glue.c b/arch/arm64/crypto/sm4-ce-ccm-glue.c
index f2cec7b52efc..5e7e17bbec81 100644
--- a/arch/arm64/crypto/sm4-ce-ccm-glue.c
+++ b/arch/arm64/crypto/sm4-ce-ccm-glue.c
@@ -166,7 +166,7 @@  static int ccm_crypt(struct aead_request *req, struct skcipher_walk *walk,
 					unsigned int nbytes, u8 *mac))
 {
 	u8 __aligned(8) ctr0[SM4_BLOCK_SIZE];
-	int err;
+	int err = 0;
 
 	/* preserve the initial ctr0 for the TAG */
 	memcpy(ctr0, walk->iv, SM4_BLOCK_SIZE);
@@ -177,33 +177,37 @@  static int ccm_crypt(struct aead_request *req, struct skcipher_walk *walk,
 	if (req->assoclen)
 		ccm_calculate_auth_mac(req, mac);
 
-	do {
+	while (walk->nbytes && walk->nbytes != walk->total) {
 		unsigned int tail = walk->nbytes % SM4_BLOCK_SIZE;
-		const u8 *src = walk->src.virt.addr;
-		u8 *dst = walk->dst.virt.addr;
 
-		if (walk->nbytes == walk->total)
-			tail = 0;
+		sm4_ce_ccm_crypt(rkey_enc, walk->dst.virt.addr,
+				 walk->src.virt.addr, walk->iv,
+				 walk->nbytes - tail, mac);
+
+		kernel_neon_end();
+
+		err = skcipher_walk_done(walk, tail);
+
+		kernel_neon_begin();
+	}
 
-		if (walk->nbytes - tail)
-			sm4_ce_ccm_crypt(rkey_enc, dst, src, walk->iv,
-					 walk->nbytes - tail, mac);
+	if (walk->nbytes) {
+		sm4_ce_ccm_crypt(rkey_enc, walk->dst.virt.addr,
+				 walk->src.virt.addr, walk->iv,
+				 walk->nbytes, mac);
 
-		if (walk->nbytes == walk->total)
-			sm4_ce_ccm_final(rkey_enc, ctr0, mac);
+		sm4_ce_ccm_final(rkey_enc, ctr0, mac);
 
 		kernel_neon_end();
 
-		if (walk->nbytes) {
-			err = skcipher_walk_done(walk, tail);
-			if (err)
-				return err;
-			if (walk->nbytes)
-				kernel_neon_begin();
-		}
-	} while (walk->nbytes > 0);
+		err = skcipher_walk_done(walk, 0);
+	} else {
+		sm4_ce_ccm_final(rkey_enc, ctr0, mac);
 
-	return 0;
+		kernel_neon_end();
+	}
+
+	return err;
 }
 
 static int ccm_encrypt(struct aead_request *req)