From patchwork Mon Oct 7 16:45:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 175379 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp4529400ill; Mon, 7 Oct 2019 09:46:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqxo++mVQVNDHxeQnSlx1VP2HsFSItygEoSm8GsjFxC/TCu7TRzfiVM+xz4+AxuIWpT5i9GZ X-Received: by 2002:a17:907:4242:: with SMTP id np2mr24759244ejb.102.1570466803519; Mon, 07 Oct 2019 09:46:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570466803; cv=none; d=google.com; s=arc-20160816; b=SMq1BaM8iczDZjFC7S2MtoVCa6GSoABbT0gDKKFsY16ANeNGpl1AxqeoftCdBMTi8P wfY9BzDSrTaGRC+HdtQOb/Ai3iqSSxcEafdORsz0v/Pc2LK9ewyLsfwUHTTlSzFikvqY 4aVKwtxsBDPKqjYAs7pKZcNmR5yJaeVRM56xU+qov1ksr8rwrXn+98CiWraPPBDS3MRz Wq+Byo62Ew/6H3IDm3fxEm7jNfkg/aTgCnkAiORNu7H0JcVy/rQ9/AKvV1ljdX8ddW7U 3ypa2uokoEmlvxor9tAQl0dAKk1ue88ctPyygR3+JqkMGt7TZ0GljdlXxCF5gOOK6CHW ERSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=x1P37i8TFZeljeCct3aguJGm/vnetdGzmXLjLnkbYac=; b=cl5UBPK2U6z3drKyFTOniQ57TtmaIXgmq8EH/MTu9KRKYZ/4ft7xckXVkiASLcrVcX AwH/OcNHDMDfDTyEWdc9cR2wLL1ft4ffGbSfeYWbq+jCokMPDOf91T90GFb0n6S1XkL8 yAXXhboqf65vGm6iZ0lFXkRJDXnbUo4uTBv/IHSOoqtwv8T5aQrz+7yUkgZIZyJFzmJy EWsIFqXW9Oz/8UOYPb4Fxh+33cmggPSRGlh+ehpyGxSb8rnxmATNMHBMmEgGYGgRuDet W5JzBF2ajK216o4TxcDu2TS6vZt9LAEWp5Rq2RsjUKBS71E7KY0DWy7tguci9iuTifPz XQGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZykBqpA9; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f17si11357081edf.328.2019.10.07.09.46.43; Mon, 07 Oct 2019 09:46:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZykBqpA9; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728901AbfJGQqm (ORCPT + 3 others); Mon, 7 Oct 2019 12:46:42 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:35774 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728943AbfJGQqm (ORCPT ); Mon, 7 Oct 2019 12:46:42 -0400 Received: by mail-wr1-f68.google.com with SMTP id v8so16168742wrt.2 for ; Mon, 07 Oct 2019 09:46:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=x1P37i8TFZeljeCct3aguJGm/vnetdGzmXLjLnkbYac=; b=ZykBqpA9XoUwzTQpOjewuiMbz8NkkuCUCLQENkf8UWuU+1YX7SR2g+fTpRLwj7m7uw yrxoutRRLKOcYCh7Ad+oeo3B5imawrSufVFG2owGfBXwTZyDs0mFxm0tZVTXUR5WtlZN 3k+1iZnZ8n8/VIZdugKHZsQn9iyWinHufGiVBRik9meSRMbWc/3le1Ny+KhYKLn6EsXJ JqJLJjVQ8iegjGH6D128xAMq82z+w3lMfH262goV9N9aIPvgNOkJOZYvMhreB5Vk65tX zRJlLjDpmurAehTJTo0sLcu809hcMtp1f1zikjYCBH9JKrnK3T8yKLhN3F/92log+cvn KtKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=x1P37i8TFZeljeCct3aguJGm/vnetdGzmXLjLnkbYac=; b=pZ1eYx+pgpFSL6eP3FYZuM63Y643MA+71/zkc4LbQFNrrjQ2suIBbOT50AVMjBIWz4 lhifT//6t+UBhAzmxb9BMZ94XiGS+YClhDEL5lsBxpoEvgh7DwJunYBDvCBiivGBkwZr DNBJJShsJKyWXhdQwdW+Y6mjpUjs6vA+pM9H2nf3GSO139NicuRYNwLDD1LLXHQAVz9y TLD1nZKlNDLZDYSjby/htPClhATKE/zTrGbpdKGqwGeb82XdgWr1OB4C9yxPuUyBPiEr y97X3ISMXY4iQGftP5PVi9aZnrSTDtcisIAJ9HsK2l7yMxqcft/EPqlA2V9zI7peSlil NYYg== X-Gm-Message-State: APjAAAXF2AGKeCEmsuDTgzKUsiw3s9URmn+A5lIm1VFqe/rndcLS6I11 F88FF5+GAHn1GIO5GLoULN8by+YxHn85mg== X-Received: by 2002:a5d:4bc7:: with SMTP id l7mr16905708wrt.188.1570466799278; Mon, 07 Oct 2019 09:46:39 -0700 (PDT) Received: from localhost.localdomain (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr. [92.154.90.120]) by smtp.gmail.com with ESMTPSA id b22sm68507wmj.36.2019.10.07.09.46.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2019 09:46:38 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , David Miller , "Jason A . Donenfeld" , Samuel Neves , Arnd Bergmann , Eric Biggers , Andy Lutomirski , Martin Willi , Rene van Dorst Subject: [PATCH v3 15/29] crypto: x86/poly1305 - depend on generic library not generic shash Date: Mon, 7 Oct 2019 18:45:56 +0200 Message-Id: <20191007164610.6881-16-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191007164610.6881-1-ard.biesheuvel@linaro.org> References: <20191007164610.6881-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Remove the dependency on the generic Poly1305 driver. Instead, depend on the generic library so that we only reuse code without pulling in the generic skcipher implementation as well. Since this removes the last remaining user of the routines exported by the generic shash driver, unexport them and make them static. Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/poly1305_glue.c | 67 ++++++++++++++++---- crypto/Kconfig | 2 +- crypto/poly1305_generic.c | 11 ++-- include/crypto/internal/poly1305.h | 7 -- 4 files changed, 61 insertions(+), 26 deletions(-) -- 2.20.1 diff --git a/arch/x86/crypto/poly1305_glue.c b/arch/x86/crypto/poly1305_glue.c index b43b93c95e79..19d94b63be26 100644 --- a/arch/x86/crypto/poly1305_glue.c +++ b/arch/x86/crypto/poly1305_glue.c @@ -34,6 +34,24 @@ static void poly1305_simd_mult(u32 *a, const u32 *b) poly1305_block_sse2(a, m, b, 1); } +static unsigned int poly1305_scalar_blocks(struct poly1305_desc_ctx *dctx, + const u8 *src, unsigned int srclen) +{ + unsigned int datalen; + + if (unlikely(!dctx->sset)) { + datalen = crypto_poly1305_setdesckey(dctx, src, srclen); + src += srclen - datalen; + srclen = datalen; + } + if (srclen >= POLY1305_BLOCK_SIZE) { + poly1305_core_blocks(&dctx->h, dctx->r, src, + srclen / POLY1305_BLOCK_SIZE, 1); + srclen %= POLY1305_BLOCK_SIZE; + } + return srclen; +} + static unsigned int poly1305_simd_blocks(struct poly1305_desc_ctx *dctx, const u8 *src, unsigned int srclen) { @@ -89,14 +107,9 @@ static int poly1305_simd_update(struct shash_desc *desc, const u8 *src, unsigned int srclen) { struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); + bool do_simd = (srclen > 288) && crypto_simd_usable(); unsigned int bytes; - /* kernel_fpu_begin/end is costly, use fallback for small updates */ - if (srclen <= 288 || !crypto_simd_usable()) - return crypto_poly1305_update(desc, src, srclen); - - kernel_fpu_begin(); - if (unlikely(dctx->buflen)) { bytes = min(srclen, POLY1305_BLOCK_SIZE - dctx->buflen); memcpy(dctx->buf + dctx->buflen, src, bytes); @@ -105,25 +118,57 @@ static int poly1305_simd_update(struct shash_desc *desc, dctx->buflen += bytes; if (dctx->buflen == POLY1305_BLOCK_SIZE) { - poly1305_simd_blocks(dctx, dctx->buf, - POLY1305_BLOCK_SIZE); + if (likely(do_simd)) { + kernel_fpu_begin(); + poly1305_simd_blocks(dctx, dctx->buf, + POLY1305_BLOCK_SIZE); + kernel_fpu_end(); + } else { + poly1305_scalar_blocks(dctx, dctx->buf, + POLY1305_BLOCK_SIZE); + } dctx->buflen = 0; } } if (likely(srclen >= POLY1305_BLOCK_SIZE)) { - bytes = poly1305_simd_blocks(dctx, src, srclen); + if (likely(do_simd)) { + kernel_fpu_begin(); + bytes = poly1305_simd_blocks(dctx, src, srclen); + kernel_fpu_end(); + } else { + bytes = poly1305_scalar_blocks(dctx, src, srclen); + } src += srclen - bytes; srclen = bytes; } - kernel_fpu_end(); - if (unlikely(srclen)) { dctx->buflen = srclen; memcpy(dctx->buf, src, srclen); } +} + +static int crypto_poly1305_init(struct shash_desc *desc) +{ + struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); + + poly1305_core_init(&dctx->h); + dctx->buflen = 0; + dctx->rset = 0; + dctx->sset = false; + + return 0; +} + +static int crypto_poly1305_final(struct shash_desc *desc, u8 *dst) +{ + struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); + + if (unlikely(!dctx->sset)) + return -ENOKEY; + poly1305_final_generic(dctx, dst); return 0; } diff --git a/crypto/Kconfig b/crypto/Kconfig index ead0c3d15823..ae31f8730858 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -710,7 +710,7 @@ config CRYPTO_POLY1305 config CRYPTO_POLY1305_X86_64 tristate "Poly1305 authenticator algorithm (x86_64/SSE2/AVX2)" depends on X86 && 64BIT - select CRYPTO_POLY1305 + select CRYPTO_LIB_POLY1305_GENERIC help Poly1305 authenticator algorithm, RFC7539. diff --git a/crypto/poly1305_generic.c b/crypto/poly1305_generic.c index afe9a9e576dd..21edbd8c99fb 100644 --- a/crypto/poly1305_generic.c +++ b/crypto/poly1305_generic.c @@ -19,7 +19,7 @@ #include #include -int crypto_poly1305_init(struct shash_desc *desc) +static int crypto_poly1305_init(struct shash_desc *desc) { struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); @@ -30,7 +30,6 @@ int crypto_poly1305_init(struct shash_desc *desc) return 0; } -EXPORT_SYMBOL_GPL(crypto_poly1305_init); static void poly1305_blocks(struct poly1305_desc_ctx *dctx, const u8 *src, unsigned int srclen) @@ -47,8 +46,8 @@ static void poly1305_blocks(struct poly1305_desc_ctx *dctx, const u8 *src, srclen / POLY1305_BLOCK_SIZE, 1); } -int crypto_poly1305_update(struct shash_desc *desc, - const u8 *src, unsigned int srclen) +static int crypto_poly1305_update(struct shash_desc *desc, + const u8 *src, unsigned int srclen) { struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); unsigned int bytes; @@ -80,9 +79,8 @@ int crypto_poly1305_update(struct shash_desc *desc, return 0; } -EXPORT_SYMBOL_GPL(crypto_poly1305_update); -int crypto_poly1305_final(struct shash_desc *desc, u8 *dst) +static int crypto_poly1305_final(struct shash_desc *desc, u8 *dst) { struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc); @@ -92,7 +90,6 @@ int crypto_poly1305_final(struct shash_desc *desc, u8 *dst) poly1305_final_generic(dctx, dst); return 0; } -EXPORT_SYMBOL_GPL(crypto_poly1305_final); static struct shash_alg poly1305_alg = { .digestsize = POLY1305_DIGEST_SIZE, diff --git a/include/crypto/internal/poly1305.h b/include/crypto/internal/poly1305.h index 68269f0d0062..50067536def9 100644 --- a/include/crypto/internal/poly1305.h +++ b/include/crypto/internal/poly1305.h @@ -35,13 +35,6 @@ void poly1305_update_generic(struct poly1305_desc_ctx *desc, const u8 *src, void poly1305_final_generic(struct poly1305_desc_ctx *desc, u8 *digest); -/* Crypto API helper functions for the Poly1305 MAC */ -int crypto_poly1305_init(struct shash_desc *desc); - -int crypto_poly1305_update(struct shash_desc *desc, - const u8 *src, unsigned int srclen); -int crypto_poly1305_final(struct shash_desc *desc, u8 *dst); - /* * Poly1305 requires a unique key for each tag, which implies that we can't set * it on the tfm that gets accessed by multiple users simultaneously. Instead we