From patchwork Mon Mar 30 09:48:33 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 46502 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-pd0-f197.google.com (mail-pd0-f197.google.com [209.85.192.197]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 914EB214C7 for ; Mon, 30 Mar 2015 09:49:48 +0000 (UTC) Received: by pdkb3 with SMTP id b3sf222456833pdk.0 for ; Mon, 30 Mar 2015 02:49:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject :date:message-id:in-reply-to:references:sender:precedence:list-id :x-original-sender:x-original-authentication-results:mailing-list :list-post:list-help:list-archive:list-unsubscribe; bh=93Ak8cN07uxhsDwBMDfoLgJ46JZItOyheObL/YZOSZY=; b=iCrckp7BcGZBs5dgf5+kq9UetAYi8jqOsD68EKg+fO8kVcOz08MKxFs62iMn//GLdU 6VHi+JQE887K7zublgCsOUq0y57UsIzg2us7bvD4HMFNMhvgL16bCWqIYx0swBxEExy9 2Ca2TNH1g+3CpMgPfeD9PCRnMXrTAU79vBCBwPqXcK50HCQ5RgrTwTJ+Qy6Qp0X20B9o ht4uzZHMAIn+cwF5/uoTT7nzgFTgYIJNxwanka/Z4cVqvl1kGSxhysXtyGNhzMnVStij tNswT/fb4d76aem8FX/4m9BvmThs1zu0pzSCrBTmKI6u34ydZyAu/RFyty1Q6c8ZhoHh c2Ig== X-Gm-Message-State: ALoCoQmSdWdIHbiWlgDPPo4mf3C/6eWU9r/RtrXGZ2KxxmUqOVsEytkiCl5K3echuzYatHeRVsc5 X-Received: by 10.66.153.6 with SMTP id vc6mr37975980pab.37.1427708987946; Mon, 30 Mar 2015 02:49:47 -0700 (PDT) MIME-Version: 1.0 X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.106.38 with SMTP id d35ls2303737qgf.57.gmail; Mon, 30 Mar 2015 02:49:47 -0700 (PDT) X-Received: by 10.55.52.83 with SMTP id b80mr65832019qka.36.1427708987825; Mon, 30 Mar 2015 02:49:47 -0700 (PDT) Received: from mail-qc0-f181.google.com (mail-qc0-f181.google.com. [209.85.216.181]) by mx.google.com with ESMTPS id a93si9845471qge.86.2015.03.30.02.49.47 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Mar 2015 02:49:47 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.216.181 as permitted sender) client-ip=209.85.216.181; Received: by qcfy6 with SMTP id y6so46146812qcf.2 for ; Mon, 30 Mar 2015 02:49:47 -0700 (PDT) X-Received: by 10.140.238.78 with SMTP id j75mr41324036qhc.96.1427708987693; Mon, 30 Mar 2015 02:49:47 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.96.155.231 with SMTP id vz7csp1329610qdb; Mon, 30 Mar 2015 02:49:46 -0700 (PDT) X-Received: by 10.70.41.202 with SMTP id h10mr10642980pdl.84.1427708986391; Mon, 30 Mar 2015 02:49:46 -0700 (PDT) Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k6si14017272pdm.248.2015.03.30.02.49.45 for ; Mon, 30 Mar 2015 02:49:46 -0700 (PDT) Received-SPF: none (google.com: linux-crypto-owner@vger.kernel.org does not designate permitted sender hosts) client-ip=209.132.180.67; Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752347AbbC3Jtp (ORCPT ); Mon, 30 Mar 2015 05:49:45 -0400 Received: from mail-wi0-f177.google.com ([209.85.212.177]:35897 "EHLO mail-wi0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752242AbbC3Jto (ORCPT ); Mon, 30 Mar 2015 05:49:44 -0400 Received: by wibg7 with SMTP id g7so95825099wib.1 for ; Mon, 30 Mar 2015 02:49:43 -0700 (PDT) X-Received: by 10.194.109.70 with SMTP id hq6mr60600955wjb.77.1427708983339; Mon, 30 Mar 2015 02:49:43 -0700 (PDT) Received: from ards-macbook-pro.local (129.20.90.92.rev.sfr.net. [92.90.20.129]) by mx.google.com with ESMTPSA id eo1sm14912443wib.16.2015.03.30.02.49.40 (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 30 Mar 2015 02:49:42 -0700 (PDT) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org, samitolvanen@google.com, herbert@gondor.apana.org.au, jussi.kivilinna@iki.fi, stockhausen@collogia.de, x86@kernel.org Cc: Ard Biesheuvel Subject: [PATCH v2 resend 14/14] crypto/x86: move SHA-384/512 SSSE3 implementation to base layer Date: Mon, 30 Mar 2015 11:48:33 +0200 Message-Id: <1427708913-29678-15-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.8.3.2 In-Reply-To: <1427708913-29678-1-git-send-email-ard.biesheuvel@linaro.org> References: <1427708913-29678-1-git-send-email-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: list List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: ard.biesheuvel@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.216.181 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 List-Post: , List-Help: , List-Archive: List-Unsubscribe: , Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/sha512_ssse3_glue.c | 195 +++++++----------------------------- crypto/Kconfig | 1 + 2 files changed, 39 insertions(+), 157 deletions(-) diff --git a/arch/x86/crypto/sha512_ssse3_glue.c b/arch/x86/crypto/sha512_ssse3_glue.c index 0b6af26832bf..f5ab7275e50b 100644 --- a/arch/x86/crypto/sha512_ssse3_glue.c +++ b/arch/x86/crypto/sha512_ssse3_glue.c @@ -54,183 +54,63 @@ asmlinkage void sha512_transform_rorx(const char *data, u64 *digest, static asmlinkage void (*sha512_transform_asm)(const char *, u64 *, u64); - -static int sha512_ssse3_init(struct shash_desc *desc) +static void sha512_ssse3_block_fn(int blocks, u8 const *src, u64 *state, + const u8 *head, void *p) { - struct sha512_state *sctx = shash_desc_ctx(desc); - - sctx->state[0] = SHA512_H0; - sctx->state[1] = SHA512_H1; - sctx->state[2] = SHA512_H2; - sctx->state[3] = SHA512_H3; - sctx->state[4] = SHA512_H4; - sctx->state[5] = SHA512_H5; - sctx->state[6] = SHA512_H6; - sctx->state[7] = SHA512_H7; - sctx->count[0] = sctx->count[1] = 0; - - return 0; -} - -static int __sha512_ssse3_update(struct shash_desc *desc, const u8 *data, - unsigned int len, unsigned int partial) -{ - struct sha512_state *sctx = shash_desc_ctx(desc); - unsigned int done = 0; - - sctx->count[0] += len; - if (sctx->count[0] < len) - sctx->count[1]++; - - if (partial) { - done = SHA512_BLOCK_SIZE - partial; - memcpy(sctx->buf + partial, data, done); - sha512_transform_asm(sctx->buf, sctx->state, 1); - } - - if (len - done >= SHA512_BLOCK_SIZE) { - const unsigned int rounds = (len - done) / SHA512_BLOCK_SIZE; - - sha512_transform_asm(data + done, sctx->state, (u64) rounds); - - done += rounds * SHA512_BLOCK_SIZE; - } - - memcpy(sctx->buf, data + done, len - done); - - return 0; + if (head) + sha512_transform_asm(head, state, 1); + if (blocks) + sha512_transform_asm(src, state, blocks); } static int sha512_ssse3_update(struct shash_desc *desc, const u8 *data, unsigned int len) { struct sha512_state *sctx = shash_desc_ctx(desc); - unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE; - int res; - - /* Handle the fast case right here */ - if (partial + len < SHA512_BLOCK_SIZE) { - sctx->count[0] += len; - if (sctx->count[0] < len) - sctx->count[1]++; - memcpy(sctx->buf + partial, data, len); - - return 0; - } - - if (!irq_fpu_usable()) { - res = crypto_sha512_update(desc, data, len); - } else { - kernel_fpu_begin(); - res = __sha512_ssse3_update(desc, data, len, partial); - kernel_fpu_end(); - } - - return res; -} - - -/* Add padding and return the message digest. */ -static int sha512_ssse3_final(struct shash_desc *desc, u8 *out) -{ - struct sha512_state *sctx = shash_desc_ctx(desc); - unsigned int i, index, padlen; - __be64 *dst = (__be64 *)out; - __be64 bits[2]; - static const u8 padding[SHA512_BLOCK_SIZE] = { 0x80, }; - - /* save number of bits */ - bits[1] = cpu_to_be64(sctx->count[0] << 3); - bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61); - - /* Pad out to 112 mod 128 and append length */ - index = sctx->count[0] & 0x7f; - padlen = (index < 112) ? (112 - index) : ((128+112) - index); - - if (!irq_fpu_usable()) { - crypto_sha512_update(desc, padding, padlen); - crypto_sha512_update(desc, (const u8 *)&bits, sizeof(bits)); - } else { - kernel_fpu_begin(); - /* We need to fill a whole block for __sha512_ssse3_update() */ - if (padlen <= 112) { - sctx->count[0] += padlen; - if (sctx->count[0] < padlen) - sctx->count[1]++; - memcpy(sctx->buf + index, padding, padlen); - } else { - __sha512_ssse3_update(desc, padding, padlen, index); - } - __sha512_ssse3_update(desc, (const u8 *)&bits, - sizeof(bits), 112); - kernel_fpu_end(); - } + int err; - /* Store state in digest */ - for (i = 0; i < 8; i++) - dst[i] = cpu_to_be64(sctx->state[i]); + if (!irq_fpu_usable() || + (sctx->count[0] % SHA512_BLOCK_SIZE) + len < SHA512_BLOCK_SIZE) + return crypto_sha512_update(desc, data, len); - /* Wipe context */ - memset(sctx, 0, sizeof(*sctx)); + kernel_fpu_begin(); + err = crypto_sha512_base_do_update(desc, data, len, + sha512_ssse3_block_fn, NULL); + kernel_fpu_end(); - return 0; + return err; } -static int sha512_ssse3_export(struct shash_desc *desc, void *out) +static int sha512_ssse3_finup(struct shash_desc *desc, const u8 *data, + unsigned int len, u8 *out) { - struct sha512_state *sctx = shash_desc_ctx(desc); - - memcpy(out, sctx, sizeof(*sctx)); - - return 0; -} - -static int sha512_ssse3_import(struct shash_desc *desc, const void *in) -{ - struct sha512_state *sctx = shash_desc_ctx(desc); + if (!irq_fpu_usable()) + return crypto_sha512_finup(desc, data, len, out); - memcpy(sctx, in, sizeof(*sctx)); + kernel_fpu_begin(); + if (len) + crypto_sha512_base_do_update(desc, data, len, + sha512_ssse3_block_fn, NULL); + crypto_sha512_base_do_finalize(desc, sha512_ssse3_block_fn, NULL); + kernel_fpu_end(); - return 0; + return crypto_sha512_base_finish(desc, out); } -static int sha384_ssse3_init(struct shash_desc *desc) -{ - struct sha512_state *sctx = shash_desc_ctx(desc); - - sctx->state[0] = SHA384_H0; - sctx->state[1] = SHA384_H1; - sctx->state[2] = SHA384_H2; - sctx->state[3] = SHA384_H3; - sctx->state[4] = SHA384_H4; - sctx->state[5] = SHA384_H5; - sctx->state[6] = SHA384_H6; - sctx->state[7] = SHA384_H7; - - sctx->count[0] = sctx->count[1] = 0; - - return 0; -} - -static int sha384_ssse3_final(struct shash_desc *desc, u8 *hash) +/* Add padding and return the message digest. */ +static int sha512_ssse3_final(struct shash_desc *desc, u8 *out) { - u8 D[SHA512_DIGEST_SIZE]; - - sha512_ssse3_final(desc, D); - - memcpy(hash, D, SHA384_DIGEST_SIZE); - memzero_explicit(D, SHA512_DIGEST_SIZE); - - return 0; + return sha512_ssse3_finup(desc, NULL, 0, out); } static struct shash_alg algs[] = { { .digestsize = SHA512_DIGEST_SIZE, - .init = sha512_ssse3_init, + .init = crypto_sha512_base_init, .update = sha512_ssse3_update, .final = sha512_ssse3_final, - .export = sha512_ssse3_export, - .import = sha512_ssse3_import, + .finup = sha512_ssse3_finup, + .export = crypto_sha512_base_export, + .import = crypto_sha512_base_import, .descsize = sizeof(struct sha512_state), .statesize = sizeof(struct sha512_state), .base = { @@ -243,11 +123,12 @@ static struct shash_alg algs[] = { { } }, { .digestsize = SHA384_DIGEST_SIZE, - .init = sha384_ssse3_init, + .init = crypto_sha384_base_init, .update = sha512_ssse3_update, - .final = sha384_ssse3_final, - .export = sha512_ssse3_export, - .import = sha512_ssse3_import, + .final = sha512_ssse3_final, + .finup = sha512_ssse3_finup, + .export = crypto_sha512_base_export, + .import = crypto_sha512_base_import, .descsize = sizeof(struct sha512_state), .statesize = sizeof(struct sha512_state), .base = { diff --git a/crypto/Kconfig b/crypto/Kconfig index 1198ff3a33d8..e3ce5cd2f4c1 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -553,6 +553,7 @@ config CRYPTO_SHA512_SSSE3 tristate "SHA512 digest algorithm (SSSE3/AVX/AVX2)" depends on X86 && 64BIT select CRYPTO_SHA512 + select CRYPTO_SHA512_BASE select CRYPTO_HASH help SHA-512 secure hash standard (DFIPS 180-2) implemented